Opened 21 years ago
Closed 21 years ago
#664 closed defect (bug) (fixed)
comment-whitelisting does not work
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | minor | Version: | 1.5 |
| Component: | Administration | Keywords: | |
| Focuses: | Cc: |
Description
in wp-includes/comment-functions.php in function check_comment the check has to be tweaked to work. this broke a while ago when changing some other comment-functions...
$author has to be $comment_author
$email has to be $comment_author_email
see supplied diff
Attachments (3)
Change History (9)
#3
@
21 years ago
I don't see why this would work, the vars come from the function itself which lists:
check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type)
#5
@
21 years ago
Of course you're right, Matt, that was what I found out when I went on and did some more testing an changing... Sorry about that.
I sat down and gave check_comment some thoughts.
In the test done in line 728 of wp-include/comment-functions.php true is returned if there is already an approved comment and there is no string of all moderation-keys in $email. That is fine, although I don't know what that strpos-test is for if there are already approved comments with that emailaddress?
But, more importantly, there is no false returned if $ok_to_comment is NOT 1 - and that I guess is why the approved comment whitelisting is not working.
Someone who has approved comments can use as many words contained in moderation_keys as he likes to - his comment is still approved. So if a spammer tries to place an approved comment as a preparation he is free to spam thereafter.
No, that was only half-baked... :-(
My diff only results in everything needing to be moderated.
I changed some more things and now I'm back to start: even new addresses which never had an approved comment don't get caught by moderation.
Too bad, this was a very useful feature in commentspam-fighting. :-(