- $comment_author = $wpdb->escape($user->display_name);
- $comment_author_email = $wpdb->escape($user->user_email);
- $comment_author_url = $wpdb->escape($user->user_url);
+ $comment_author = wp_slash( $user->display_name );
+ $comment_author_email = wp_slash( $user->user_email );
+ $comment_author_url = wp_slash( $user->user_url );
if ( current_user_can('unfiltered_html') ) {
if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
kses_remove_filters(); // start with a clean slate
if ( current_user_can('unfiltered_html') ) {
if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
kses_remove_filters(); // start with a clean slate