Pingback spam

[jemjabella]

The comments display functionality in /modules/tp-comments/functions.php does not check the approval status of pingbacks and trackbacks before displaying them, which allows spammy pingbacks to be injected straight into the posts of anyone using it.

Suggest moving if ( $comment->comment_approved == '1' ) : from off line 29 (comments case) to before the switch statement, and the corresponding endif; from line 63 to after endswitch;