WordPress.org
Get WordPress

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #2543


Ignore:
Timestamp:
03/08/2006 07:36:54 AM (19 years ago)
Author:
markjaquith
Comment:

I'm downgrading the severity of this... I don't see the security implications. It's an annoyance, yes, but it doesn't compromise the security of the WP install.

There is a plugin that prevents imposters:

http://www.skippy.net/blog/2005/09/08/impostercide/

I don't think this is necessarily something that should be included in core, although I'm open the argument.

I've also altered the summary and description to add the word "masquerading" because the comments are not actually added as the legitimate user... they just appear to be so, to the outside world. The $comment->user_id value will NOT be set.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #2543

    • Property Component changed from Security to General
    • Property Summary changed from anyone can post comments as registered user to anyone can post comments masquerading as registered user
    • Property Priority changed from highest to normal
    • Property Keywords security removed
    • Property Severity changed from critical to minor

  • Ticket #2543 – Description

    initial v1  
    1 one can post comments as a legitimate user with the following information:
     1one can post comments masquerading as a legitimate user with the following information:
    22
    33