X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/11be8dc178e77d0b46189bbd8e33a216a9b90942..d3b1ea255664edd2deef17f900a655613d20820d:/wp-admin/includes/comment.php?action=editcomment;c=%7B%24comment-%3Ecomment_ID%7D

diff --git a/wp-admin/includes/comment.php b/wp-admin/includes/comment.php
index 0fd1533d..56e181af 100644
--- a/wp-admin/includes/comment.php
+++ b/wp-admin/includes/comment.php
@@ -19,6 +19,9 @@
 function comment_exists($comment_author, $comment_date) {
 	global $wpdb;
 
+	$comment_author = stripslashes($comment_author);
+	$comment_date = stripslashes($comment_date);
+
 	return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
 			WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
 }
@@ -86,7 +89,7 @@ function get_comment_to_edit( $id ) {
 
 	$comment->comment_author = format_to_edit( $comment->comment_author );
 	$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
-	$comment->comment_author_url = clean_url($comment->comment_author_url);
+	$comment->comment_author_url = esc_url($comment->comment_author_url);
 	$comment->comment_author_url = format_to_edit( $comment->comment_author_url );
 
 	return $comment;
@@ -156,7 +159,7 @@ function enqueue_comment_hotkeys_js() {
 		wp_enqueue_script( 'jquery-table-hotkeys' );
 }
 
-if ( is_admin() && ('edit-comments.php' == $pagenow || 'edit.php' == $pagenow) ) {
+if ( is_admin() && isset($pagenow) && ('edit-comments.php' == $pagenow || 'edit.php' == $pagenow) ) {
 	if ( get_option('show_avatars') )
 		add_filter( 'comment_author', 'floated_admin_avatar' );
 }