[wp-trac] [WordPress Trac] #63675: Sanitize request values and improve translatable strings in edit-comments.php
WordPress Trac
noreply at wordpress.org
Tue Jul 8 17:54:04 UTC 2025
#63675: Sanitize request values and improve translatable strings in edit-
comments.php
-------------------------------------------------+-------------------------
Reporter: sandippatel11 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Comments | Version: 6.8
Severity: minor | Keywords: has-patch
Focuses: accessibility, administration, | needs-testing
coding-standards, php-compatibility |
-------------------------------------------------+-------------------------
This patch addresses a small security and translation-related improvement
in the `wp-admin/edit-comments.php` file:
---
1. Sanitization of Request Inputs
Currently, `$_REQUEST['comment_status']` and
`$_REQUEST['pagegen_timestamp']` are used directly after `wp_unslash()`:
$comment_status = wp_unslash( $_REQUEST['comment_status'] );
$delete_time = wp_unslash( $_REQUEST['pagegen_timestamp'] );
2. Translatable String Formatting
$messages[] = __( 'This comment is already approved.' ) . sprintf(
' <a href="%1$s">%2$s</a>',
esc_url( admin_url( "comment.php?action=editcomment&c=$same" ) ),
__( 'Edit comment' )
);
is refactored into a single sprintf()-wrapped translatable string:
$messages[] = sprintf(
__( 'This comment is already approved. <a href="%s">Edit comment</a>'
),
esc_url( admin_url( "comment.php?action=editcomment&c=$same" ) )
);
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63675>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list