diff -r 48c4eec2b7e6 -r 8c2e4d02f4ef wp/wp-admin/includes/dashboard.php --- a/wp/wp-admin/includes/dashboard.php Fri Sep 05 18:40:08 2025 +0200 +++ b/wp/wp-admin/includes/dashboard.php Fri Sep 05 18:52:52 2025 +0200 @@ -726,18 +726,20 @@ 'view' => '', ); - $del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) ); - $approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) ); + $approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( 'approve-comment_' . $comment->comment_ID ) ); + $del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( 'delete-comment_' . $comment->comment_ID ) ); + + $action_string = 'comment.php?action=%s&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID . '&%s'; - $approve_url = esc_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID&$approve_nonce" ); - $unapprove_url = esc_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID&$approve_nonce" ); - $spam_url = esc_url( "comment.php?action=spamcomment&p=$comment->comment_post_ID&c=$comment->comment_ID&$del_nonce" ); - $trash_url = esc_url( "comment.php?action=trashcomment&p=$comment->comment_post_ID&c=$comment->comment_ID&$del_nonce" ); - $delete_url = esc_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID&$del_nonce" ); + $approve_url = sprintf( $action_string, 'approvecomment', $approve_nonce ); + $unapprove_url = sprintf( $action_string, 'unapprovecomment', $approve_nonce ); + $spam_url = sprintf( $action_string, 'spamcomment', $del_nonce ); + $trash_url = sprintf( $action_string, 'trashcomment', $del_nonce ); + $delete_url = sprintf( $action_string, 'deletecomment', $del_nonce ); $actions['approve'] = sprintf( '%s', - $approve_url, + esc_url( $approve_url ), "dim:the-comment-list:comment-{$comment->comment_ID}:unapproved:e7e7d3:e7e7d3:new=approved", esc_attr__( 'Approve this comment' ), __( 'Approve' ) @@ -745,7 +747,7 @@ $actions['unapprove'] = sprintf( '%s', - $unapprove_url, + esc_url( $unapprove_url ), "dim:the-comment-list:comment-{$comment->comment_ID}:unapproved:e7e7d3:e7e7d3:new=unapproved", esc_attr__( 'Unapprove this comment' ), __( 'Unapprove' ) @@ -768,7 +770,7 @@ $actions['spam'] = sprintf( '%s', - $spam_url, + esc_url( $spam_url ), "delete:the-comment-list:comment-{$comment->comment_ID}::spam=1", esc_attr__( 'Mark this comment as spam' ), /* translators: "Mark as spam" link. */ @@ -778,7 +780,7 @@ if ( ! EMPTY_TRASH_DAYS ) { $actions['delete'] = sprintf( '%s', - $delete_url, + esc_url( $delete_url ), "delete:the-comment-list:comment-{$comment->comment_ID}::trash=1", esc_attr__( 'Delete this comment permanently' ), __( 'Delete Permanently' ) @@ -786,7 +788,7 @@ } else { $actions['trash'] = sprintf( '%s', - $trash_url, + esc_url( $trash_url ), "delete:the-comment-list:comment-{$comment->comment_ID}::trash=1", esc_attr__( 'Move this comment to the Trash' ), _x( 'Trash', 'verb' ) @@ -800,17 +802,7 @@ __( 'View' ) ); - /** - * Filters the action links displayed for each comment in the 'Recent Comments' - * dashboard widget. - * - * @since 2.6.0 - * - * @param string[] $actions An array of comment actions. Default actions include: - * 'Approve', 'Unapprove', 'Edit', 'Reply', 'Spam', - * 'Delete', and 'Trash'. - * @param WP_Comment $comment The comment object. - */ + /** This filter is documented in wp-admin/includes/class-wp-comments-list-table.php */ $actions = apply_filters( 'comment_row_actions', array_filter( $actions ), $comment ); $i = 0; @@ -1287,7 +1279,7 @@ } } - update_option( 'dashboard_widget_options', $widget_options ); + update_option( 'dashboard_widget_options', $widget_options, false ); $locale = get_user_locale(); $cache_key = 'dash_v2_' . md5( $widget_id . '_' . $locale ); @@ -1819,13 +1811,10 @@ $response = get_site_transient( 'browser_' . $key ); if ( false === $response ) { - // Include an unmodified $wp_version. - require ABSPATH . WPINC . '/version.php'; - $url = 'http://api.wordpress.org/core/browse-happy/1.1/'; $options = array( 'body' => array( 'useragent' => $_SERVER['HTTP_USER_AGENT'] ), - 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), + 'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ), ); if ( wp_http_supports( array( 'ssl' ) ) ) { @@ -1923,7 +1912,7 @@