[wp-trac] [WordPress Trac] #53962: The bug allows to see the name(s) of a user(s) who has replied to a comment (not yet authorized).
WordPress Trac
noreply at wordpress.org
Tue Feb 21 14:54:01 UTC 2023
#53962: The bug allows to see the name(s) of a user(s) who has replied to a comment
(not yet authorized).
-------------------------------------+-------------------------------------
Reporter: fasuto | Owner: hellofromTonya
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 6.2
Component: Comments | Version: 2.7
Severity: normal | Resolution:
Keywords: has-patch has-unit- | Focuses: administration,
tests has-testing-info add-to- | privacy
field-guide commit |
-------------------------------------+-------------------------------------
Changes (by costdev):
* status: closed => reopened
* resolution: fixed =>
Comment:
As noted by @hellofromTonya, [55369] removed the global `$comment`
assignment in `comment_form_title()`. The `@internal` annotation of
`comment_form_title()` states:
@internal The $comment global must be present to allow template tags
access to the current comment. See
https://core.trac.wordpress.org/changeset/36512.
[https://github.com/WordPress/wordpress-develop/pull/4110 PR 4110]
restores the global `$comment` assignment.
**Note:** As this leads to two calls to `get_comment()` - one in
`comment_form_title()`, and one in `_get_comment_reply_id()`, a follow-up
investigation is needed to see if we can reduce this to one call.
For example, this may require changing `_get_comment_reply_id()` to
`_get_comment_reply_object()`, and changing all uses to perform
appropriate checks before an effective `_get_comment_reply_object()->ID`
call.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53962#comment:34>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list