id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
13887	comment_whitelist checking in check_comment	avereha		"
If you have the ""comment_whitelist""(Comment author must have a previously approved comment) option activated in Wordpress 2.9.2, and someone post a trackback or pingback comment with Comment Author's domain ""%"", the comment is automaticaly approved. 

I think the bug is in the wp-includes/comment.php file, check_comment function, this condition:    

if ( $wpdb->get_var($wpdb->prepare(""SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1"", '%'.$domain.'%'))... 

if $domain == ""%"", the first condition is true, and the comment approved.

The URL is like this one: http://%/something.ru
"	defect (bug)	closed	high	3.0.2	Comments	2.9.2	normal	fixed	has-patch	avereha