Ticket #392 (new defect)

Opened 2 months ago

Last modified 2 months ago

Comment wall allows spam in

Reported by: alistairy Assigned to: nobody
Priority: high Milestone: 0.9.1
Component: core Version: 0.9.1
Severity: major Keywords: commentwalll spam
Cc: Patch Included: 0
Review Stage: unreviewed

Description

Setting commentwall to "private" or "logged in users only" still allows spam to get in.

mod/commentwall/do_action.php mod/commentwall/lib.php::commentwall_addcomment()

all ignore permissions. Can you give me a pointer on how to get hold of permissions for a plugin and I'll fix it?

Attachments

els_markp_user_details.png (32.7 kB) - added by markpea on 10/01/08 19:29:32.

Change History

10/01/08 19:29:32 changed by markpea

  • attachment els_markp_user_details.png added.

10/01/08 19:36:40 changed by markpea

I don't confirm this on my elgg 0.92 installation. Setting my comment wall visible to logged in users only (see attached) does prevent it from being visible when not logged in : browse to https://els.earlham.edu/markp/profile and see. I have set up my system slightly differently from the recommended installation: the data directory is outside the web root (so /var/elgg_data for the data and /var/www/elgg for the code) and is not world read:write accessible. My suspicion is that if your data directory has world read:write access there's nothing you can do about spam -- after all, world:write means just that.