[wp-hackers] XML-RPC anonymous comments wordpress.com

Dion Hulse (dd32) wordpress at dd32.id.au
Sat Feb 6 05:29:10 UTC 2010


I completely missed that this was a WordPress.com question specifically..

I'd go back to the .com support thread you've got, and argue your case  
there.

Anonymous commenting via XMLRPC will be disabled on wordpress.com hosting,  
simple as that.

If you host your own blog, you can enable the functionality yourself.

On Sat, 06 Feb 2010 16:26:26 +1100, Dion Hulse (dd32)  
<wordpress at dd32.id.au> wrote:

> Looking at the WordPress code will answer your questions.
>
> http://core.trac.wordpress.org/browser/trunk/xmlrpc.php#L1235
>
> As you can see there, Theres a logic branch there that says:
>
> Accept the comment if either
>   a. You're logged in
> or
>   b. The owner of the blog has specifically enabled anonymous commenting  
> via XMLRPC
>
> for b, The user would need to place some code like this, in their themes  
> functions.php or a plugin:
>
> add_filter('xmlrpc_allow_anonymous_comments',  
> '_theme_allow_xmlrpc_anon_comments');
> function _theme_allow_xmlrpc_anon_comments() {
>      return true;
> }
>
> I dont see this changing in WordPress anytime soon, Trackbacks are  
> automated, Comments should not be.
> Allowing anonymous comments via XMLRPC would allow for bypassing  
> UI-based spam checkers to start with off the top of my head.
>
> Cheers
> Dion Hulse / dd32
>
> On Sat, 06 Feb 2010 16:08:36 +1100, Senica Gonzalez <senica at gmail.com>  
> wrote:
>
>> Hey there,
>>
>> I posted the following on the wordpress.com forums and tbol3 sent me  
>> over to
>> you guys for help.
>>
>> The pretty version of this question is located here:
>> http://en.forums.wordpress.com/topic/xml-rpc-anonymous-comments-wordpresscom?replies=3
>>
>> I have done tons of research today, but apparently I'm just not getting  
>> the
>> right answer. Today is my first day using XML-RPC. Piece of cake.
>>
>> I was able to do a Trackback, a PingBack, and various XML-RPC calls with
>> different APIs to my blog. The one thing that I cannot seem to be able  
>> to do
>> is add an anonymous comment to my blog remotely.
>>
>> I have seen where other people have asked this question, and Jonathan  
>> has
>> said that it was covered in the XML-RPC API. Basically, mentioning that  
>> if
>> you leave the username and password blank, it will work.....It doesn't.  
>> At
>> least not in my case. I always get:
>>
>> faultCode 403 faultString Bad login/pass combination.
>>
>> Here is the request I'm sending:
>>
>> $request = ' <?xml version="1.0" encoding="utf-8"?> <methodCall>
>> <methodName>wp.newComment</methodName> <params> <param>
>> <value><int>11838212</int></value>
>> <value><string>{username}</string></value>
>> <value><string>{password}</string></value> <value><int>20</int></value>
>> <value> <struct> <member> <name>comment_parent</name>
>> <value><int></int></value> </member> <member> <name>content</name>
>> <value><string>Test1</string></value> </member> <member>  
>> <name>author</name>
>> <value><string>Ogglabas</string></value> </member> <member>
>> <name>author_url</name> <value><string></string></value> </member>  
>> <member>
>> <name>author_email</name>  
>> <value><string>senica at gmail.com</string></value>
>> </member> </struct> </value> </param> </params> </methodCall>
>>
>>  If I have a username and password in there...it works perfect. The only
>> problem is, it shows "me" as the poster, whereas I want to allow people  
>> to
>> post comments to my blog from my other website as well and have "their"  
>> name
>> show up as the poster.
>>
>> As already mentioned, if I take the username and password out....no  
>> dice.
>>
>>
>>  Also, I wanted to mention before someone posts on here....Apparently,  
>> there
>> is a way to enable_anonymous_xml_rpc...or something to that affect, if  
>> I was
>> running Word Press on my own server.
>>
>> This is not the case, and not an option for me.
>>
>> And if someone says that it is a security issue....well, seems like
>> trackbacks wouldn't be allowed either. At least with this, you can make  
>> the
>> user put in their email address and a name.
>>
>> This is an important feature to have if it is not already enabled.
>>
>>
>>
>> Thanks for the help ahead of time!


-- 
Dion Hulse / dd32

Contact:
  e: contact at dd32.id.au
  msn: msn at d32.id.au
  skype: theonly_dd32
  Web: http://dd32.id.au/


More information about the wp-hackers mailing list