[wp-trac] Re: [WordPress Trac] #7916: Can see others comments which are in moderation

WordPress Trac wp-trac at lists.automattic.com
Sun Oct 19 21:14:50 GMT 2008

#7916: Can see others comments which are in moderation
 Reporter:  marutiborker         |        Owner:  anonymous
     Type:  defect               |       Status:  closed   
 Priority:  lowest               |    Milestone:           
Component:  General              |      Version:           
 Severity:  trivial              |   Resolution:  wontfix  
 Keywords:  moderation,security  |  
Changes (by azaozz):

  * status:  reopened => closed
  * resolution:  => wontfix


 If somebody wants to see the non-moderated comments of a particular
 commenter, he/she will need to know that commenter's email address and
 either craft a cookie with it or submit a comment pretending to be that

 Currently WordPress stores the name, email and website entered in the
 comments form in a cookie in the commenter's browser. This is mainly to
 pre-fill these fields for returning commenters.

 Most themes also use the name and email from the same cookie to identify
 returning commenters and show them their comments currently held for

 If you need to secure the comments held for moderation, you can either not
 show them at all or require users to make accounts to be able to comment
 (then non-moderated comments are filtered by the user login).

 Filtering by IP is possible (and easily done by the current theme) but is
 not that reliable since there may be a lot of users behind the same IP and
 also IPs change. Either way this is plugin material.

Ticket URL: <http://trac.wordpress.org/ticket/7916#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list