Opened 4 months ago
Last modified 4 months ago
#23179 new enhancement
New avatar related option - use gravatar only for registered users
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Awaiting Review |
| Component: | Comments | Version: | |
| Severity: | normal | Keywords: | |
| Cc: | edward.caissie@… |
Description
The use of gravater is problematic because there is no attempt to verify that a comment with which an email was used was actually left by the owner of the email (AFAICT gravatar doesn't even have an API for authentication).
This makes impersonating to someone else that have a gravatar in a wordpress site comments much too easy.
IMO non autogenerated gravatars should be displayed by default only for users for which it is known that they actually own the email address, which are usually only the registered users.
Change History (3)
comment:1
SergeyBiryukov — 4 months ago
comment:3
SergeyBiryukov — 4 months ago
Related: #14682
Note: See
TracTickets for help on using
tickets.
Related: #10931