Opened 19 years ago
Closed 18 years ago
#2714 closed defect (bug) (fixed)
comments with HTML can wreck Moderation Queue window
Reported by: | DjLizard | Owned by: | markjaquith |
---|---|---|---|
Milestone: | 2.0.6 | Priority: | normal |
Severity: | normal | Version: | 2.0.2 |
Component: | Administration | Keywords: | html moderation queue comment bg|has-patch |
Focuses: | Cc: |
Description
I keep getting comment spam which is causing some havoc in the moderate comments menu. The spammer, for whatever reason, is simply posting the following:
Allowed HTML: <a href="" title="" rel="" rel="nofollow"> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <div align=""> <em> <font color="" size="" face=""> <i> <li> <ol> <strike> <strong> <sub> <sup> <ul>
I don't know why the spammer is just pasting crap off of my page (no Viagra ads, etc). The second spam (from the same person) simply said "nbnbbnmmhmhgjf", so I don't really get the point of the spam. Anyway, the first one messes up the moderation Queue window, to where nothing can be clicked, because it is all one giant hyperlinked, strikethrough'd element. I have to delete the comment via MySQL (hard), or by clicking the delete hyperlink in the "Please moderate:" email I recieve when there's a new comment (easier). I can probably fix the Moderation Queue page myself so that it doesn't allow this kind of attack, but I just wanted to let the Wordpress devs know about it because this is the third time I've gotten this spam in a span of 6 months.
Attachments (2)
Change History (14)
#1
@
19 years ago
- Milestone set to 2.1
- Owner changed from anonymous to markjaquith
- Status changed from new to assigned
#2
@
18 years ago
- Keywords bg|has-patch added
I got tired of dealing with this type of spam, so I coded a small fix and hope it's of use to somebody else as well.
Also, could somebody tell me what the $is_comment argument in the balanceTags function is used for? It isn't used in the function itself and none of the calling functions pass it in. Can't it be removed?
I've gotten this too. We should force comments to be run through the filter that closes open tags, at least in the admin.