Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#49902 closed enhancement (fixed)

Wrong description for blacklist feature on discussion settings page (missing user agent)

Reported by: zodiac1978's profile zodiac1978 Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 5.5 Priority: normal
Severity: normal Version: 1.5
Component: Comments Keywords: needs-patch needs-copy-review
Focuses: Cc:

Description

The discussion settings page has a textarea to set up a blocklist with this description:

When a comment contains any of these words in its content, name, URL, email, or IP address, it will be put in the Trash.

But if I look at the code the user agent is used too in wp_blacklist_check

I was wondering if this is made intentionally, because the user agent is easily spoofed.

Should we remove the user agent completely from wp_blacklist_check or should we change the wording to add the user agent, too?

Change History (7)

#1 follow-up: @SergeyBiryukov
4 years ago

  • Milestone changed from Awaiting Review to 5.5

Thanks for the ticket!

It looks like user agent check was intentionally added in [1603], so I'd suggest updating the description:

When a comment contains any of these words in its content, author name, URL, email, IP address, or browser's user agent string, it will be put in the Trash.

Would this wording be clear enough?

#2 in reply to: ↑ 1 @zodiac1978
4 years ago

Replying to SergeyBiryukov:

Would this wording be clear enough?

Thanks for the fast reply! Yes, I think so.

I can prepare a patch for this change.

This ticket was mentioned in PR #223 on WordPress/wordpress-develop by Zodiac1978.


4 years ago
#3

The check_comment function and the wp_blacklist_check are also using the user agent string which is not mentioned in the copy text.

This patch adds this info.

Trac ticket: https://core.trac.wordpress.org/ticket/49902

#4 @zodiac1978
4 years ago

I've tried Github for the patch. Seems to be successful.

It looks like we have the same problem for the moderation list, so I added this for the moderation list too.

#5 @SergeyBiryukov
4 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 47583:

Comments: Clarify that "Comment Moderation" and "Comment Blocklist" options in Discussion Settings also apply to browser's user agent string for submitted comments.

Props zodiac1978.
Fixes #49902.

This ticket was mentioned in Slack in #docs by zodiac1978. View the logs.


3 years ago

This ticket was mentioned in Slack in #docs by yui. View the logs.


3 years ago

Note: See TracTickets for help on using tickets.