diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php
index e16e3dd40b..7fe4741c44 100644
--- a/src/wp-admin/includes/ajax-actions.php
+++ b/src/wp-admin/includes/ajax-actions.php
@@ -547,7 +547,7 @@ function wp_ajax_dim_comment() {
 		wp_die( -1 );
 
 	$current = wp_get_comment_status( $comment->comment_ID );
-	if ( $_POST['new'] == $current )
+	if ( isset( $_POST['new'] ) && $_POST['new'] == $current )
 		wp_die( time() );
 
 	check_ajax_referer( "approve-comment_$id" );
@@ -751,6 +751,9 @@ function wp_ajax_replyto_comment( $action ) {
 		$comment_author_url   = wp_slash( $user->user_url );
 		$comment_content      = trim($_POST['content']);
 		if ( current_user_can( 'unfiltered_html' ) ) {
+			if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) )
+				$_POST['_wp_unfiltered_html_comment'] = '';
+
 			if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
 				kses_remove_filters(); // start with a clean slate
 				kses_init_filters(); // set up the filters
@@ -763,7 +766,9 @@ function wp_ajax_replyto_comment( $action ) {
 	if ( '' == $comment_content )
 		wp_die( __( 'ERROR: please type a comment.' ) );
 
-	$comment_parent = absint($_POST['comment_ID']);
+	$comment_parent = 0;
+	if ( isset( $_POST['comment_ID'] ) )
+		$comment_parent = absint( $_POST['comment_ID'] );
 	$comment_auto_approved = false;
 	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
 
@@ -784,19 +789,18 @@ function wp_ajax_replyto_comment( $action ) {
 	$position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1';
 
 	ob_start();
-		if ( 'dashboard' == $_REQUEST['mode'] ) {
-			require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
-			_wp_dashboard_recent_comments_row( $comment );
+	if ( isset( $_REQUEST['mode'] ) && 'dashboard' == $_REQUEST['mode'] ) {
+		require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
+		_wp_dashboard_recent_comments_row( $comment );
+	} else {
+		if ( isset( $_REQUEST['mode'] ) && 'single' == $_REQUEST['mode'] ) {
+			$wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
 		} else {
-			if ( 'single' == $_REQUEST['mode'] ) {
-				$wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
-			} else {
-				$wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
-			}
-			$wp_list_table->single_row( $comment );
+			$wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
 		}
-		$comment_list_item = ob_get_contents();
-	ob_end_clean();
+		$wp_list_table->single_row( $comment );
+	}
+	$comment_list_item = ob_get_clean();
 
 	$response =  array(
 		'what' => 'comment',
@@ -825,7 +829,8 @@ function wp_ajax_edit_comment() {
 	if ( '' == $_POST['content'] )
 		wp_die( __( 'ERROR: please type a comment.' ) );
 
-	$_POST['comment_status'] = $_POST['status'];
+	if ( isset( $_POST['status'] ) )
+		$_POST['comment_status'] = $_POST['status'];
 	edit_comment();
 
 	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
@@ -837,9 +842,8 @@ function wp_ajax_edit_comment() {
 	$comment = get_comment( $comment_id );
 
 	ob_start();
-		$wp_list_table->single_row( $comment );
-		$comment_list_item = ob_get_contents();
-	ob_end_clean();
+	$wp_list_table->single_row( $comment );
+	$comment_list_item = ob_get_clean();
 
 	$x = new WP_Ajax_Response();
 
diff --git a/src/wp-admin/includes/comment.php b/src/wp-admin/includes/comment.php
index 2ec9d6dc84..188cc6ae41 100644
--- a/src/wp-admin/includes/comment.php
+++ b/src/wp-admin/includes/comment.php
@@ -36,12 +36,18 @@ function edit_comment() {
 	if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) )
 		wp_die ( __( 'You are not allowed to edit comments on this post.' ) );
 
-	$_POST['comment_author'] = $_POST['newcomment_author'];
-	$_POST['comment_author_email'] = $_POST['newcomment_author_email'];
-	$_POST['comment_author_url'] = $_POST['newcomment_author_url'];
-	$_POST['comment_approved'] = $_POST['comment_status'];
-	$_POST['comment_content'] = $_POST['content'];
-	$_POST['comment_ID'] = (int) $_POST['comment_ID'];
+	if ( isset( $_POST['newcomment_author'] ) )
+		$_POST['comment_author'] = $_POST['newcomment_author'];
+	if ( isset( $_POST['newcomment_author_email'] ) )
+		$_POST['comment_author_email'] = $_POST['newcomment_author_email'];
+	if ( isset( $_POST['newcomment_author_url'] ) )
+		$_POST['comment_author_url'] = $_POST['newcomment_author_url'];
+	if ( isset( $_POST['comment_status'] ) )
+		$_POST['comment_approved'] = $_POST['comment_status'];
+	if ( isset( $_POST['content'] ) )
+		$_POST['comment_content'] = $_POST['content'];
+	if ( isset( $_POST['comment_ID'] ) )
+		$_POST['comment_ID'] = (int) $_POST['comment_ID'];
 
 	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
 		if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
index b59c81fed9..1fa7f68aad 100644
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -830,10 +830,16 @@ if ( !function_exists('check_ajax_referer') ) :
  * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
  */
 function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
-	if ( $query_arg )
+	$nonce = '';
+
+	if ( $query_arg && isset( $_REQUEST[$query_arg] ) )
 		$nonce = $_REQUEST[$query_arg];
-	else
-		$nonce = isset($_REQUEST['_ajax_nonce']) ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
+
+	if ( isset( $_REQUEST['_ajax_nonce'] ) )
+		$nonce = $_REQUEST['_ajax_nonce'];
+
+	if ( isset( $_REQUEST['_wpnonce'] ) )
+		$nonce = $_REQUEST['_wpnonce'];
 
 	$result = wp_verify_nonce( $nonce, $action );
 
@@ -1009,6 +1015,9 @@ if ( ! function_exists('wp_notify_postauthor') ) :
  */
 function wp_notify_postauthor( $comment_id, $comment_type = '' ) {
 	$comment = get_comment( $comment_id );
+	if ( empty( $comment ) )
+		return false;
+
 	$post    = get_post( $comment->comment_post_ID );
 	$author  = get_userdata( $post->post_author );
 
diff --git a/tests/phpunit/tests/ajax/ReplytoComment.php b/tests/phpunit/tests/ajax/ReplytoComment.php
index a8407a6e80..7935bc28da 100644
--- a/tests/phpunit/tests/ajax/ReplytoComment.php
+++ b/tests/phpunit/tests/ajax/ReplytoComment.php
@@ -38,6 +38,8 @@ class Tests_Ajax_ReplytoComment extends WP_Ajax_UnitTestCase {
 
 		$post_id = $this->factory->post->create( array( 'post_status' => 'draft' ) );
 		$this->_draft_post = get_post( $post_id );
+
+		$_SERVER['REMOTE_ADDR'] = '';
 	}
 
 	/**