From b246fdf17fff3598dedb77c7a14b2c65ffc7dc5a Mon Sep 17 00:00:00 2001 From: markjaquith Date: Tue, 30 Nov 2010 22:46:35 +0000 Subject: [PATCH] Drop pingback/trackback blogroll whitelisting feature. Too many ways to abuse it. props avereha. props vladimir_kolesnikov. fixes #13887 for trunk git-svn-id: http://svn.automattic.com/wordpress/trunk@16637 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/comment.php | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/wp-includes/comment.php b/wp-includes/comment.php index a3ef302dc..debb66911 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -18,9 +18,8 @@ * check fails. If any of the parameter contents match the blacklist of words, * then the check fails. * - * If the comment is a trackback and part of the blogroll, then the trackback is - * automatically whitelisted. If the comment author was approved before, then - * the comment is automatically whitelisted. + * If the comment author was approved before, then the comment is + * automatically whitelisted. * * If none of the checks fail, then the failback is to set the check to pass * (return true). @@ -82,16 +81,7 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $ // Comment whitelisting: if ( 1 == get_option('comment_whitelist')) { - if ( 'trackback' == $comment_type || 'pingback' == $comment_type ) { // check if domain is in blogroll - $uri = parse_url($url); - $domain = $uri['host']; - $uri = parse_url( home_url() ); - $home_domain = $uri['host']; - if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain ) - return true; - else - return false; - } elseif ( $author != '' && $email != '' ) { + if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) { // expected_slashed ($author, $email) $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1"); if ( ( 1 == $ok_to_comment ) &&