[wp-hackers] Re: [wp-svn] [2562] trunk/wp-includes/comment-functions.php: Whitelist from own domain.

Mark Jaquith mark.wordpress at txfx.net
Wed Apr 20 23:43:48 GMT 2005


Joseph Scott wrote:

>
> On Apr 20, 2005, at 3:01 PM, m at wordpress.org wrote:
>
>> Revision
>> 2562
>> Author
>> matt
>> Date
>> 2005-04-20 22:01:24 +0000 (Wed, 20 Apr 2005)
>>
>> Log Message
>> Whitelist from own domain. http://mosquito.wordpress.org/view.php?id=999
>
>
>     I've only spent a few minutes looking at the code that uses this 
> (wp-includes/functions-post.php) so please correct me if I'm wrong.  
> My reading of the code seems to indicate that any comment can now 
> instantly be approved (skipping checks used to prevent spam) simply by 
> using the URL that the WP install is running on.  If that is the case 
> then I suggest that this is a really bad idea and will likely be 
> exploited by spammers.
>
>     Again, I've only briefly looked through the code so there may be a 
> filter or some other component that prevents.  I hope that is the case.


It appears to only be for trackbacks or pingbacks, not regular 
comments.  For Pingback, it doesn't really matter, since Pingbacks are 
verified to be valid links.  For Trackbacks, I doubt a spammer would 
spam you with a URI from your own site.  What's the benefit?


More information about the wp-hackers mailing list