[wp-hackers] Best way to 'enhance' wp-comments-post.php

Rabin Vincent rabin at rab.in
Thu May 25 18:49:13 GMT 2006

On 5/25/06, Eric A. Meyer <eric at meyerweb.com> wrote:
> Hey all,
>     In order to block a flood of direct-submission comment spam--
> stuff that was just hitting the WP post scripts directly, never
> touching a post or its comment form-- I hacked some measures into
> wp-comments-post.php.  These took the basic form of checking to see
> if the submission came from a post comment form, and if not, skipping
> over everything in wp-comments-post.php from the comment "//if the
> user is logged in" to the $location redirect.  By preserving the
> redirect, I figured I could fool any scripts that hit the scripts
> directly but also checked to see if they got the post page back as a
> result.
>     I'd like to abstract this process out to a plugin, so I don't have
> to re-hack wp-comments-post.php every time I upgrade.  So what I'm
> wondering is, what hook should I hang on to start this check?  I
> thought about copying one of the hooks Akismet uses, but I didn't
> really know why it was using the ones it was using, so that seemed
> like a fragile solution at best.  I also don't really have to start
> where I did with my hack-- it just seemed like a good place.
>     Also, should the plugin itself do the redirect part instead of
> trying to somehow jump to the appropriate point in
> wp-comments-post.php?  That seems simplest, but I wasn't sure if
> there was a better way.
>     Thanks for any help with this.

You could hook into "init". This will get you in fairly close to where
you are with the direct edits. There you could check if the request
is for wp-comments-post.php, and if so do your stuff.



More information about the wp-hackers mailing list