Make WordPress Core

Opened 11 years ago

Closed 7 years ago

Last modified 7 years ago

#17159 closed enhancement (maybelater)

Return meaningful HTTP response for comment submitted with no POST body

Reported by: niallkennedy Owned by:
Milestone: Priority: normal
Severity: trivial Version:
Component: Comments Keywords: has-patch
Focuses: Cc:


A POST request to wp-comments-post.php currently returns a HTTP 200 response with an empty body if the body of the request was empty.

The server should die quickly and instruct the requesting agent not to repeat the request without modifications if minimum necessary key(s) are not present on $_POST.

I believe the possible creation of a comment requires at least a comment_post_ID. It's also the first $_POST key checked in the script. If the POST did not supply a comment_post_ID let's stop processing and provide a meaningful response. HTTP 400 Bad Request communicating the failure. Due to the spammy nature of the requestors we may or may not want to provide variable hints in the response.

Attachments (1)

wp-comments-post.diff (835 bytes) - added by niallkennedy 11 years ago.
Return a 400 response if no comment_post_ID provided.

Download all attachments as: .zip

Change History (6)

11 years ago

Return a 400 response if no comment_post_ID provided.

#1 @azaozz
11 years ago

This all sounds nice but we (can) run wp-cron off these failed requests too. For sites without much traffic spam/bad comments are probably triggering wp-cron often.

#2 @nacin
11 years ago

  • Severity changed from normal to trivial
  • Type changed from defect (bug) to enhancement

Probably not much cron being fired by spambots that can't even pass the right variables to a script. :-)

#4 @chriscct7
7 years ago

  • Resolution set to maybelater
  • Status changed from new to closed

There's been no activity in a while on this and a lack of support. Marking as maybelater

#5 @SergeyBiryukov
7 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.