function get_comment_author_url() {
global $comment;
$url = ('http://' == $comment->comment_author_url) ? '' : $comment->comment_author_url;
+ $url = esc_url( $url, array('http', 'https') );
return apply_filters('get_comment_author_url', $url);
}
$file = '/comments.php';
$req = get_option('require_name_email');
+
+ /**
+ * Comment author information fetched from the comment cookies.
+ *
+ * @uses wp_get_current_commenter()
+ */
$commenter = wp_get_current_commenter();
- extract($commenter, EXTR_SKIP);
+
+ /**
+ * The name of the current comment author escaped for use in attributes.
+ */
+ $comment_author = $commenter['comment_author']; // Escaped by sanitize_comment_cookies()
+
+ /**
+ * The email address of the current comment author escaped for use in attributes.
+ */
+ $comment_author_email = $commenter['comment_author_email']; // Escaped by sanitize_comment_cookies()
+
+ /**
+ * The url of the current comment author escaped for use in attributes.
+ */
+ $comment_author_url = esc_url($commenter['comment_author_url']);
/** @todo Use API instead of SELECTs. */
if ( $user_ID) {