WordPress.org

Make WordPress Core

Opened 11 years ago

Closed 11 years ago

#7246 closed defect (bug) (fixed)

Comments too quick should return 403 not 500 error

Reported by: trenta Owned by:
Milestone: 2.7 Priority: normal
Severity: normal Version: 2.6
Component: Comments Keywords: has-patch dev-feedback
Focuses: Cc:
PR Number:

Description

I'm seeing an error on 2.5.1 where if I post a second comment, before my first was approved, I get an internal server error.

Are you guys aware of this?

Thanks.

Attachments (1)

7246.diff (1.5 KB) - added by DD32 11 years ago.

Download all attachments as: .zip

Change History (16)

#1 @trenta
11 years ago

One other thing. Once it's been approved, I can post another comment.

Also, this is happening for users that are NOT authenticated.

#2 @DD32
11 years ago

Appears to be working as expected under trunk(2.6)

Does the blog in question have any commenting-related plugins installed? (spam plugins?)

Hm.

Actually, I get a "You are posting comments too quickly. Slow down." message if I post a 2nd comment straight away, That would be sending a 500 error i believe, What browser are you using? I have a feeling it may be displaying a custom error message rather than the WordPress error message.

#3 @ionfish
11 years ago

Shouldn't this be throwing a 403 error rather than a 500?

#4 @DD32
11 years ago

  • Keywords reporter-feedback added
  • Milestone set to 2.7

Shouldn't this be throwing a 403 error rather than a 500?

403 doesnt seem like a proper response for a page like that to me.. 500 error seems better.

Certain browsers (I'm thinking IE6 here), will show custom error pages rather than what the server sends if the servers response is shorter than x bytes.

#5 @ionfish
11 years ago

From RFC 2616's entry on the 403 Forbidden error:

The server understood the request, but is refusing to fulfill it.

500 indicates a server error. In this case, nothing has gone wrong on the server, it is merely refusing to fulfil the request (publish the comment) at that time.

#6 @DD32
11 years ago

Yep, You're right - It would make sense i guess.

#7 @trenta
11 years ago

I am seeing the same problem. If I navigate away from the page, and come back, it does not happen. FYI, I disabled all of my plugins just to be sure it wasn't them.

#8 @trenta
11 years ago

Also, I just confirmed that if I want 10-15 seconds, it does not happen. But an error like the following is not very nice for the user, when someone is posting too many times too quickly...

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.
Apache Server at blog.trentonadams.ca Port 80

#9 @trenta
11 years ago

s/want 10-15/wait 10-15/
:P

#10 @mrmist
11 years ago

  • Keywords reporter-feedback removed
  • Summary changed from commenting a second time before comment approved causes an internal server error. to Comments too quick should return 403 not 500 error
  • Version changed from 2.5.1 to 2.6

It is only showing the internal server error because you are using IE with friendly errors.

+ 1 for this though -

Shouldn't this be throwing a 403 error rather than a 500?

#11 @caesarsgrunt
11 years ago

+1 for the 403 code. 500 is just plain wrong.

#12 @ryan
11 years ago

  • Component changed from General to Comments
  • Owner anonymous deleted

@DD32
11 years ago

#13 @DD32
11 years ago

  • Keywords has-patch dev-feedback added

attachment 7246.diff added.

  • Adds a $args wp_parse_args() style arguement
    • has a single 'response' value which dictates the HTTP code to be returned, Defaults to 500
  • comment flood protection function modified to return a 403 for such operations.

#14 @ryan
11 years ago

500 is often used as a "go away" response to spammers. But, I don't really care either way. I'll roll with DD32's patch.

#15 @ryan
11 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [9335]) Send 403 instead of 500 for comment flood protection. Allow specifying response code for wp_die(). Props DD32. fixes #7246

Note: See TracTickets for help on using tickets.