Opened 9 years ago

Closed 9 years ago

## #1614 closed defect (fixed)

Reported by: Owned by: stava@… athomas normal AddCommentMacro normal 0.10

### Description

We're using the AddComment macro in appendonly mode at LinAdd.org and we've noticed a surge in spam comments, so we turned off the appendonly option, thus (as we thought) requiring a user to be logged in to be able to post a comment. However, the following URL will post a comment regardless:

http://domain.tld/wiki/WikiStart?authoraddcomment=ErnestH&submitaddcomment=Add&previewaddcomment=Preview&canceladdcomment=Cancel&addcomment=TheActualComment


Other than that, thanks for a great macro! /Lars Stavholm

References #1614

### comment:2 Changed 9 years ago by osimons

• Resolution set to fixed
• Status changed from new to closed

The [2818] changeset adds the regular form_token to the form, making it a bit harder to automate spam entry and similar.

The fix is working for 0.11, but I don't expect that it will be fixed for older versions now.

Closing.