[wp-trac] [WordPress Trac] #10975: comment form nonce
WordPress Trac
wp-trac at lists.automattic.com
Mon Oct 19 22:17:05 UTC 2009
#10975: comment form nonce
-------------------------+--------------------------------------------------
Reporter: tellyworth | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Unassigned
Component: General | Version:
Severity: normal | Keywords: has-patch, dev-feedback
-------------------------+--------------------------------------------------
Comment(by filosofo):
An admin has greater posting privileges than a non-logged-in user, so
there would be some advantage just in preventing XSS-commenting for only
logged-in users.
And perhaps we could use the client's IP address in the nonce hash when
generating it for non-logged-in users?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10975#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list