[wp-trac] [WordPress Trac] #10931: Verify Comment Email Addresses of Registered Users
WordPress Trac
noreply at wordpress.org
Thu Jan 23 21:15:37 UTC 2025
#10931: Verify Comment Email Addresses of Registered Users
-------------------------------------------------+-------------------------
Reporter: mtdewvirus | Owner: (none)
Type: enhancement | Status: assigned
Priority: normal | Milestone: 6.8
Component: Comments | Version:
Severity: normal | Resolution:
Keywords: needs-unit-tests needs-docs needs- | Focuses:
patch |
-------------------------------------------------+-------------------------
Changes (by johnbillion):
* keywords: has-patch 2nd-opinion needs-unit-tests needs-docs => needs-
unit-tests needs-docs needs-patch
Comment:
The approach in [https://github.com/WordPress/wordpress-develop/pull/8114
PR 8114] goes against what several commenters on this ticket have
indicated is their preference (including most recently @azaozz), which is
to push the comment into the moderation queue rather than blocking it
entirely. The PR are also introduces another means for an attacker to
attempt to discover whether any given email address belongs to a
registered user. This is technically not a functional change because it
can be performed via wp-login.php, but it's definitely less than
desirable. Placing such a comment into the moderation queue, along with an
explanation of why it's there, is much preferable.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/10931#comment:56>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list