Malformed URL bypassing moderation?
When spammers post a comment with a URL that starts with http://%/, it seems to confuse and/or crash the comment-handling code enough that it bypasses the content blacklisting and even the selected requirement that a comment author have a previously approved comment. These spam comments just get automatically approved. Is that field not escaped properly before being checked? Or am I missing something?
- The topic ‘Malformed URL bypassing moderation?’ is closed to new replies.