Disabled Akismet, comments held for moderation.

Posted on September 25, 2007 by Chris

I have made the decision to disable Akismet, after reading some hype about the new WordPress 2.3′s plugin version check API, which turned out to be negative but reveals something interesting with regards to Akismet. The following code is taken from the official Akismet plugin for Wordpres.

        $ignore = array( 'HTTP_COOKIE' );

        foreach ( $_SERVER as $key => $value )
                if ( !in_array( $key, $ignore ) )
                        $comment["$key"] = $value;

        $query_string = '';
        foreach ( $comment as $key => $data )
                $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';

        $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);

The bit that worries me is the use of $_SERVER, the only item from this array not sent is HTTP_COOKIE, fair enough. But why do you need to know the full paths to the files on my server and other server environment variables Akismet? I do not have a problem with sending data to Akismet, just not this data!

Source

About Chris

Twenty-something year old computer science graduate living in the West Midlands, working as a PHP software developer for a local company.
This entry was posted in Security, Site, Web, WordPress. Bookmark the permalink.

One Response to Disabled Akismet, comments held for moderation.

  1. Pingback: Chris’ Blog » Blog Archive » Akismet Sanitised

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>