As outlined here: http://www.joegrossberg.com/archives/001178.html , any person (or spambot) can post to the mt-comments.cgi page of an entry that's in "Draft" status.

Not only can they post their comment, but this forcibly publishes the individual archive for the entry.

This is particularly likely if the website uses MT's normal system of assigning IDs to posts.

Has anyone discussed this previously? A search of these forums didn't turn anything up.

Joe
http://www.joegrossberg.com

Some people see this as a "feature".

girlie:

I can't tell if you're being 100% sarcastic or just 50%, so I'll bite ...

How is this possibly a feature (in the non-ironic sense)? If it's "draft", that means you don't want it published, no?

click on girlie's link for the explanation

Thanks, charles.

I still think it's a bug, and there would be more elegant ways for Brad to accomplish that.

At the very least, mt.cfg should have an option for "Allow Users to Comment on Draft Posts?" (defaulted to "no", since 99% of MT users wouldn't want this behavior enabled on their posts).

There is something you can do to eliminate the problem for the time being:

Set the Allow Comments option on the Draft post to "NONE" or "CLOSED".

Wrap the comment form in your Comments Listing Template in <MTEntryIfCommentsOpen> and </MTEntryIfCommentsOpen> tags.

Even if someone accesses the entry via ID number, there will be no form for them to use to post comments.