[wp-trac] [WordPress Trac] #10931: Verify Comment Email Addresses of Registered Users
WordPress Trac
noreply at wordpress.org
Fri Jan 11 21:18:11 UTC 2013
#10931: Verify Comment Email Addresses of Registered Users
-------------------------------------+-----------------------------
Reporter: mtdewvirus | Owner:
Type: enhancement | Status: assigned
Priority: normal | Milestone: Future Release
Component: Comments | Version: 2.8.4
Severity: normal | Resolution:
Keywords: has-patch needs-refresh |
-------------------------------------+-----------------------------
Comment (by mark-k):
It is not only the impersonation possibility that is problematic, but also
that the end result of commenting while logged in and while logged off
might be different. When logged off author stylig will not be applied and
the comment author URL will not be set to the website field in the user's
profile.
Why not have something like
{{{
if user not logged in but email matches an active user {
store comment in spam queue
dispatch cron event to be executed an hour later
redirect to login form with redirect_to set to an admin URL in which
the comment can be approved
once approved duplicate the comment as if it was submitted by the user
while he is logged in, remove the original from spam and process the new
one
then redirect to the post in which the comment was made.
}
in the cron event {
if comment is still marked as spam send a mail to its author telling him
to contact the admin about approving that comment
}
}}}
Comment initialy marked as spam since the damage of impersonation is
probably higher then the damage of one comment being lost.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10931#comment:40>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list