From 41ad32495830169258aa98a2585ee97864c44978 Mon Sep 17 00:00:00 2001
From: Mark Jaquith <markjaquith@git.wordpress.org>
Date: Wed, 19 Nov 2008 04:58:10 +0000
Subject: [PATCH] Show pending comments to users with quotes in their name.
 props regulatethis. fixes #6992

git-svn-id: https://develop.svn.wordpress.org/trunk@9773 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/comment-template.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php
index 4bc5c2486c..fba653c0b4 100644
--- a/wp-includes/comment-template.php
+++ b/wp-includes/comment-template.php
@@ -793,7 +793,7 @@ function comments_template( $file = '/comments.php', $separate_comments = false
 	} else if ( empty($comment_author) ) {
 		$comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post->ID));
 	} else {
-		$comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND ( comment_approved = '1' OR ( comment_author = %s AND comment_author_email = %s AND comment_approved = '0' ) ) ORDER BY comment_date", $post->ID, $comment_author, $comment_author_email));
+		$comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND ( comment_approved = '1' OR ( comment_author = %s AND comment_author_email = %s AND comment_approved = '0' ) ) ORDER BY comment_date", $post->ID, htmlspecialchars_decode($comment_author, ENT_QUOTES), $comment_author_email));
 	}
 
 	// keep $comments for legacy's sake