incompatibility with wp-wall plugin

It seems there are some problems with the wp-wall plugin available here: http://wordpress.org/extend/plugins/wp-wall/

see screen shot please: http://screencast.com/t/F33gpTmg

I am not using hte latest version of wp-wall since the author built-in a backlink without mentioning it in the change log…. using version 1.6 but I could upgrade to 1.7 and manually remove the link if that would work with the AVH plugin

  • Ovidiu
    • Code Wrangler

    thx, that would help a lot if you could check it on a test installation. this occurred on a users blog so I haven’t tried changing the theme yet but the wp-wall plugin was working as she already has comments on her wall, some I posted… inbetween the comment spam pack was updated..

  • DavidM
    • DEV MAN’s Mascot

    Hiya Ovidiu,

    I actually checked it out right away and encountered the same as in your illustration. In between other things was trying to nail down where the trouble was occurring but wasn’t able to find anything quickly enough. I’ll mention this to some other folks around here with a keener eye. :slight_smile:

    Cheers,

    David

  • Vladislav
    • Dead Eye Dev

    Hi,

    I have found the problem. The Wall plugin is generating the entire comment form itself, without including any of the required security fields (both v1.6 and v1.7). Thus, on form submit, all security checks fail.

    Unfortunately, once the Wall plugin passes the submitted comment on, there is no way to distinguish it from any of the regular comments, so I can’t reliably add a secure exception to our plugin.

    There is a workaround, but only if you’re a) allowing only registered users to comment, or b) if you’re NOT using “Peter’s Custom Anti-Spam” portion of the Comment Spam Pack. Also, it’s dirty and includes modifying one of the plugin files.

    However, if you’re interested and fulfill those requirements, you can try this. Open <path-to-your-WP-installation>/wp-content/plugins/wp-wall/wp-wall-ajax.php in a text editor, and place this line on line 2 (right after the opening <?php):

    define( ‘WP_ADMIN’, true );

    Make sure you haven’t removed anything (you should just be adding this one line) and save the file. After you reload the page, the Wall should work with the settings you specified for comments.

  • Vladislav
    • Dead Eye Dev

    Essentially, what Wall does is setting up a new AJAX entry point, instead of using the standard WP entry point and setting up AJAX handlers with wp_ajax*/wp_ajax_nopriv*. User and privilege checks are being done by the Wall. The hack just augments this behavior by declaring the Wall AJAX entry point as admin area, which bypasses the nonce checks performed by the AVH plugin.

    I did say it’s ugly :slight_smile:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.