X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/9c40b4d36daed9e28e48a5fe9205c32557195a4b..312084b5d95c21feb519ff03decf948420e1f6fa:/wp-includes/comment-template.php diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 2b6b60ac..321080af 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -194,6 +194,7 @@ function comment_author_IP() { function get_comment_author_url() { global $comment; $url = ('http://' == $comment->comment_author_url) ? '' : $comment->comment_author_url; + $url = esc_url( $url, array('http', 'https') ); return apply_filters('get_comment_author_url', $url); } @@ -337,6 +338,8 @@ function get_comment_class( $class = '', $comment_id = null, $post_id = null ) { $classes = array_merge($classes, $class); } + $classes = array_map('esc_attr', $classes); + return apply_filters('comment_class', $classes, $class, $comment_id, $post_id); } @@ -529,7 +532,7 @@ function get_comments_number( $post_id = 0 ) { else $count = $post->comment_count; - return apply_filters('get_comments_number', $count); + return apply_filters('get_comments_number', $count, $post_id); } /** @@ -596,12 +599,12 @@ function comment_text() { */ function get_comment_time( $d = '', $gmt = false, $translate = true ) { global $comment; - $comment_date = $gmt? $comment->comment_date_gmt : $comment->comment_date; + $comment_date = $gmt ? $comment->comment_date_gmt : $comment->comment_date; if ( '' == $d ) $date = mysql2date(get_option('time_format'), $comment_date, $translate); else $date = mysql2date($d, $comment_date, $translate); - return apply_filters('get_comment_time', $date, $d, $gmt); + return apply_filters('get_comment_time', $date, $d, $gmt, $translate); } /** @@ -810,15 +813,35 @@ function wp_comment_form_unfiltered_html_nonce() { function comments_template( $file = '/comments.php', $separate_comments = false ) { global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity, $overridden_cpage; - if ( ! (is_single() || is_page() || $withcomments) ) + if ( !(is_single() || is_page() || $withcomments) || empty($post) ) return; if ( empty($file) ) $file = '/comments.php'; $req = get_option('require_name_email'); + + /** + * Comment author information fetched from the comment cookies. + * + * @uses wp_get_current_commenter() + */ $commenter = wp_get_current_commenter(); - extract($commenter, EXTR_SKIP); + + /** + * The name of the current comment author escaped for use in attributes. + */ + $comment_author = $commenter['comment_author']; // Escaped by sanitize_comment_cookies() + + /** + * The email address of the current comment author escaped for use in attributes. + */ + $comment_author_email = $commenter['comment_author_email']; // Escaped by sanitize_comment_cookies() + + /** + * The url of the current comment author escaped for use in attributes. + */ + $comment_author_url = esc_url($commenter['comment_author_url']); /** @todo Use API instead of SELECTs. */ if ( $user_ID) { @@ -919,7 +942,7 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c $number = get_comments_number( $id ); if ( 0 == $number && !comments_open() && !pings_open() ) { - echo '' . $none . ''; + echo '' . $none . ''; return; } @@ -947,11 +970,11 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c if ( !empty( $css_class ) ) { echo ' class="'.$css_class.'" '; } - $title = esc_attr( get_the_title() ); + $title = the_title_attribute( 'echo=0' ); echo apply_filters( 'comments_popup_link_attributes', '' ); - echo ' title="' . sprintf( __('Comment on %s'), $title ) . '">'; + echo ' title="' . esc_attr( sprintf( __('Comment on %s'), $title ) ) . '">'; comments_number( $zero, $one, $more, $number ); echo ''; } @@ -1232,7 +1255,7 @@ class Walker_Comment extends Walker { } ?> < id="comment-"> - +
@@ -1251,7 +1274,7 @@ class Walker_Comment extends Walker {
$add_below, 'depth' => $depth, 'max_depth' => $args['max_depth']))) ?>
- +