Revision [19901]
This is an old revision of WillyPs made by WillyPs on 2008-05-06 21:06:23.
WillyPs
DescentiaPedia
My first Wikka install, DescentiaPedia has recently been re-styled, I've made some major changes to the layout including a right column navigation box, and an expanded footer showing recent changes, recent comments, and more. Comments appreciated!Rant This Space
Oh, I had such great ideas when I started this one... but I haven't done much with it lately. Other than delete comment spam. Captchas are vastly annoying, but I can see why people use them.WikkaStyle
I originally installed this to try out 1.1.6.4RC1, then 1.1.6.4 when it was released. So I figured since I had installed it anyway, I would use it to write about styling Wikka.How is this possible?
Today I had a spam comment in a page that I had deleted some time ago... When I clicked the link to the page on the recently commented page, it asked me if I wanted to create it. So I did, and there is already a spam comment! What's up with that? How can they leave a comment on a page that does not exist? Page writes are restricted to a select few users. Read and comment are *.- Comment ACL of * allows for posting of comments regardless of page write perms. When you delete a page, comments are deleted. Have you compared timestamps of the comment and page creation record? --BrianKoontz
- No, the page had been deleted some time (weeks) ago, the comment showed up recently. There was no page history, because there was no page. How can a comment be made on a page that does not exist?
- It's not supposed to be possible, as comments are deleted from the DB prior to a page being deleted. Can you reproduce the issue? --BrianKoontz
- They are. The bug/feature is different: if you have the right to comment, you can comment. If you can comment by default, you can comment on non-existent pages, too. --Nils (Ticket: 747)
- Can someone provide proof/reproducibility of this "bug"? I see one anecdotal example, but if it's not reproducible, there's not much can be done about it. --BrianKoontz
- I just reproduced the issue here: http://demo.wikkawiki.org/RecentlyCommented - I posted the comment content via HTTP through a PHP script to a non existing page (SandBox2/addcomment) whose comments ACLs were previously set to * -DarTar
- So the spammer must have marked a link to the comment section before I deleted the page. Perhaps some 'if page exists' code could be added to the comments code. Ok, I see exactly that in ticket 747. Or better yet, is there a way to prevent scripts from posting? --WillyPs
- There is already a process in place to prevent scripts from posting (unique form IDs). But this is really intended to thwart automated scripts. Anyone is free to take a generated page and modify the POST parameters (as can be done here). --BrianKoontz
www.prepare4descent.net/descentiapedia DescentiaPedia
www.prepare4descent.net Prepare For Descent!
Rant This Space!
CategoryUsers