[wp-trac] [WordPress Trac] #10931: Verify Comment Email Addresses of Registered Users

WordPress Trac wp-trac at lists.automattic.com
Wed Jun 9 17:57:59 UTC 2010


#10931: Verify Comment Email Addresses of Registered Users
----------------------------+-----------------------------------------------
 Reporter:  mtdewvirus      |       Owner:             
     Type:  task (blessed)  |      Status:  assigned   
 Priority:  normal          |   Milestone:  3.1        
Component:  Comments        |     Version:  2.8.4      
 Severity:  normal          |    Keywords:  needs-patch
----------------------------+-----------------------------------------------

Comment(by mdawaffe):

 This solution is incomplete.  If we're going to prevent impersonation, we
 need to implement CSRF protection for all logged in commentors.  The patch
 on #13791 does this.  The proposed code there is hook based, so it's all
 configurable/extendable.  It's also more complicated.

 If we go with this method, we'll need to pull in the CSRF stuff from
 #13791.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10931#comment:23>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list