[wp-trac] [WordPress Trac] #49956: Spammers able to share unmoderated comments
WordPress Trac
noreply at wordpress.org
Sun May 24 04:31:52 UTC 2020
#49956: Spammers able to share unmoderated comments
--------------------------------------+---------------------
Reporter: jonkolbert | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.4.2
Component: Comments | Version: 5.1
Severity: major | Resolution:
Keywords: has-patch needs-dev-note | Focuses:
--------------------------------------+---------------------
Comment (by peterwilsoncc):
In [attachment:"49956.diff"]:
* refreshed against trunk (minor formatting change were causing it not to
apply)
* only pass querystring parameters if the user didn't consent to cookies,
otherwise they are not required
* for requests with the unapproved and moderation hash querystring
parameters, I've added an expires header of 60 seconds for CDN and other
cache hinting.
* only display the requested comment if the querystring parameters are
included in the request. ''In two minds on this one, as it can be
problematic if the user replies to their own unmoderated comment. The new
comment will display as the walker skips comments without parents.''
@audrasjb @whyisjake Are you able to take a look over the changes and
share your views, especially on the last item. There is a
[https://github.com/WordPress/wordpress-develop/pull/291/files GitHub pull
request] you can comment on if it's easier.
Note: a seperate patch will need to be generated for the backport as it
won't apply cleanly due to some code reformatting near the changes.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49956#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list