[wp-trac] [WordPress Trac] #8997: it's possible to comment on
private posts.
WordPress Trac
wp-trac at lists.automattic.com
Thu Jan 29 21:30:44 GMT 2009
#8997: it's possible to comment on private posts.
--------------------------+-------------------------------------------------
Reporter: tott | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8
Component: Comments | Version:
Severity: normal | Keywords: comment, post, security, private, has-patch
--------------------------+-------------------------------------------------
it is possible to post a comment on a private post when you guess the post
id. to reproduce try something similar to
{{{
curl -vvv -X POST --data
"author=First%20Last&email=spammer%40noreply.com&url=&comment=testing%20this&submit=Submit+Comment&comment_post_ID=1"
http://wpurl/wp-comments-post.php
}}}
Replace the comment_post_ID with one of a private post.
--
Ticket URL: <http://trac.wordpress.org/ticket/8997>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list