#17159 closed enhancement (maybelater)
Return meaningful HTTP response for comment submitted with no POST body
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | trivial | Version: | |
| Component: | Comments | Keywords: | has-patch |
| Focuses: | Cc: |
Description
A POST request to wp-comments-post.php currently returns a HTTP 200 response with an empty body if the body of the request was empty.
The server should die quickly and instruct the requesting agent not to repeat the request without modifications if minimum necessary key(s) are not present on $_POST.
I believe the possible creation of a comment requires at least a comment_post_ID. It's also the first $_POST key checked in the script. If the POST did not supply a comment_post_ID let's stop processing and provide a meaningful response. HTTP 400 Bad Request communicating the failure. Due to the spammy nature of the requestors we may or may not want to provide variable hints in the response.
Attachments (1)
Change History (6)
#1
@
14 years ago
This all sounds nice but we (can) run wp-cron off these failed requests too. For sites without much traffic spam/bad comments are probably triggering wp-cron often.
#2
@
14 years ago
- Severity changed from normal to trivial
- Type changed from defect (bug) to enhancement
Probably not much cron being fired by spambots that can't even pass the right variables to a script. :-)
Return a 400 response if no comment_post_ID provided.