WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 6 months ago

Last modified 4 months ago

#17159 closed enhancement (maybelater)

Return meaningful HTTP response for comment submitted with no POST body

Reported by: niallkennedy Owned by:
Milestone: Priority: normal
Severity: trivial Version:
Component: Comments Keywords: has-patch
Focuses: Cc:

Description

A POST request to wp-comments-post.php currently returns a HTTP 200 response with an empty body if the body of the request was empty.

The server should die quickly and instruct the requesting agent not to repeat the request without modifications if minimum necessary key(s) are not present on $_POST.

I believe the possible creation of a comment requires at least a comment_post_ID. It's also the first $_POST key checked in the script. If the POST did not supply a comment_post_ID let's stop processing and provide a meaningful response. HTTP 400 Bad Request communicating the failure. Due to the spammy nature of the requestors we may or may not want to provide variable hints in the response.

Attachments (1)

wp-comments-post.diff (835 bytes) - added by niallkennedy 4 years ago.
Return a 400 response if no comment_post_ID provided.

Download all attachments as: .zip

Change History (6)

@niallkennedy4 years ago

Return a 400 response if no comment_post_ID provided.

comment:1 @azaozz4 years ago

This all sounds nice but we (can) run wp-cron off these failed requests too. For sites without much traffic spam/bad comments are probably triggering wp-cron often.

comment:2 @nacin4 years ago

  • Severity changed from normal to trivial
  • Type changed from defect (bug) to enhancement

Probably not much cron being fired by spambots that can't even pass the right variables to a script. :-)

comment:4 @chriscct76 months ago

  • Resolution set to maybelater
  • Status changed from new to closed

There's been no activity in a while on this and a lack of support. Marking as maybelater

comment:5 @SergeyBiryukov4 months ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.