[wp-hackers] spam comment link

Peter van der Does peter at avirtualhome.com
Mon Mar 30 15:55:03 GMT 2009

On Mon, 30 Mar 2009 15:32:52 +0100
Simon Wheatley <simon at sweetinteraction.com> wrote:

> On Mon, Mar 30, 2009 at 11:27 AM, Ryan McCue <lists at rotorised.com>
> wrote:
> > Joost de Valk wrote:
> >>
> >> Is there any way that the comment emails could provide a link that
> >> would automatically spam the comment, instead of having to click
> >> the "Spam Comment" button again?
> >>
> This is a rub point for me too.
> >
> > I think you'd have to include a nonce with the email, but the point
> > of email is to be independent of time, so it's kind of
> > contradictory.
> >
> So maybe check the nonce is within 24 hours, if it is then delete the
> comment and if not, show the current screen?

Currently the nonce creation in WordPress involves a user_id. As the
comment is created by either a guest or a non-admin user, it is
more then likely the user clicking on the spam-it link will be a
different user the nonce check will fail.
So for the purpose of this request a new nonce creation function and
check function will have to be implemented.

The standard nonce checks in WordPress will fail if nonce has been
created more as 24 hours ago.

Peter van der Does

GPG key: E77E8E98

WordPress Plugin Developer

GetDeb Package Builder/GetDeb Site Coder
http://www.getdeb.net - Software you want for Ubuntu

More information about the wp-hackers mailing list