WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 7 years ago

Last modified 7 years ago

#1848 closed defect (bug) (fixed)

Posting comments into a locked post

Reported by: WhiteAcid Owned by:
Milestone: Priority: normal
Severity: normal Version: 1.6
Component: General Keywords: comments
Focuses: Cc:

Description

By changing the hidden value in the "make comments" form it's possible to comment into a locked post. You still cannot read the locked post or read other comments in it, but you can post in it.

Change History (3)

comment:1 WhiteAcid8 years ago

I forgot to talk about possible solutions. When anyone posts into the locked post it should check to see if they have the cookies that are required to read the post set to the right thing. If not, then it either asks for the post password or just drops the whole thing.

comment:2 jhodgdon7 years ago

  • Keywords comments added
  • Milestone set to 2.2
  • Resolution set to fixed
  • Severity changed from minor to normal
  • Status changed from new to closed

I just tested this in SVN [4984]. Here is what I did:

a) Made a post and marked it as closed to comments (ID = 4)

b) Visited the comment page for a different post (ID = 3)

c) Copied the HTML page I was viewing into a local HTML file, and edited the hidden field for the post ID number to 4.

d) In my browser viewing my modified HTML page, typed a comment and clicked submit. I got a message saying comments are closed for this post, and the comment was not added.

e) Just to make sure it wasn't an artifact, I changed the ID back to 3, and submitted a comment successfully to that post from my local HTML page.

So this has apparently been fixed sometime between 1.6 and now. I'll close the bug.

comment:3 foolswisdom7 years ago

  • Milestone 2.2 deleted
Note: See TracTickets for help on using tickets.