Moderation

Well, I adjusted some of the plugin code over the weekend. The comments’ data (name, e-mail, url, content) isn’t stored in the database anymore but embedded in the CAPTCHA form as a collection of hidden fields. As I don’t want to store the data clientside (cookies and the likes) this seems to be the best way out. The comment is saved only if the CAPTCHA test was succesfully completed.

A particular issue I face are special characters like backslashes, quotes,… things you might encounter in URL’s and such. Luckily, WordPress is quite flexible as it takes this into account during the process of saving a comment in the database. The issue I have to focus on is not breaking the HTML CAPTCHA form itself. This will probably need some extensive testing.

The new version is already protecting this blog against comment spam. If everything goes well, the moderation queue should stay empty of unprocessable spam. In fact, it changes the usage of the queue entirely: instead of an indispensable tool, it becomes an optional means to teach Mollom if a message contains spam, profanity,… You don’t need to use it, but it allows you to correct Mollom in those few cases that may slip through.

Next up: implement functionality against trackback spam. I hope to get that part finished near the end of next week so I can put out a new betaversion of the plugin.

Today, I had an e-mail discussion with Dries and Benjamin over the use of a moderation queue within the context Mollom provides. I have on implemented in my plugin. The idea is that ‘unsure’ comments that don’t get through the CAPTCHA test, land in a moderation queue… sort of.

Mollom was actually designed to get rid of the queue. Checking if a commenter is human or a spambot happens through the CAPTCHA test. Early on in the process of posting a comment. That makes a queue where an administrator has to do the check after the facts quite unnecessary.

The problem is that the way I designed the plugin forced me use a moderation queue altogether. ‘Unsure’ labelled comments happen to land in the database, before the CAPTCHA check. Two months ago, that seemed the logical way out to me. Dries gave me some more insight in the workings of the Drupal module and was able to convince me to seperate the CAPTCHA check from the moderation queue. (I am not nearly into Drupal as I am into the workings of WordPress!)

So. It’s a bit back to the drawingboard for me as this means some parts of the plugin need to be reviewed.