[wp-trac] [WordPress Trac] #11286: Normal User Input Causes Status 500

WordPress Trac noreply at wordpress.org
Mon Nov 26 22:20:03 UTC 2012 

#11286: Normal User Input Causes Status 500
------------------------------------+-----------------------------
 Reporter:  miqrogroove             |       Owner:
     Type:  defect (bug)            |      Status:  new
 Priority:  normal                  |   Milestone:  Future Release
Component:  Comments                |     Version:  2.8.4
 Severity:  normal                  |  Resolution:
 Keywords:  has-patch commit early  |
------------------------------------+-----------------------------

Comment (by bpetty):

 Replying to [comment:39 miqrogroove]:
 > Three years on, still hacking core files to fix this problem with every
 version.

 Returning 403 codes as opposed to 500 is definitely better, but there's
 still a lot more room for improvement here.

 First, I still think these should actually be responses with code 200.
 Sysadmins (and automated blacklist services like fail2ban) keep an eye on
 server logs for 403 to identify brute force attempts, and other malicious
 activity, and this just makes their job harder to correctly identify real
 threats when it's just legitimate visitors accidentally double-clicking
 the comment submit button for example.

 Besides that though, we could be returning a much more useful variety of
 error codes to the frontend to distinguish the types of errors (besides
 just 403 used for all of them) so it knows better how to handle the
 response besides showing the visitor a localized message, and frontend
 code having no idea why it failed.

 Anyway, if this is changed too quickly here, plugins and themes will need
 to be fixed to handle this as is (it breaks backwards compat), and we
 don't want to do that twice. So I really believe this should wait off
 until the core team has some time to start looking at some of the long
 overdue comment system improvements that have been briefly touched on in a
 number of open tickets related to comments (maybe 3.6, but maybe not even
 until 3.7) - most of those tickets have already been mentioned here.

 For that matter, this patch as it stands could do a better job at
 maintaining backwards compatibility itself.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11286#comment:41>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list