From 1e94bbc990d1f27498134ea9005d410fb09076b2 Mon Sep 17 00:00:00 2001
From: Mike Jolley <mike.jolley@me.com>
Date: Fri, 14 Jun 2013 16:15:26 +0100
Subject: [PATCH] Review nonce. Closes #3324.

---
 includes/helpers/class-wc-template-helper.php | 8 ++++++--
 templates/single-product-reviews.php          | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/includes/helpers/class-wc-template-helper.php b/includes/helpers/class-wc-template-helper.php
index 031e040a29f..c0b57f6f6a6 100644
--- a/includes/helpers/class-wc-template-helper.php
+++ b/includes/helpers/class-wc-template-helper.php
@@ -4,7 +4,7 @@ return new WC_Template_Helper();
 
 class WC_Template_Helper extends WC_Helper {
 	public $template_url;
-	
+
 	public function __construct() {
 		$this->template_url = apply_filters( 'woocommerce_template_url', 'woocommerce/' );
 	}
@@ -73,7 +73,7 @@ class WC_Template_Helper extends WC_Helper {
 	 */
 	public function comments_template_loader( $template ) {
 		global $woocommerce;
-		
+
 		if ( get_post_type() !== 'product' )
 			return $template;
 
@@ -81,6 +81,10 @@ class WC_Template_Helper extends WC_Helper {
 			return STYLESHEETPATH . '/' . $this->template_url . 'single-product-reviews.php';
 		elseif ( file_exists( TEMPLATEPATH . '/' . $this->template_url . 'single-product-reviews.php' ))
 			return TEMPLATEPATH . '/' . $this->template_url . 'single-product-reviews.php';
+		elseif ( file_exists( STYLESHEETPATH . '/' . 'single-product-reviews.php' ))
+			return STYLESHEETPATH . '/' . 'single-product-reviews.php';
+		elseif ( file_exists( TEMPLATEPATH . '/' . 'single-product-reviews.php' ))
+			return TEMPLATEPATH . '/' . 'single-product-reviews.php';
 		else
 			return $woocommerce->plugin_path() . '/templates/single-product-reviews.php';
 	}
diff --git a/templates/single-product-reviews.php b/templates/single-product-reviews.php
index 74006730d9d..bc0b9cc5201 100644
--- a/templates/single-product-reviews.php
+++ b/templates/single-product-reviews.php
@@ -104,7 +104,7 @@ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
 
 	}
 
-	$comment_form['comment_field'] .= '<p class="comment-form-comment"><label for="comment">' . __( 'Your Review', 'woocommerce' ) . '</label><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true"></textarea></p>' . wp_nonce_field( 'woocommerce-comment_rating', true, false);
+	$comment_form['comment_field'] .= '<p class="comment-form-comment"><label for="comment">' . __( 'Your Review', 'woocommerce' ) . '</label><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true"></textarea>' . wp_nonce_field( 'woocommerce-comment_rating', '_wpnonce', true, false ) . '</p>';
 
 	comment_form( apply_filters( 'woocommerce_product_review_comment_form_args', $comment_form ) );