--- a/wp/wp-admin/comment.php Tue Dec 15 15:52:01 2020 +0100
+++ b/wp/wp-admin/comment.php Wed Sep 21 18:19:35 2022 +0200
@@ -36,14 +36,18 @@
}
}
-$comment_id = absint( $_GET['c'] );
-$comment = get_comment( $comment_id );
+if ( isset( $_REQUEST['c'] ) ) {
+ $comment_id = absint( $_REQUEST['c'] );
+ $comment = get_comment( $comment_id );
-// Prevent actions on a comment associated with a trashed post.
-if ( 'trash' === get_post_status( $comment->comment_post_ID ) ) {
- wp_die(
- __( 'You can’t edit this comment because the associated post is in the Trash. Please restore the post first, then try again.' )
- );
+ // Prevent actions on a comment associated with a trashed post.
+ if ( $comment && 'trash' === get_post_status( $comment->comment_post_ID ) ) {
+ wp_die(
+ __( 'You can’t edit this comment because the associated post is in the Trash. Please restore the post first, then try again.' )
+ );
+ }
+} else {
+ $comment = null;
}
switch ( $action ) {
@@ -163,19 +167,19 @@
<table class="form-table comment-ays">
<tr>
-<th scope="row"><?php _e( 'Author' ); ?></th>
-<td><?php comment_author( $comment ); ?></td>
+ <th scope="row"><?php _e( 'Author' ); ?></th>
+ <td><?php comment_author( $comment ); ?></td>
</tr>
<?php if ( get_comment_author_email( $comment ) ) { ?>
<tr>
-<th scope="row"><?php _e( 'Email' ); ?></th>
-<td><?php comment_author_email( $comment ); ?></td>
+ <th scope="row"><?php _e( 'Email' ); ?></th>
+ <td><?php comment_author_email( $comment ); ?></td>
</tr>
<?php } ?>
<?php if ( get_comment_author_url( $comment ) ) { ?>
<tr>
-<th scope="row"><?php _e( 'URL' ); ?></th>
-<td><a href="<?php comment_author_url( $comment ); ?>"><?php comment_author_url( $comment ); ?></a></td>
+ <th scope="row"><?php _e( 'URL' ); ?></th>
+ <td><a href="<?php comment_author_url( $comment ); ?>"><?php comment_author_url( $comment ); ?></a></td>
</tr>
<?php } ?>
<tr>
@@ -203,17 +207,17 @@
}
?>
</td>
- </tr>
- <tr>
+</tr>
+<tr>
<th scope="row"><?php _e( 'Submitted on' ); ?></th>
<td>
<?php
$submitted = sprintf(
/* translators: 1: Comment date, 2: Comment time. */
__( '%1$s at %2$s' ),
- /* translators: Comment date format. See https://www.php.net/date */
+ /* translators: Comment date format. See https://www.php.net/manual/datetime.format.php */
get_comment_date( __( 'Y/m/d' ), $comment ),
- /* translators: Comment time format. See https://www.php.net/date */
+ /* translators: Comment time format. See https://www.php.net/manual/datetime.format.php */
get_comment_date( __( 'g:i a' ), $comment )
);
if ( 'approved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_post_ID ) ) {
@@ -222,31 +226,32 @@
echo $submitted;
}
?>
- </td>
- </tr>
- <tr>
+ </td>
+</tr>
+<tr>
<th scope="row"><?php /* translators: Field name in comment form. */ _ex( 'Comment', 'noun' ); ?></th>
<td class="comment-content">
<?php comment_text( $comment ); ?>
- <p class="edit-comment"><a href="<?php echo admin_url( "comment.php?action=editcomment&c={$comment->comment_ID}" ); ?>"><?php esc_html_e( 'Edit' ); ?></a></p>
+ <p class="edit-comment">
+ <a href="<?php echo esc_url( admin_url( "comment.php?action=editcomment&c={$comment->comment_ID}" ) ); ?>"><?php esc_html_e( 'Edit' ); ?></a>
+ </p>
</td>
- </tr>
- </table>
+</tr>
+</table>
- <form action="comment.php" method="get" class="comment-ays-submit">
-
+<form action="comment.php" method="get" class="comment-ays-submit">
<p>
<?php submit_button( $button, 'primary', 'submit', false ); ?>
- <a href="<?php echo admin_url( 'edit-comments.php' ); ?>" class="button-cancel"><?php esc_html_e( 'Cancel' ); ?></a>
+ <a href="<?php echo esc_url( admin_url( 'edit-comments.php' ) ); ?>" class="button-cancel"><?php esc_html_e( 'Cancel' ); ?></a>
</p>
<?php wp_nonce_field( $nonce_action ); ?>
<input type="hidden" name="action" value="<?php echo esc_attr( $formaction ); ?>" />
<input type="hidden" name="c" value="<?php echo esc_attr( $comment->comment_ID ); ?>" />
<input type="hidden" name="noredir" value="1" />
- </form>
+</form>
- </div>
+</div>
<?php
break;