WordPress.org

Make WordPress Core

Changeset 16637


Ignore:
Timestamp:
11/30/10 22:46:35 (3 years ago)
Author:
markjaquith
Message:

Drop pingback/trackback blogroll whitelisting feature. Too many ways to abuse it. props avereha. props vladimir_kolesnikov. fixes #13887 for trunk

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/comment.php

    r16624 r16637  
    1919 * then the check fails. 
    2020 * 
    21  * If the comment is a trackback and part of the blogroll, then the trackback is 
    22  * automatically whitelisted. If the comment author was approved before, then 
    23  * the comment is automatically whitelisted. 
     21 * If the comment author was approved before, then the comment is 
     22 * automatically whitelisted. 
    2423 * 
    2524 * If none of the checks fail, then the failback is to set the check to pass 
     
    8382    // Comment whitelisting: 
    8483    if ( 1 == get_option('comment_whitelist')) { 
    85         if ( 'trackback' == $comment_type || 'pingback' == $comment_type ) { // check if domain is in blogroll 
    86             $uri = parse_url($url); 
    87             $domain = $uri['host']; 
    88             $uri = parse_url( home_url() ); 
    89             $home_domain = $uri['host']; 
    90             if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain ) 
    91                 return true; 
    92             else 
    93                 return false; 
    94         } elseif ( $author != '' && $email != '' ) { 
     84        if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) { 
    9585            // expected_slashed ($author, $email) 
    9686            $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1"); 
Note: See TracChangeset for help on using the changeset viewer.