[wp-hackers] Re: [wp-svn]
Whitelist from own domain.
m at mullenweg.com
Wed Apr 20 23:22:06 GMT 2005
Joseph Scott wrote:
> I've only spent a few minutes looking at the code that uses this
> (wp-includes/functions-post.php) so please correct me if I'm wrong. My
> reading of the code seems to indicate that any comment can now instantly
> be approved (skipping checks used to prevent spam) simply by using the
> URL that the WP install is running on. If that is the case then I
> suggest that this is a really bad idea and will likely be exploited by
It's only for trackbacks and pingbacks, in which the only link is the
source URI. It compares the domain of the source URI to the blog's URI.
http://photomatt.net | http://wordpress.org
http://pingomatic.com | http://cnet.com
More information about the wp-hackers