Make WordPress Core

Opened 11 years ago

Closed 9 years ago

Last modified 9 years ago

#25141 closed defect (bug) (duplicate)

Comment flood filter prevents to receive more than one pingback at once

Reported by: privolus's profile privolus Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.3
Component: Pings/Trackbacks Keywords: has-patch needs-refresh
Focuses: Cc:

Description

I installed and tested wordpress 3.6 without plugins on slackware 64bit 14.0 and linuxmint 64bit 15.

In my self-hosted blog, if I write 2 articles then another article that refers to the previous 2 articles, the last article successfully pings the first link but fails to ping the second link.

On both systems, it doesn't seem to be able to receive more than one pingback at once.

I also reproduced the issue with the latest nightly build today.

Attachments (1)

25141.diff (806 bytes) - added by kovshenin 11 years ago.

Download all attachments as: .zip

Change History (10)

#1 @SergeyBiryukov
11 years ago

  • Milestone changed from Awaiting Review to 3.7

Moving for investigation.

@kovshenin
11 years ago

#2 @kovshenin
11 years ago

  • Keywords has-patch added
  • Severity changed from blocker to normal
  • Version changed from 3.6 to 3.3

I've been able to reproduce this with 3.6, 3.5, 3.4 and 3.3 (haven't gone lower). The problem is that after the first pingback has been registered, the second pingback triggers the comment flood protection. Not entirely sure it's a good idea, but maybe we can turn off flood protection for pingbacks (see 25141.diff).

#3 @nacin
11 years ago

When comment flood protection is triggered, does that mean we actually issue a wp_die() and fire _xmlrpc_wp_die_handler()?

This is one of the more amusing bugs I've seen recently. But it is not so straightforward.

I'd actually like to suggest that this behavior is actually not entirely unreasonable. I don't want someone to use a single post to attempt to post a pingback on every single post I've ever written. It could also become a backdoor for DOS attacks. But, I'm going to guess our application of comment flood protection for pingbacks is actually completely accidental.

There are possibly a few things we could do here. My initial reaction would be to consider allowing multiple comments rapidly if the comment is a ping, but still within reason — say, three or four.

#4 @nacin
11 years ago

  • Milestone changed from 3.7 to 3.8

Not new, not straightforward.

#5 @ocean90
11 years ago

  • Summary changed from wordpress 3.6 fails to receive more than one pingback at once. to Comment flood filter prevents to receive more than one pingback at once

#6 @nacin
11 years ago

  • Milestone changed from 3.8 to Future Release

#7 @chriscct7
9 years ago

  • Keywords needs-refresh added

#8 @dshanske
9 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

This seems to be a duplicate of #5130.

#9 @swissspidy
9 years ago

  • Milestone Future Release deleted
Note: See TracTickets for help on using tickets.