WordPress.org

Make WordPress Core

Changeset 16637


Ignore:
Timestamp:
11/30/2010 10:46:35 PM (7 years ago)
Author:
markjaquith
Message:

Drop pingback/trackback blogroll whitelisting feature. Too many ways to abuse it. props avereha. props vladimir_kolesnikov. fixes #13887 for trunk

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/comment.php

    r16624 r16637  
    1919 * then the check fails.
    2020 *
    21  * If the comment is a trackback and part of the blogroll, then the trackback is
    22  * automatically whitelisted. If the comment author was approved before, then
    23  * the comment is automatically whitelisted.
     21 * If the comment author was approved before, then the comment is
     22 * automatically whitelisted.
    2423 *
    2524 * If none of the checks fail, then the failback is to set the check to pass
     
    8382    // Comment whitelisting:
    8483    if ( 1 == get_option('comment_whitelist')) {
    85         if ( 'trackback' == $comment_type || 'pingback' == $comment_type ) { // check if domain is in blogroll
    86             $uri = parse_url($url);
    87             $domain = $uri['host'];
    88             $uri = parse_url( home_url() );
    89             $home_domain = $uri['host'];
    90             if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain )
    91                 return true;
    92             else
    93                 return false;
    94         } elseif ( $author != '' && $email != '' ) {
     84        if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) {
    9585            // expected_slashed ($author, $email)
    9686            $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
Note: See TracChangeset for help on using the changeset viewer.