Spam words bug

June 1st, 2004
General, WordPress Hack

In WP 1.2 there’s a bug in the built-in blacklist function. If you haven’t tried this out as a way of protecting your blog from comment spam, you should look into this.

The default list is empty, and you can enter words, author names, email addresses, IP address, and URI/URLs. If any word in the list matches anything in the comment text, comment author’s name, comment author’s email address, comment author’s URL, or comment author’s IP address, the comment will be held for moderation.

The bug is that if there’s a blank line in or at the end of the list, it’s treated as a wildcard, and it matches anything in the comment body. So all comments will be moderated regardless of comments.

This is fixed in the CVS, but I thought I’d publish the fix for those that don’t want to run a diff against the CVS version. (Also, there have been other changes that may introduce some incompatibilities.. So a direct drop-in replacement in not advised for the faint-of-heart.)

In the file /wp-includes/functions.php replace lines 1346 & 1347:
$word = trim($word);
$pattern = "#$word#i";

$word = trim($word);
// Skip empty lines
if (empty($word)) { continue; }
$pattern = "#$word#i";

Now, if you accidentally leave a blank line in the words list, it will still behave as expected.




  1. mog (4 comments.) says:

    Thanks, put in your fix.


  1. [...] Mind of Mog 01.June.04 Fixing Comment Spam Weblog Tools Collection has a fix to the comment spam words bug. One caveat, [...]

Obviously Powered by WordPress. © 2003-2013

page counter