id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
13887,comment_whitelist checking in check_comment,avereha,,"
If you have the ""comment_whitelist""(Comment author must have a previously approved comment) option activated in Wordpress 2.9.2, and someone post a trackback or pingback comment with Comment Author's domain ""%"", the comment is automaticaly approved. 

I think the bug is in the wp-includes/comment.php file, check_comment function, this condition:    

if ( $wpdb->get_var($wpdb->prepare(""SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1"", '%'.$domain.'%'))... 

if $domain == ""%"", the first condition is true, and the comment approved.

The URL is like this one: http://%/something.ru
",defect (bug),closed,high,3.0.2,Comments,2.9.2,normal,fixed,has-patch,avereha