From 1b3ce357bb13d6287c36f881b11be983a0dd5b76 Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Mon, 15 Nov 2004 06:20:28 +0000 Subject: [PATCH] Refuse comments for post IDs that do not exist. git-svn-id: https://develop.svn.wordpress.org/trunk@1854 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-comments-post.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/wp-comments-post.php b/wp-comments-post.php index f6a2247616..5c4fc24101 100644 --- a/wp-comments-post.php +++ b/wp-comments-post.php @@ -35,8 +35,15 @@ $comment = trim($_POST['comment']); $comment_post_ID = intval($_POST['comment_post_ID']); $user_ip = $_SERVER['REMOTE_ADDR']; -if ( 'closed' == $wpdb->get_var("SELECT comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'") ) +$post_status = $wpdb->get_var("SELECT comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'"); + +if ( empty($post_status) ) { + // Post does not exist. Someone is trolling. Die silently. + // (Perhaps offer pluggable rebukes? Long delays, etc.) + die(); +} else if ( 'closed' == $post_status ) { die( __('Sorry, comments are closed for this item.') ); +} if ( get_settings('require_name_email') && ('' == $email || '' == $author) ) die( __('Error: please fill the required fields (name, email).') );