Boliquan

Willin Kan大师的Ajax评论很多人都在使用，有助于提升访客评论体验。但是在那里看到它存在着一个可以任意修改评论的漏洞，我们很容易得到edit_id(评论ID)和comment_post_ID(文章ID)，然后就可以很轻易地发起一个POST任意修改评论，修复方法如下：

将comments-ajax.php中如下代码：

if( $edit_id ){
	$comment_id = $commentdata['comment_ID'] = $edit_id;
	wp_update_comment( $commentdata );
}else{
	$comment_id = wp_new_comment( $commentdata );
}

替换为：(发起的POST中email符合、IP符合、评论时间在半小时以内才可以修改)

function ihacklog_user_can_edit_comment($new_cmt_data,$comment_ID = 0){
	if(current_user_can('edit_comment', $comment_ID)){
		return true;
	}
	$comment = get_comment( $comment_ID );
	$old_timestamp = strtotime( $comment->comment_date );
	$new_timestamp = current_time('timestamp');
	$rs = $comment->comment_author_email === $new_cmt_data['comment_author_email'] && $comment->comment_author_IP === $_SERVER['REMOTE_ADDR'] && $new_timestamp - $old_timestamp < 1800;
	return $rs;
}
if( $edit_id ){
	$comment_id = $commentdata['comment_ID'] = $edit_id;
	if( ihacklog_user_can_edit_comment($commentdata,$comment_id) ){
		wp_update_comment( $commentdata );
	}
	else{
		err('You are not allowed to edit this comment!');
	}
}
else{
	$comment_id = wp_new_comment( $commentdata );
}

至于Willin Kan的Ajax评论使用教程请看这里：wordpress的Ajax评论使用方法