[wp-trac] [WordPress Trac] #2714: comments with HTML can wreck
Moderation Queue window
WordPress Trac
wp-trac at lists.automattic.com
Wed May 10 21:03:54 GMT 2006
#2714: comments with HTML can wreck Moderation Queue window
----------------------------+-----------------------------------------------
Id: 2714 | Status: new
Component: Administration | Modified: Wed May 10 21:03:54 2006
Severity: normal | Milestone:
Priority: normal | Version: 2.0.2
Owner: anonymous | Reporter: DjLizard
----------------------------+-----------------------------------------------
I keep getting comment spam which is causing some havoc in the moderate
comments menu. The spammer, for whatever reason, is simply posting the
following:
{{{
Allowed HTML: <a href="" title="" rel="" rel="nofollow"> <abbr title="">
<acronym title=""> <b> <blockquote cite="">
<code> <div align=""> <em> <font color="" size="" face=""> <i> <li> <ol>
<strike> <strong> <sub> <sup>
<ul>
}}}
I don't know why the spammer is just pasting crap off of my page (no
Viagra ads, etc). The second spam (from the same person) simply said
"nbnbbnmmhmhgjf", so I don't really get the point of the spam. Anyway,
the first one messes up the moderation Queue window, to where nothing can
be clicked, because it is all one giant hyperlinked, strikethrough'd
element. I have to delete the comment via MySQL (hard), or by clicking
the delete hyperlink in the "Please moderate:" email I recieve when
there's a new comment (easier). I can probably fix the Moderation Queue
page myself so that it doesn't allow this kind of attack, but I just
wanted to let the Wordpress devs know about it because this is the third
time I've gotten this spam in a span of 6 months.
--
Ticket URL: <http://trac.wordpress.org/ticket/2714>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list