[wp-hackers] Re: [wp-svn] [2562] trunk/wp-includes/comment-functions.php: Whitelist from own domain.

Matthew Mullenweg m at mullenweg.com
Wed Apr 20 23:22:06 GMT 2005

Joseph Scott wrote:
>     I've only spent a few minutes looking at the code that uses this 
> (wp-includes/functions-post.php) so please correct me if I'm wrong.  My 
> reading of the code seems to indicate that any comment can now instantly 
> be approved (skipping checks used to prevent spam) simply by using the 
> URL that the WP install is running on.  If that is the case then I 
> suggest that this is a really bad idea and will likely be exploited by 
> spammers.

It's only for trackbacks and pingbacks, in which the only link is the 
source URI. It compares the domain of the source URI to the blog's URI.

Matt Mullenweg
  http://photomatt.net | http://wordpress.org
http://pingomatic.com | http://cnet.com

More information about the wp-hackers mailing list