[wp-trac] Re: [WordPress Trac] #7916: Can see others comments which
are in moderation
WordPress Trac
wp-trac at lists.automattic.com
Sun Oct 19 21:14:50 GMT 2008
#7916: Can see others comments which are in moderation
---------------------------------+------------------------------------------
Reporter: marutiborker | Owner: anonymous
Type: defect | Status: closed
Priority: lowest | Milestone:
Component: General | Version:
Severity: trivial | Resolution: wontfix
Keywords: moderation,security |
---------------------------------+------------------------------------------
Changes (by azaozz):
* status: reopened => closed
* resolution: => wontfix
Comment:
If somebody wants to see the non-moderated comments of a particular
commenter, he/she will need to know that commenter's email address and
either craft a cookie with it or submit a comment pretending to be that
commenter.
Currently WordPress stores the name, email and website entered in the
comments form in a cookie in the commenter's browser. This is mainly to
pre-fill these fields for returning commenters.
Most themes also use the name and email from the same cookie to identify
returning commenters and show them their comments currently held for
moderation.
If you need to secure the comments held for moderation, you can either not
show them at all or require users to make accounts to be able to comment
(then non-moderated comments are filtered by the user login).
Filtering by IP is possible (and easily done by the current theme) but is
not that reliable since there may be a lot of users behind the same IP and
also IPs change. Either way this is plugin material.
--
Ticket URL: <http://trac.wordpress.org/ticket/7916#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list