WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#19495 closed enhancement (wontfix)

socialism is not spam

Reported by: mcargo Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords: close
Focuses: Cc:

Description

Lots of WordPress sites I visit earn FYWP whenever a comment is
tagged a spam because it contains the word 'socialism', which has
the 'cialis' in it as a substring.

The relevant code is line 72 in

http://core.trac.wordpress.org/browser/trunk/wp-includes/comment.php

that is,

$pattern = "#$word#i";

In the code that follows, $pattern will match any of the search
strings when it is a case-insensitive substring of one of them.

Since preg_match is being used, this problem could be solved by
requiring that the match be at word boundaries, as

$pattern = "#\<$word\>#i";

(Of course, this means that things like 'IamSureYoudReallyLikeCialis' would
make it through.)

I'm sure there are other, more efficient, ways to fix this.

Change History (10)

comment:1 scribu2 years ago

  • Keywords dev-feedback added

This is obviously a naive way of fighting spam.

How about we just remove the option of "ban words" altogether and let anti-spam plugins such as Akismet handle it?

comment:2 follow-up: nacin2 years ago

  • Keywords close added

We should consider implementing comment history, taking a page from what Akismet has done. We could mark why a comment got marked as spam (or by whom), and cover who moderated what, who edited what, etc. It also opens the door into comment revisions and thus comment types. Obviously outside the scope of this ticket, which can be answered very simply:

When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be held in the <a href="edit-comments.php?comment_status=moderated">moderation queue</a>. One word or IP per line. It will match inside words, so "press" will match "WordPress".

That's the description of the textarea in the admin. It's clear as to the intended functionality, so, the ticket is invalid.

With regards to removing it all together, I imagine there are legitimate uses, including those outside of "spam" control.

comment:3 in reply to: ↑ 2 ; follow-up: scribu2 years ago

Replying to nacin:

With regards to removing it all together, I imagine there are legitimate uses, including those outside of "spam" control.

Such as?

comment:4 in reply to: ↑ 3 goldenapples2 years ago

Replying to scribu:

Replying to nacin:

With regards to removing it all together, I imagine there are legitimate uses, including those outside of "spam" control.

Such as?

Such as moderating language in comments, preventing hateful words from inciting flamewars.

But I agree, the textarea is clear enough... agree to close this.

comment:5 scribu2 years ago

  • Keywords dev-feedback removed
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Yeah... and it just holds the comment for moderation; it doesn't automatically mark it as spam.

Closing.

comment:6 scribu2 years ago

Marked #19551 as dup.

comment:7 jwz2 years ago

I agree that moderation based on keywords is useful and is different from spam detection. I use it to moderate comments that veer toward topic-derailments that I (usually) want to nip in the bud early. I also use it to ban certain badly-behaving users (not spammers, but jerks).

As such, I really want the option to either A) match by whole words instead of just sub-strings, or B) just let me type real regexps into the UI directly.

A checkbox for, "Each line is a regexp, now you have two problems" would be ideal.

comment:8 follow-up: scribu2 years ago

I'm pretty sure such an option could be provided by a plugin.

comment:9 in reply to: ↑ 8 jwz2 years ago

Replying to scribu:

I'm pretty sure such an option could be provided by a plugin.

How? I don't see any hooks in check_comment() that would allow that...

comment:10 scribu2 years ago

There are several other actions and filters sprinkled throughout the comment submission process. Start at wp-comments-post.php.

Note: See TracTickets for help on using tickets.