[wp-trac] [WordPress Trac] #10975: comment form nonce

WordPress Trac noreply at wordpress.org
Thu Feb 27 17:33:32 UTC 2020


#10975: comment form nonce
-------------------------+-----------------------------
 Reporter:  tellyworth   |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Future Release
Component:  Comments     |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  needs-patch  |     Focuses:
-------------------------+-----------------------------

Comment (by bookdude13):

 I'd like to renew interest in this as well. CSRF on the comment form might
 not be a complete solution, but I'd argue that it's better than no
 protection at all. As mentioned by @tellyworth it would stop some passive
 or drive-by attacks/spam. A more robust solution could be discussed and
 implemented in #10931.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/10975#comment:25>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list