Doesn't block post requests from bots if mc-value parameter is missing | ww.wp.xz.cn

bjoerne
(@bjoerne)

10 years, 11 months ago
After I activated the plugin I still got annoying spam comments on my blog. After digging into the code I found that if the mc-value parameter is not contained in the post request there is no validation and the comment can be posted without any barrier.
```
public function add_comment_with_captcha($comment)
	{
		if(isset($_POST['mc-value']) && (!is_admin() || DOING_AJAX) && ($comment['comment_type'] === '' || $comment['comment_type'] === 'comment'))
		{
                    ...
		}
		else
			return $comment;
	}
```
Is there any reason for that? Why can’t the else be like
```
wp_die($this->error_messages['fill']);
```
instead of returning $comment.

https://ww.wp.xz.cn/plugins/wp-math-captcha/

The topic ‘Doesn't block post requests from bots if mc-value parameter is missing’ is closed to new replies.

0 replies
1 participant
Last reply from: bjoerne
Last activity: 10 years, 11 months ago
Status: not resolved