-if ( $user->ID ) {
- $comment_author = $wpdb->escape($user->display_name);
- $comment_author_email = $wpdb->escape($user->user_email);
- $comment_author_url = $wpdb->escape($user->user_url);
- if ( current_user_can('unfiltered_html') ) {
- if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
+if ( $user->exists() ) {
+ if ( empty( $user->display_name ) )
+ $user->display_name=$user->user_login;
+ $comment_author = wp_slash( $user->display_name );
+ $comment_author_email = wp_slash( $user->user_email );
+ $comment_author_url = wp_slash( $user->user_url );
+ if ( current_user_can( 'unfiltered_html' ) ) {
+ if ( ! isset( $_POST['_wp_unfiltered_html_comment'] )
+ || ! wp_verify_nonce( $_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID )
+ ) {