[wp-trac] Re: [WordPress Trac] #8997: it's possible to comment on
private posts.
WordPress Trac
wp-trac at lists.automattic.com
Mon Mar 2 22:48:28 GMT 2009
#8997: it's possible to comment on private posts.
---------------------------------------------------------+------------------
Reporter: tott | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 2.8
Component: Comments | Version:
Severity: normal | Resolution: fixed
Keywords: comment, post, security, private, has-patch |
---------------------------------------------------------+------------------
Changes (by lloydbudd):
* status: new => closed
* resolution: => fixed
Comment:
Replying to [comment:1 mrmist]:
> Could comments not be nonce protected? I mean the patch will prevent
people from curl-ing in comments to private posts, but you can still
submit as many comments as you like to normal published posts without
actually using the submit form on the article's page.
mrmist that is an interesting idea? I wonder how well it has been explored
previously and what are the disadvantages?
Considering it shouldn't bar the inclusion of the above patch. Actually,
the topic would best live in its own ticket -- if one for comment nonce
doesn't already exist.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/8997#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list