WordPress 3.6.1-scripts

[autoinstalls/wordpress.git] / wp-comments-post.php

diff --git a/wp-comments-post.php b/wp-comments-post.php
index 194e00f54489aac29b19661e83c258ca2c0ffdba..7b4a5e9dc07b7c270047484b7cf7501069383a67 100644 (file)
--- a/wp-comments-post.php
+++ b/wp-comments-post.php
@@ -57,9 +57,9 @@ $user = wp_get_current_user();
 if ( $user->exists() ) {
        if ( empty( $user->display_name ) )
                $user->display_name=$user->user_login;
 if ( $user->exists() ) {
        if ( empty( $user->display_name ) )
                $user->display_name=$user->user_login;

-       $comment_author       = $wpdb->escape($user->display_name);
-       $comment_author_email = $wpdb->escape($user->user_email);
-       $comment_author_url   = $wpdb->escape($user->user_url);
+       $comment_author       = wp_slash( $user->display_name );
+       $comment_author_email = wp_slash( $user->user_email );
+       $comment_author_url   = wp_slash( $user->user_url );

        if ( current_user_can('unfiltered_html') ) {
                if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
                        kses_remove_filters(); // start with a clean slate
        if ( current_user_can('unfiltered_html') ) {
                if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
                        kses_remove_filters(); // start with a clean slate