Wizard 2.8.2-scripts

[autoinstalls/wordpress.git] / wp-admin / includes / comment.php

diff --git a/wp-admin/includes/comment.php b/wp-admin/includes/comment.php
index 0fd1533d2ba3e2669797050b9174bebd056a07e2..26f25564a184a1707adb807035ed81a26bcf8bbd 100644 (file)
--- a/wp-admin/includes/comment.php
+++ b/wp-admin/includes/comment.php
@@ -19,6 +19,9 @@
 function comment_exists($comment_author, $comment_date) {
        global $wpdb;
 
+       $comment_author = stripslashes($comment_author);
+       $comment_date = stripslashes($comment_date);
+
        return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
                        WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
 }
@@ -86,8 +89,8 @@ function get_comment_to_edit( $id ) {
 
        $comment->comment_author = format_to_edit( $comment->comment_author );
        $comment->comment_author_email = format_to_edit( $comment->comment_author_email );
-       $comment->comment_author_url = clean_url($comment->comment_author_url);
        $comment->comment_author_url = format_to_edit( $comment->comment_author_url );
+       $comment->comment_author_url = esc_url($comment->comment_author_url);
 
        return $comment;
 }
@@ -156,7 +159,7 @@ function enqueue_comment_hotkeys_js() {
                wp_enqueue_script( 'jquery-table-hotkeys' );
 }
 
-if ( is_admin() && ('edit-comments.php' == $pagenow || 'edit.php' == $pagenow) ) {
+if ( is_admin() && isset($pagenow) && ('edit-comments.php' == $pagenow || 'edit.php' == $pagenow) ) {
        if ( get_option('show_avatars') )
                add_filter( 'comment_author', 'floated_admin_avatar' );
 }