[buddypress-trac] [BuddyPress] #3640: Non-admins can't edit their own forum posts

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Mon Oct 3 13:19:09 UTC 2011


#3640: Non-admins can't edit their own forum posts
-----------------------+--------------------
 Reporter:  Sadr       |       Owner:
     Type:  defect     |      Status:  new
 Priority:  normal     |   Milestone:  1.5.1
Component:  Forums     |     Version:  1.5
 Severity:  normal     |  Resolution:
 Keywords:  has-patch  |
-----------------------+--------------------
Changes (by boonebgorges):

 * keywords:   => has-patch


Comment:

 3640.01.patch removes the bp_group_is_member() check that was keeping non-
 group-members from editing their own posts. I've run some tests to make
 sure that this doesn't cause any other security problems, but it looks
 clean (both in my tests, and in my understanding of how the screen
 function is added). Essentially, the screen function is never hooked if
 it's not your topic, so you get a 404 if you try to visit the Edit page
 directly and you shouldn't be able to visit it. So, in essence, this
 bp_group_is_member() check does nothing.

 Would like a second opinion/sanity check on this.

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/3640#comment:8>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list