id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
11810	Some users able to comment on unpublished posts	ericmann		"This was originally reported on the WP support forums.

Users with certain developer tools (i.e Firebug) can manually edit the  comment_post_ID field of the default commentform and submit a comment to any post on the site, whether it's published or not (or closed to comments or not).

Perhaps we should consider some level of security for comments to ensure this can't happen?  Maybe hash the comment_post_ID field so it can't be edited in plaintext?"	defect (bug)	closed	normal	2.9.2	Comments	2.9.1	normal	fixed	has-patch needs-testing	ericmann