[wp-trac] [WordPress Trac] #13887: comment_whitelist checking in check_comment
WordPress Trac
wp-trac at lists.automattic.com
Mon Jun 14 12:21:57 UTC 2010
#13887: comment_whitelist checking in check_comment
--------------------------+-------------------------------------------------
Reporter: avereha | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Comments | Version: 2.9.2
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
If you have the "comment_whitelist"(Comment author must have a previously
approved comment) option activated in Wordpress 2.9.2, and someone post a
trackback or pingback comment with Comment Author's domain "%", the
comment is automaticaly approved.
I think the bug is in the wp-includes/comment.php file, check_comment
function, this condition:
if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE
link_url LIKE (%s) LIMIT 1", '%'.$domain.'%'))...
if $domain == "%", the first condition is true, and the comment approved.
The URL is like this one: http://%/something.ru
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13887>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list