[wp-trac] [WordPress Trac] #20165: Guest might comment with nickname and e-mail of administrator
WordPress Trac
wp-trac at lists.automattic.com
Sat Mar 3 15:38:20 UTC 2012
#20165: Guest might comment with nickname and e-mail of administrator
-----------------------------+------------------------
Reporter: wikicms | Owner:
Type: feature request | Status: closed
Priority: normal | Milestone:
Component: Comments | Version: 3.3.1
Severity: normal | Resolution: duplicate
Keywords: needs-patch |
-----------------------------+------------------------
Changes (by jane):
* type: defect (bug) => feature request
Comment:
This isn't really bug, it's designed to work this way, so I changed the
type to feature request. I discovered this a couple of years ago and did
an experiment on a site on wordpress.ocm where @designsimply and I wrote
spurious comments on a post masquerading as each other by being not logged
in and entering the other's email.
The display of registered users is not the issue, it's a matter of being
logged in. The way to prevent fake commenting (and since the email
generates the gravatar it looks real to the outsider) for registered users
would be to force a login if the email is recognized. For non-registered
users, there is no way to verify they are who they say they are unless we
started using some external thing (sign in with facebook etc).
I will admit I was up in arms about it a couple of years ago, but the
response I got then was that this wasn't really a big problem, and now I
tend to agree. Abuse of commenting identity is pretty edge-case, so while
I still support forcing a login for registered users, I think the non-
registered commenter identity issue is probably best left to a plugin.
Suggest closing wontfix since the registered user part already has a
2-year old ticket (that dd32 linked above).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20165#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list