Imagine my dismay when I took a break from writing an event review and saved it unpublished, and found that it submitted a trackback (that i had entered) anyway.

So basically it's a huge security hole.

Comments

ankur’s picture

ankur commented
ankur’s picture

ankur commented
Assigned: Unassigned » ankur
ankur’s picture

ankur commented
Priority: Critical » Minor

Until I get more people that send trackbacks when they're not publishing a node, I'm going to let this sit...

It would be nice if trackback checked the status of a node before sending and, in the case of an unpublished node, were to remember the trackback URLs for later, but the logic is not as straightforward for this to be implemented in the amt of time I have for it at present.

For now, users are advised to not submit trackback URLs if a node is not yet being published. This also means turning of auto-detection (which may well be on its way out judging from the feedback auto-detection has received).

If someone wants to tackle the problem and suggest a patch, I'll take a look at it and work with it if its a sound solution. If not, then I'll eventually get around to taking care of this, but there is no guarantee on when this will happen.

-Ankur

junyor’s picture

junyor commented

FWIW, I'd also be interested in seeing this fixed.

varunvnair’s picture

varunvnair commented
Priority: Minor » Critical

I would also like this to be fixed as soon as possible.

Since this is totally counter-intuitive and incorrect behaviour I am bumping up the priority to critical

Coquevas’s picture

Coquevas commented

still active, one year after.

zorac’s picture

zorac commented
Assigned: ankur » zorac
Status: Active » Fixed

fixed.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)