sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Register globals problem reported by Rich Bowen.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@1458 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Matt Mullenweg 2004-07-08 01:10:50 +00:00
parent 736b9b9996
commit 7193a5fa9d
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
wp-admin/edit-comments.php
View File

@ -39,21 +39,19 @@ function checkAll(form)
</form> </form>
<p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p> <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
<?php <?php
if (!empty($delete_comments)) { if ( !empty( $_POST['delete_comments'] ) ) :
$i = 0;
// I had this all as one query but then realized we weren't checking permissions on each comment. foreach ($delete_comments as $comment) : // Check the permissions on each
$del_comments = ''; $safe_delete_commeents = ''; $i = 0; $comment = (int) $comment;
foreach ($delete_comments as $comment) { // Check the permissions on each
$comment = intval($comment);
$post_id = $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment"); $post_id = $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
$authordata = get_userdata($wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id")); $authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) { if ( ($user_level > $authordata->user_level) || ($user_login == $authordata->user_login) ) :
$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID = $comment"); $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID = $comment");
++$i; ++$i;
} endif;
} endforeach;
echo "<div class='wrap'><p>" . sprintf(__('%s comments deleted.'), $i) . "</p></div>"; echo "<div class='wrap'><p>" . sprintf(__('%s comments deleted.'), $i) . "</p></div>";
} endif;
if (isset($_GET['s'])) { if (isset($_GET['s'])) {
$s = $wpdb->escape($_GET['s']); $s = $wpdb->escape($_GET['s']);