科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>comments - Remove link preview in discussion dashboard

    comments - Remove link preview in discussion dashboard

    programmeradmin0浏览0评论

    It can be sometimes bothersome when, in the Discussion (Comments) dashboard, where the admin can see a list of comments, moving the mouse over a link will cause a preview of that link. Sometimes the preview gets in the way of looking at the comment. This is especially true with spam comments.

    And I am also concerned that a link to a page/site that had some 'bad' code would cause a compromise of my site.

    Is there a way to disable this 'feature'? Not sure where it is coming from.

    It can be sometimes bothersome when, in the Discussion (Comments) dashboard, where the admin can see a list of comments, moving the mouse over a link will cause a preview of that link. Sometimes the preview gets in the way of looking at the comment. This is especially true with spam comments.

    And I am also concerned that a link to a page/site that had some 'bad' code would cause a compromise of my site.

    Is there a way to disable this 'feature'? Not sure where it is coming from.

    • comments
    • links
    Share Improve this question asked Jul 2, 2018 at 21:12 Rick HellewellRick Hellewell 7,1312 gold badges22 silver badges41 bronze badges 5
    • Are you sure this isn't either a browser feature or coming via a plugin? I can't reproduce this on a fresh install. – kero Commented Jul 2, 2018 at 22:34
    • The site is using the TwentyTen theme. On the Comments (in admin) screen, hovering over a link causes a window to pop up, with the "W" logo while the preview is being loaded. My first thought is that it is theme-related, but didn't think that themes would affect the Comments admin page. And, as usual, it could be a plugin. So (apparently) there is a hook that can be used to enable the preview. – Rick Hellewell Commented Jul 2, 2018 at 23:44
    • I'm really surprised there's no answer and that this is hard to find via Google. If you have any spam, you at least give them a signal to keep deluging you by visiting their links in whatever form. – user68816 Commented May 26, 2019 at 12:29
    • It does seem to be a core WordPress thing. Having a really hard time finding anything about it, though. Closest so far: en.forums.wordpress/topic/… – user68816 Commented May 26, 2019 at 13:05
    • See my answer; I decided to look into this. And am concerned about this apparent vulnerability that Akismet is introducing. – Rick Hellewell Commented May 26, 2019 at 21:47
    Add a comment  | 

    3 Answers 3

    Reset to default 3

    Since version 4.1.6, Akismet has a filter which allows you to disable these "mShots" (the site preview popups):

    <?php
function disable_akismet_mshots( $value ) {
    return false;
}
add_filter( 'akismet_enable_mshots', 'disable_akismet_mshots' );

    This annoying thing is introduced by Akismet.

    in wp_content/plugins/akismet/_inc/akismet.js line 89 (akismet 4.1.2) insert a "return;" just after 

    86: // Show a preview image of the hovered URL. Applies to author URLs and URLs inside the comments.
87: $( '#the-comment-list' ).on( 'mouseover', mshotEnabledLinkSelector, function () {
88:     clearTimeout( mshotRemovalTimer ); 
89: return;

    This is still happening in WP5.2.1. You can verify it by looking at your spam messages (via the Admin, Comments screen) and hovering over a link. When you do wo, a box will pop up with the content of that link.

    Using the Inspector, I found the HREF code on the link in the spam comment is similar to this (I obfuscated the domain but left the rest) (and not sure how to wrap the code block below)

        <a href="http://Www.example/__media__/js/netsoltrademark.php?d=malyj.info%2F__media__%2Fjs%example.php%3Fd%3D3win8.city%2Findex.php%2Fdownload%2F29-ntc33"
     target="_blank" rel="external nofollow">
http://Www.example/__media__/js/netsoltrademark.php?d=malyj.info%2F__media__%2Fjs%2Fexample.php%3Fd%3D3win8.city%2Findex.php%2Fdownload%2F29-ntc33</a>

    And the CSS for the :after element, which comes from Akismet (which is why you only see it on Akismet-caught spam, using the latest version of Akismet), in akismet.css line 42:

    tablements tdment p a::after {

    content: attr(href);
    color: #aaa;
    display: inline-block;
    padding: 0 1ex;

}

    So the content element of the CSS is displaying the content in the link. And note that the example link above is a php file. Which is concerning....since clicking on the link appears to call some 'download' process. (I have not looked into the code of the link, nor clicked on it.)

    ....but not as concerning as if the example block was some JS. And more concerning if the JS is trying to do some exploit on your computer - which I don't think would require a click, just a hover to execute. YIKES!

    So, the cause seems to be the CSS that Akismet is using is displaying the links' content.

    And that doesn't look very safe. Akismet should not be using the content element in the :after CSS block.

    ** ADDED 4 Jan 2020 **

    The answer above (marked as correct) is the solution to the problem. But it should not be necessary to 'filter' that action. That preview should be off by default in the Akismet code. Having that feature on by default is a security risk, IMHO.

    (Marked correct answer https://wordpress.stackexchange/a/380836/29416 )

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论