Sends trackbacks for unpublished nodes
chromatic - January 26, 2005 - 19:14
| Project: | TrackBack |
| Version: | HEAD |
| Component: | Sending |
| Category: | bug report |
| Priority: | critical |
| Assigned: | zorac |
| Status: | closed |
Jump to:
Description
Imagine my dismay when I took a break from writing an event review and saved it unpublished, and found that it submitted a trackback (that i had entered) anyway.
So basically it's a huge security hole.
#1
#2
#3
Until I get more people that send trackbacks when they're not publishing a node, I'm going to let this sit...
It would be nice if trackback checked the status of a node before sending and, in the case of an unpublished node, were to remember the trackback URLs for later, but the logic is not as straightforward for this to be implemented in the amt of time I have for it at present.
For now, users are advised to not submit trackback URLs if a node is not yet being published. This also means turning of auto-detection (which may well be on its way out judging from the feedback auto-detection has received).
If someone wants to tackle the problem and suggest a patch, I'll take a look at it and work with it if its a sound solution. If not, then I'll eventually get around to taking care of this, but there is no guarantee on when this will happen.
-Ankur
#4
FWIW, I'd also be interested in seeing this fixed.
#5
I would also like this to be fixed as soon as possible.
Since this is totally counter-intuitive and incorrect behaviour I am bumping up the priority to critical
#6
still active, one year after.
#7
fixed.
#8