[wp-xmlrpc] Non-Moderator Comments
Joseph Scott
joseph at randomnetworks.com
Mon Aug 25 15:54:13 GMT 2008
On Aug 21, 2008, at 4:50 PM, David Dodson wrote:
> Following the threads I understand the desire to prevent spam from
> coming through the xmlrpc pipe, but want to raise the question of
> non-moderator users being able to post comments through xmlrpc.
> Currently only admins or editors can post through the xmlrpc even
> with valid login credentials. Assuming the WP site is set up so
> that users have to be logged in to comment, subscribers,
> contributors and authors should also be able to post comments. I
> did a test commenting out the code which checks for moderator
> status, which allows for subscribers to post. The nice thing is
> that for first time subscribers, the comments still must be approved
> in this manner. As such, unless I'm missing something, I don't
> think doing this would leave a means for spam to exploit, unless the
> concern is having to moderate attempts. Otherwise none of the spam
> comments could make it live just by using the xmlrpc without being
> moderated first.
(Since no one else has responded)
There is a certain appeal to allowing regular users to submit
comments. Create a new ticket at trac.wordpress.org and upload a diff
and lets see what this would look like.
--
Joseph Scott
joseph at randomnetworks.com
http://joseph.randomnetworks.com/
More information about the wp-xmlrpc
mailing list