WordPress.org

Ready to get started?Download WordPress

Forums

Private info leak (1 post)

  1. datacompboy
    Member
    Posted 6 years ago #

    I think, that bad thing to allow all contributor's able to see IPs of all comments.

    So, i have changed wp-admin/includes/template.php in this way:
    replaced
    <?php _e('IP:') ?> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a>
    in _wp_comment_list_item with

    <?php if ( current_user_can( 'moderate_comments' ) ) { ?>
    <?php _e('IP:') ?> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a>
    <?php } ?>

    and in _wp_get_comment_list changed SQL from

    $comments = $wpdb->get_results("SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->comments WHERE
                (comment_author LIKE '%$s%' OR
                comment_author_email LIKE '%$s%' OR
                comment_author_url LIKE ('%$s%') OR
                comment_author_IP LIKE ('%$s%') OR
                comment_content LIKE ('%$s%') ) AND
                comment_approved != 'spam'
                ORDER BY comment_date DESC LIMIT $start, $num");

    to

    $comments = $wpdb->get_results("SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->comments WHERE
                (comment_author LIKE '%$s%' OR
                comment_author_email LIKE '%$s%' OR
                comment_author_url LIKE ('%$s%') OR
                ".(current_user_can( 'moderate_comments' ) ? " comment_author_IP LIKE ('%$s%') OR " : "")."
                comment_content LIKE ('%$s%') ) AND
                comment_approved != 'spam'
                ORDER BY comment_date DESC LIMIT $start, $num");

Topic Closed

This topic has been closed to new replies.

About this Topic