[wp-trac] [WordPress Trac] #2714: comments with HTML can wreck Moderation Queue window

WordPress Trac wp-trac at lists.automattic.com
Wed May 10 21:03:54 GMT 2006

#2714: comments with HTML can wreck Moderation Queue window
       Id:  2714            |      Status:  new                     
Component:  Administration  |    Modified:  Wed May 10 21:03:54 2006
 Severity:  normal          |   Milestone:                          
 Priority:  normal          |     Version:  2.0.2                   
    Owner:  anonymous       |    Reporter:  DjLizard                
 I keep getting comment spam which is causing some havoc in the moderate
 comments menu.  The spammer, for whatever reason, is simply posting the

 Allowed HTML: <a href="" title="" rel="" rel="nofollow"> <abbr title="">
 <acronym title=""> <b> <blockquote cite="">
 <code> <div align=""> <em> <font color="" size="" face=""> <i> <li> <ol>
 <strike> <strong> <sub> <sup>

 I don't know why the spammer is just pasting crap off of my page (no
 Viagra ads, etc).  The second spam (from the same person) simply said
 "nbnbbnmmhmhgjf", so I don't really get the point of the spam.  Anyway,
 the first one messes up the moderation Queue window, to where nothing can
 be clicked, because it is all one giant hyperlinked, strikethrough'd
 element.  I have to delete the comment via MySQL (hard), or by clicking
 the delete hyperlink in the  "Please moderate:" email I recieve when
 there's a new comment (easier).  I can probably fix the Moderation Queue
 page myself so that it doesn't allow this kind of attack, but I just
 wanted to let the Wordpress devs know about it because this is the third
 time I've gotten this spam in a span of 6 months.

Ticket URL: <http://trac.wordpress.org/ticket/2714>
WordPress Trac <http://wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list