[wp-trac] Re: [WordPress Trac] #8997: it's possible to comment on
private posts.
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 30 18:55:00 GMT 2009
#8997: it's possible to comment on private posts.
---------------------------------------------------------+------------------
Reporter: tott | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8
Component: Comments | Version:
Severity: normal | Resolution:
Keywords: comment, post, security, private, has-patch |
---------------------------------------------------------+------------------
Comment (by mrmist):
Could comments not be nonce protected? I mean the patch will prevent
people from curl-ing in comments to private posts, but you can still
submit as many comments as you like to normal published posts without
actually using the submit form on the article's page.
--
Ticket URL: <http://trac.wordpress.org/ticket/8997#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list