X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/baca9ce86a38dc54c4574890ee2d352fd81f78b2..61343b82c4f0da4c68e4c6373daafff4a81efdd1:/wp-admin/edit-comments.php diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index 174cd9af..88927093 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -20,9 +20,9 @@ if ( $doaction ) { check_admin_referer( 'bulk-comments' ); if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) { - $comment_status = $wpdb->escape( $_REQUEST['comment_status'] ); - $delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] ); - $comment_ids = $wpdb->get_col( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = '$comment_status' AND '$delete_time' > comment_date_gmt" ); + $comment_status = wp_unslash( $_REQUEST['comment_status'] ); + $delete_time = wp_unslash( $_REQUEST['pagegen_timestamp'] ); + $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) ); $doaction = 'delete'; } elseif ( isset( $_REQUEST['delete_comments'] ) ) { $comment_ids = $_REQUEST['delete_comments']; @@ -95,7 +95,7 @@ if ( $doaction ) { wp_safe_redirect( $redirect_to ); exit; } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) { - wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) ); + wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); exit; } @@ -105,7 +105,7 @@ wp_enqueue_script('admin-comments'); enqueue_comment_hotkeys_js(); if ( $post_id ) - $title = sprintf(__('Comments on “%s”'), wp_html_excerpt(_draft_or_post_title($post_id), 50)); + $title = sprintf( __( 'Comments on “%s”' ), wp_html_excerpt( _draft_or_post_title( $post_id ), 50, '…' ) ); else $title = __('Comments'); @@ -143,17 +143,17 @@ require_once('./admin-header.php');