WordPress.org

Make WordPress Core

Opened 8 months ago

Closed 7 months ago

#49902 closed enhancement (fixed)

Wrong description for blacklist feature on discussion settings page (missing user agent)

Reported by: zodiac1978 Owned by: SergeyBiryukov
Milestone: 5.5 Priority: normal
Severity: normal Version: 1.5
Component: Comments Keywords: needs-patch needs-copy-review
Focuses: Cc:

Description

The discussion settings page has a textarea to set up a blocklist with this description:

When a comment contains any of these words in its content, name, URL, email, or IP address, it will be put in the Trash.

But if I look at the code the user agent is used too in wp_blacklist_check

I was wondering if this is made intentionally, because the user agent is easily spoofed.

Should we remove the user agent completely from wp_blacklist_check or should we change the wording to add the user agent, too?

Change History (5)

#1 follow-up: @SergeyBiryukov
8 months ago

  • Milestone changed from Awaiting Review to 5.5

Thanks for the ticket!

It looks like user agent check was intentionally added in [1603], so I'd suggest updating the description:

When a comment contains any of these words in its content, author name, URL, email, IP address, or browser's user agent string, it will be put in the Trash.

Would this wording be clear enough?

#2 in reply to: ↑ 1 @zodiac1978
8 months ago

Replying to SergeyBiryukov:

Would this wording be clear enough?

Thanks for the fast reply! Yes, I think so.

I can prepare a patch for this change.

This ticket was mentioned in PR #223 on WordPress/wordpress-develop by Zodiac1978.


7 months ago

The check_comment function and the wp_blacklist_check are also using the user agent string which is not mentioned in the copy text.

This patch adds this info.

Trac ticket: https://core.trac.wordpress.org/ticket/49902

#4 @zodiac1978
7 months ago

I've tried Github for the patch. Seems to be successful.

It looks like we have the same problem for the moderation list, so I added this for the moderation list too.

#5 @SergeyBiryukov
7 months ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 47583:

Comments: Clarify that "Comment Moderation" and "Comment Blocklist" options in Discussion Settings also apply to browser's user agent string for submitted comments.

Props zodiac1978.
Fixes #49902.

Note: See TracTickets for help on using tickets.