[wp-trac] [WordPress Trac] #27471: wp.newComment allows to post new comments even if they are closed or not supported
WordPress Trac
noreply at wordpress.org
Fri Mar 21 06:35:15 UTC 2014
#27471: wp.newComment allows to post new comments even if they are closed or not
supported
--------------------------+-----------------------------
Reporter: xknown | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: XML-RPC | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
wp_xmlrpc_server::wp_newComment() doesn't check if comments are
allowed/supported or not on a given post type.
{{{
faineant:wp alex$ curl -s -c /tmp/atoq.cookie -d 'log=test&pwd=1234'
'http://atoq/wp/wp-login.php' | curl -b /tmp/atoq.cookie -sd
'comment_post_ID=1&author=test&email=test at buayacorp.com&comment=test'
"http://atoq/wp/wp-comments-post.php" | grep Sorry
<p>Sorry, comments are closed for this item.</p></body>
faineant:wp alex$ cat test.xml
<methodCall>
<methodName>wp.newComment</methodName>
<params>
<param><value>1</value></param>
<param><value>test</value></param>
<param><value>1234</value></param>
<param><value>1</value></param>
<param><value>Test comment</value></param>
</params>
</methodCall>
faineant:wp alex$ curl --data @test.xml "http://atoq/wp/xmlrpc.php"
<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
<params>
<param>
<value>
<int>4</int>
</value>
</param>
</params>
</methodResponse>
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27471>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list