-get_currentuserinfo();
-if ( $user_ID ) :
- $comment_author = $wpdb->escape($user_identity);
- $comment_author_email = $wpdb->escape($user_email);
- $comment_author_url = $wpdb->escape($user_url);
-else :
- if ( get_option('comment_registration') )
- die( __('Sorry, you must be logged in to post a comment.') );
-endif;
+$user = wp_get_current_user();
+if ( $user->exists() ) {
+ if ( empty( $user->display_name ) )
+ $user->display_name=$user->user_login;
+ $comment_author = wp_slash( $user->display_name );
+ $comment_author_email = wp_slash( $user->user_email );
+ $comment_author_url = wp_slash( $user->user_url );
+ if ( current_user_can( 'unfiltered_html' ) ) {
+ if ( ! isset( $_POST['_wp_unfiltered_html_comment'] )
+ || ! wp_verify_nonce( $_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID )
+ ) {
+ kses_remove_filters(); // start with a clean slate
+ kses_init_filters(); // set up the filters
+ }
+ }
+} else {
+ if ( get_option('comment_registration') || 'private' == $status )
+ wp_die( __('Sorry, you must be logged in to post a comment.') );
+}