[wp-xmlrpc] Comments API
Alex Forrow
alex at fav.or.it
Tue Aug 5 13:38:08 GMT 2008
Hi,
The changes you've made look excellent, though I'm concerned that anonymous commenting is being neglected here. Although a lot of XMLRPC use is blog authors manipulating their blogs remotely, use of the interface by 3rd parties for services such as commenting and pingbacks is something thats only going to get more popular. I believe anonymous commenting via XMLRPC should be enabled by default, just as commenting via the form is.
In terms of security, its fair to say that allowing commenting via XMLRPC is no more risky than allowing commenting via the standard form POST action. Also, as with WordPress 2.6, XMLRPC is disabled by default, so requiring a plugin to enable anonymous commenting is only adding another hurdle for blog owners to cross if they want to enable this feature. I appreciate opening another possible entry point for spam is not ideal, but more would be lost by cutting these blogs off from the potential of receiving comments from external sources.
Kind regards,
Alex Forrow
Systems Administrator, Favorit Limited
Blog: http://blog.fav.or.it/
Telephone: 0845 643 0673
Address: favorit Ltd, Building L033, London Road, Reading, RG1 5AQ
This e-mail contains confidential information and is for the exclusive use of the addressee/s. If you are not the addressee, then any distribution, copying or use of this e-mail is prohibited. If received in error, please advise the sender and delete it immediately. We accept no liability for any loss or damage suffered by any person arising from use of this e-mail.
favorit Limited
Registered No: 06411859 England
Registered Office: Reading Enterprise Hub, University of Reading, Earley Gate, Reading, Berkshire, RG6 6AU
-----Original Message-----
From: wp-xmlrpc-bounces at lists.automattic.com [mailto:wp-xmlrpc-bounces at lists.automattic.com] On Behalf Of Ryan Boren
Sent: 04 August 2008 20:44
To: wp-xmlrpc at lists.automattic.com
Subject: [wp-xmlrpc] Comments API
http://trac.wordpress.org/ticket/7446
Latest patch:
http://trac.wordpress.org/attachment/ticket/7446/7446.9.diff
The following methods are implemented:
wp.getComment(blog_id, username, password, comment_id)
wp.getComments(blog_id, username, password, {status, post_id, number, offset}
wp.deleteComment(blog_id, username, password, comment_id)
wp.editComment(blog_id, username, password, comment_id, {status,
date_created_gmt, content, author, author_url, author_email, })
wp.newComment(blog_id, username, password, post, {content, author,
author_email, author_url})
// author info is optional if authorization is successful.
Unregistered commenting is allowed if a plugin sets the
xmlrpc_allow_anonymous_comments filter to true. Default is to not
allow unregistered comments. User must auth.
wp.getCommentStatusList(blog_id, username, password)
_______________________________________________
wp-xmlrpc mailing list
wp-xmlrpc at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-xmlrpc
More information about the wp-xmlrpc
mailing list