X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/6c8f14c09105d0afa4c1574215c59b5021040e76..256a3b381f63716209b3527d0a14442ae570c283:/wp-admin/edit-comments.php

diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index 174cd9af..b12264a0 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -7,7 +7,7 @@
  */
 
 /** WordPress Administration Bootstrap */
-require_once('./admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
 if ( !current_user_can('edit_posts') )
 	wp_die(__('Cheatin’ uh?'));
 
@@ -20,9 +20,9 @@ if ( $doaction ) {
 	check_admin_referer( 'bulk-comments' );
 
 	if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) {
-		$comment_status = $wpdb->escape( $_REQUEST['comment_status'] );
-		$delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] );
-		$comment_ids = $wpdb->get_col( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = '$comment_status' AND '$delete_time' > comment_date_gmt" );
+		$comment_status = wp_unslash( $_REQUEST['comment_status'] );
+		$delete_time = wp_unslash( $_REQUEST['pagegen_timestamp'] );
+		$comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) );
 		$doaction = 'delete';
 	} elseif ( isset( $_REQUEST['delete_comments'] ) ) {
 		$comment_ids = $_REQUEST['delete_comments'];
@@ -95,7 +95,7 @@ if ( $doaction ) {
 	wp_safe_redirect( $redirect_to );
 	exit;
 } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
-	 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
+	 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
 	 exit;
 }
 
@@ -105,7 +105,7 @@ wp_enqueue_script('admin-comments');
 enqueue_comment_hotkeys_js();
 
 if ( $post_id )
-	$title = sprintf(__('Comments on “%s”'), wp_html_excerpt(_draft_or_post_title($post_id), 50));
+	$title = sprintf( __( 'Comments on “%s”' ), wp_html_excerpt( _draft_or_post_title( $post_id ), 50, '…' ) );
 else
 	$title = __('Comments');
 
@@ -136,24 +136,23 @@ get_current_screen()->set_help_sidebar(
 	'<p>' . __( '<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'
 );
 
-require_once('./admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 ?>
 
 <div class="wrap">
-<?php screen_icon(); ?>
 <h2><?php
 if ( $post_id )
-	echo sprintf(__('Comments on &#8220;%s&#8221;'),
-		sprintf('<a href="%s">%s</a>',
-			get_edit_post_link($post_id),
-			wp_html_excerpt(_draft_or_post_title($post_id), 50)
+	echo sprintf( __( 'Comments on &#8220;%s&#8221;' ),
+		sprintf( '<a href="%s">%s</a>',
+			get_edit_post_link( $post_id ),
+			wp_html_excerpt( _draft_or_post_title( $post_id ), 50, '&hellip;' )
 		)
 	);
 else
 	echo __('Comments');
 
 if ( isset($_REQUEST['s']) && $_REQUEST['s'] )
-	printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
+	echo '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50, '&hellip;' ) ) . '</span>'; ?>
 </h2>
 
 <?php
@@ -252,4 +251,4 @@ if ( isset($_REQUEST['approved']) || isset($_REQUEST['deleted']) || isset($_REQU
 <?php
 wp_comment_reply('-1', true, 'detail');
 wp_comment_trashnotice();
-include('./admin-footer.php'); ?>
+include( ABSPATH . 'wp-admin/admin-footer.php' ); ?>