[wp-trac] [WordPress Trac] #11810: Some users able to comment on closed posts
WordPress Trac
wp-trac at lists.automattic.com
Thu Jan 7 17:07:43 UTC 2010
#11810: Some users able to comment on closed posts
--------------------------+-------------------------------------------------
Reporter: ericmann | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9.2
Component: Comments | Version: 2.9.1
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
This was originally reported on the WP support forums.
Users with certain developer tools (i.e Firebug) can manually edit the
comment_post_ID field of the default commentform and submit a comment to
any post on the site, whether it's published or not (or closed to comments
or not).
Perhaps we should consider some level of security for comments to ensure
this can't happen? Maybe hash the comment_post_ID field so it can't be
edited in plaintext?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11810>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list