[wp-hackers] Re: [wp-svn]
[2562] trunk/wp-includes/comment-functions.php:
Whitelist from own domain.
Matthew Mullenweg
m at mullenweg.com
Wed Apr 20 23:22:06 GMT 2005
Joseph Scott wrote:
> I've only spent a few minutes looking at the code that uses this
> (wp-includes/functions-post.php) so please correct me if I'm wrong. My
> reading of the code seems to indicate that any comment can now instantly
> be approved (skipping checks used to prevent spam) simply by using the
> URL that the WP install is running on. If that is the case then I
> suggest that this is a really bad idea and will likely be exploited by
> spammers.
It's only for trackbacks and pingbacks, in which the only link is the
source URI. It compares the domain of the source URI to the blog's URI.
--
Matt Mullenweg
http://photomatt.net | http://wordpress.org
http://pingomatic.com | http://cnet.com
More information about the wp-hackers
mailing list