comment_whitelist checking in check_comment
|Reported by:||avereha||Owned by:|
If you have the "comment_whitelist"(Comment author must have a previously approved comment) option activated in Wordpress 2.9.2, and someone post a trackback or pingback comment with Comment Author's domain "%", the comment is automaticaly approved.
I think the bug is in the wp-includes/comment.php file, check_comment function, this condition:
if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%'))...
if $domain == "%", the first condition is true, and the comment approved.
The URL is like this one: http://%/something.ru
Change History (11)
comment:1 GautamGupta — 4 years ago
- Milestone changed from Unassigned to 3.0.1
- Priority changed from normal to high
comment:9 markjaquith — 3 years ago
- Milestone changed from 3.1 to 3.0.2
- Resolution fixed deleted
- Status changed from closed to reopened