Commentor’s email got revealed
There seems to be a problem with registering a cookie. I don’t know if this is a WordPress problem but so far, 2 people have reported such a scenario and in the same post.
Basically, when they come back to comment, their name and email address is there in the comments portion already. The only problem – the name and email address is not theirs.
In my case, you may want to take a look at my post. Take a look at the comments area. There is some discussion regarding this problem too. You can comment in that post regarding this problem to ask viv and milky more details, I don’t mind if the comments went out of topic.
In that post, milky actually saw viv’s email address and successful posted as viv (accidentally). viv got a chance to post as me (Mr. Dew) too.
viv’s email address got revealed to milky and the text “Mail (Will not be published)” meant little if his email address may be revealed to milky.
It is probable that SetCookie (not sure if this is the function name) register the wrong cookie to the wrong computer.
Once again, I don’t know if this is a WordPress or PHP or web host problem. I don’t even know how can this bug happen. I will be posting it to WordPress Mosquito later.
Any suggestions, work arounds or updates on this issue would be appreciated. Thanks.
OOH, were any of them running that awful google thing? And what version of wordpress are you running? I think the latest security updates to 1.5 addressed this issue . . . developers comment please?
I bet it’s related to the Google Web Accelerator. Were any of you using that?
I’m not sure, but I do not think they are running on that, I’ll ask to confirm though.
By the way, I am using 1.5.1 when this problem occured.
it could also be a misconfigured caching plugin.
I have wp 220.127.116.11 and have noticed this behaviour, as well as the odd occaision where it logs me out and then I can still get in by going back to an admin page. The following code is the reason for the automatic insertion of name/email within comments.php:
<input type=”text” name=”author” id=”author” value=”<?php echo $comment_author; ?>” size=”30″ tabindex=”1″ />
<label for=”author”>Name <?php if ($req) _e(‘(required)’); ?></label>
<input type=”text” name=”email” id=”email” value=”<?php echo $comment_author_email; ?>” size=”30″ tabindex=”2″ />
<label for=”email”>E-mail (<?php if ($req) _e(‘required, ‘); ?>never displayed)</label>
If you delete the php code within the values for name and email and uri, it will give a quick-fix-hack to the second problem. BUT I am quite concerned that I am not getting logged out correctly.
BTW, I’m not using any Google stuff…
Anyone else got a better fix to this/these issues?
Just updating my above post. It actually is logging me out when I select logout. BUT, when I navigate to a post page or any other page and then return to the main page by clicking on on the title it will indicate I have logged out and show the register / login link. Then when I click the login link it will magically show me as logged in again. Hmmm, mysterious…
I do not have those Google stuff. I remember of one occasion when I was not shown to be logged in when I actually am. Instead of seeing myself as logged in the comments field, I am actually returned with the usual comments text boxes and I have to fill in the particulars.
I do not have Google Accelerator, neither do viv (one of the person whose email got exposed). I doubt Milky (another person who encounter this) has Google Accelerator.
As for the caching plugin, I do not have the in my blog. The installed plugins are as follows:
- my little plugin to retrieve recent comments that should not be a problem
Any other suggestions? Thanks.
Yes, I get this exact problem too, with any template and no google acc.
1. login and navigate to your main page (front-end)
2. Click on any article title
3. Click on the title/header of the article page
4. You are now returned to the main page but it is displaying you as logged out even though you are not…
Must be a session or global getting destroyed somewhere; I don’t have time to investigate! Damn!
- The topic ‘Commentor’s email got revealed’ is closed to new replies.