[wp-trac] [WordPress Trac] #53962: The bug allows to see the name(s) of a user(s) who has replied to a comment (not yet authorized).
WordPress Trac
noreply at wordpress.org
Fri Aug 20 03:53:45 UTC 2021
#53962: The bug allows to see the name(s) of a user(s) who has replied to a comment
(not yet authorized).
--------------------------+--------------------------------------
Reporter: fasuto | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 2.7
Severity: normal | Resolution:
Keywords: | Focuses: administration, privacy
--------------------------+--------------------------------------
Changes (by peterwilsoncc):
* version: 5.8 => 2.7
* component: General => Comments
Comment:
Hello @fasuto and welcome to trac.
Thank you for your report, I am able to reproduce the bug.
It appears to have been introduced in version 2.7 of WordPress, so I've
updated the version field of your report to indicate when the bug first
appeared.
----
Notes:
`comment_form_title()` passes the value of the `replytocom` querystring
parameter to `get_comment()`. `comment_form_title()` then uses the parent
comment author's name in the title without verifying whether or not the
comment has been approved.
The same is true for `get_comment_id_fields()`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53962#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list