7 messages in com.googlegroups.bloggerdevRe: Posting comments via API - Anyone...| From | Sent On | Attachments |
|---|---|---|
| Info | 07 Nov 2007 11:25 | |
| Jeff Scudder | 09 Nov 2007 14:36 | |
| Info | 14 Nov 2007 14:53 | |
| Jeff Scudder | 15 Nov 2007 10:40 | |
| Info | 21 Nov 2007 06:54 | |
| Jeff Scudder | 26 Nov 2007 09:34 | |
| Jeff Scudder | 08 Jan 2008 10:31 |
| Subject: | Re: Posting comments via API - Anyone see an issue with this... |
|---|---|
| From: | Info (i....@cfcausa.org) |
| Date: | 11/21/2007 06:54:18 AM |
| List: | com.googlegroups.bloggerdev |
Hi Jeff -
Any progress on this issue?
Thanks -
Rob
On Nov 15, 12:40 pm, Jeff Scudder <j....@google.com> wrote:
On Nov 14, 2:54 pm, Info <i....@cfcausa.org> wrote:
On Nov 9, 4:36 pm, Jeff Scudder <j....@google.com> wrote:
On Nov 7, 11:26 am, Info <i....@cfcausa.org> wrote:
I'm using the .NET API.
Using the following code, I can add a comment to any blogs post and the comment will automatically appear, even if the blog has comment moderation turned on. Should this be allowed to happen?
All I need to know is the blogid, postid, blogname and have a valid username and password. It can be any username / password not the username/password for the blog.
AtomEntry rAtomEntryComment = new AtomEntry(); rAtomEntryComment.Title.Text = sTitle; rAtomEntryComment.Content.Content = sContent; rAtomEntryComment.Authors.Add(new AtomPerson()); rAtomEntryComment.Authors[0].Name = sAuthor; Uri rUri = new Uri(@"http://www.blogger.com/feeds/" + sBlogID + @"/" + sPostID + @"/comments/default");
Service rService = new Service("blogger", sBlogName);
rService.Credentials = new GDataCredentials(sUserName,sPassword); AtomEntry rAtomEntryInserted = rService.Insert(rUri, rAtomEntryComment);
Thanks -
Yes, you are able to comment on a blog with your account as long as the blog's comment settings allow you to. If you set the permissions for target blog to "only members can comment" then you should see a 401 response when you try to post a comment from a non-member account. The API works quite a bit like the UI :)
Happy coding,
Jeff- Hide quoted text -
- Show quoted text -
Hi Jeff -
Thanks for the response. I'm not sure i'm explaining myself well though.
Using the code sample I provided I can post a comment to any existing blog and the comment will automatically appear even if the blog has comment moderation turned on. This works unless the blog has the option 'Only Members of this blog set' selected.
For example; 1. Get a friends blog id and post id 2. Have the friend turn comment moderation on. 3. Using the .NET API use your credentials to post a comment to your friends blog post. The comment will automatically appear, your friend will not get to moderate the comment before it is posted.
Should this work this way? It appears someone could maliciously post comments to almost anyones blog and the blog owner could not moderate the comment before it appears.
Thanks-
Ah I see, thank you for clarifying. This does seem like an issue so we will look into it.
Thanks again,
Jeff- Hide quoted text -
- Show quoted text -