[wp-hackers] Another anti-spam technique
Kimmo Suominen
kim at tac.nyc.ny.us
Thu Oct 28 16:40:33 UTC 2004
I should've worded that statement a bit differently: it is fine to add
features that use writable files, as long as WP is still usable without
the writable files.
As for the wp-comments.php mod to use a temporary file...
How about using a random $_SERVER['PATH_INFO'] and check for that? It
would require neither JavaScript nor cookies. If the PATH_INFO does not
match, the comment could be scrapped, since it obviously didn't come
through the WP site.
The only requirement I can think of is with Apache 2.0: it does not send
PATH_INFO to PHP scripts by default. With "AcceptPathInfo On" you can
enable the behaviour familiar from Apache 1.3.x.
http://httpd.apache.org/docs-2.0/upgrading.html
Regards,
+ Kim
--
<A HREF="http://kimmo.suominen.com/">Kimmo Suominen</A>
On Thu, Oct 28, 2004 at 04:48:18PM +0100, Donncha O Caoimh wrote:
> OK, when I said "you've", I meant in the third-person. If people want to
> modify their template via the online-template editor then index.php has
> to be editable.
> Version 1.3 can auto-update your .htaccess file when new pages are added
> I think, but will also update when you change the permalink structure.
>
> Donncha.
> http://blogs.linux.ie/xeer/
>
> Kimmo Suominen wrote:
> >Actually, I have neither a writable index.php nor a writable .htaccess
> >file, and WP works just fine. I'm hoping that no features are added
> >that _require_ a writable file or directory.
More information about the hackers
mailing list