Opened 10 years ago
Closed 9 years ago
#28617 closed defect (bug) (fixed)
comments_popup should not be allowed to be access directly
Reported by: | eduplessis | Owned by: | rachelbaker |
---|---|---|---|
Milestone: | 4.5 | Priority: | normal |
Severity: | minor | Version: | 0.71 |
Component: | Comments | Keywords: | |
Focuses: | Cc: |
Description
Fresh install of WordPress... Or even on WordPress.com you can access the comments_popup page directly by typing ?comments_popup=postid.
ex: http://matt.wordpress.com/?comments_popup=7101
proposing fix if there is no template comments-popup.php in the template folder do not display the fallback.
it's from 0.71 but all version have the same issue.
Attachments (2)
Change History (25)
#2
in reply to:
↑ 1
;
follow-up:
↓ 3
@
10 years ago
Replying to johnbillion:
I wonder if anyone actually uses the comments popup?
I know but even if nobody use it the direct like is gonna work.
Typical case of the problem...
- User install WordPress
- forgot to remove comments allowed in the setting
- Make multiple post and page or/and custom post type
- In is theme he don't have any function or template to make comments
- looking good put the site online
- receiving a lot of spam comments because the direct acces work
#3
in reply to:
↑ 2
;
follow-up:
↓ 4
@
10 years ago
- Milestone changed from Awaiting Review to Future Release
Replying to eduplessis:
I know but even if nobody use it the direct link is gonna work.
Yeah. What I meant was, this is an ancient feature which we could probably just remove altogether.
#4
in reply to:
↑ 3
@
10 years ago
Replying to johnbillion:
Replying to eduplessis:
I know but even if nobody use it the direct link is gonna work.
Yeah. What I meant was, this is an ancient feature which we could probably just remove altogether.
Oh sorry... :)
100% with you, but if we want to support older theme that use it, we have to keep it until someone take the decision to drop it.
#5
@
9 years ago
- Keywords needs-patch added
This needs a patch to remove support for this legacy "feature"
#6
follow-up:
↓ 18
@
9 years ago
- Keywords has-patch 2nd-opinion added; needs-patch removed
In 28617.diff:
- Deprecates and no-ops
get_comments_popup_template()
,is_comments_popup()
,comments_popup_script()
, andpopuplinks()
. - Removes the
comments_popup
parameter inWP_Query
and the publiccomments_popup
query var. - Removes the comments popup template from the template hierarchy.
- Removes
theme-compat/comments-popup.php
.
Combined, this entirely removes the popup comments template functionality. If a theme is actually using popup comments, it's going to stop functioning as expected with this change, but won't fatal.
It's 2015, so if any theme is using popup comments then I don't care enough about breaking it, but it would be good to know if there are any themes around which are using this functionality (any which are need to call the comments_popup_script()
function, so that would be a good place to start if anyone wants to run a search).
#7
@
9 years ago
- Keywords 2nd-opinion removed
- Milestone changed from Future Release to 4.4
This functionality is just as popular as I expected it to be. A search across the theme directory (thanks @jorbin) shows that three themes are using popup comments, and none of them have been updated within the last six years.
Let's do this.
This ticket was mentioned in Slack in #core by peterwilsoncc. View the logs.
9 years ago
#9
@
9 years ago
As I mentioned in Slack, I have some concerns loosing a comment only end-point.
The endpoint makes a nice non-JavaScript fallback for lazy loaded comments. Lazy loading comments is becoming more popular as a technique & I expect use to increase once the REST API hits core.
Maintaining the end-point allows a fallback to be encouraged, no matter how little it's used.
Happy for the functions generating the link to be deprecated.
Testing required a refresh against trunk, no matter my thoughts, it is attached in 28617.2.diff
#11
@
9 years ago
@johnbillion Should this ticket remain open pending feedback from a Make Core post? Or did you have a specific next action in mind?
#16
@
9 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
On [35848], for back-compat (graceful degradation) we should actually deprecate the WP_Query
property and any parameters in the class methods instead of just removing them. The language used in the changelog entry should also be "deprecate" not "remove".
#17
@
9 years ago
- Keywords has-patch removed
I'm actually going to let this soak right through until 4.5 beta, to see if any problems are reported.
#18
in reply to:
↑ 6
@
9 years ago
Replying to johnbillion:
In 28617.diff:
- Deprecates and no-ops
get_comments_popup_template()
,is_comments_popup()
,comments_popup_script()
, andpopuplinks()
.- Removes the
comments_popup
parameter inWP_Query
and the publiccomments_popup
query var.- Removes the comments popup template from the template hierarchy.
- Removes
theme-compat/comments-popup.php
.Combined, this entirely removes the popup comments template functionality. If a theme is actually using popup comments, it's going to stop functioning as expected with this change, but won't fatal.
It's 2015, so if any theme is using popup comments then I don't care enough about breaking it, but it would be good to know if there are any themes around which are using this functionality (any which are need to call the
comments_popup_script()
function, so that would be a good place to start if anyone wants to run a search).
This thread is about comment_popups. I'm wondering if it makes sense to remove popuplinks entirely since it's a general use fn, not specifically related to comments.
This ticket was mentioned in Slack in #core by chriscct7. View the logs.
9 years ago
#20
@
9 years ago
We should publish a make post about it's removal a day after RC1 per discussion on slack
I wonder if anyone actually uses the comments popup?