[buddypress-trac] [BuddyPress] #3640: Non-admins can't edit their own forum posts
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Mon Oct 3 13:19:09 UTC 2011
#3640: Non-admins can't edit their own forum posts
-----------------------+--------------------
Reporter: Sadr | Owner:
Type: defect | Status: new
Priority: normal | Milestone: 1.5.1
Component: Forums | Version: 1.5
Severity: normal | Resolution:
Keywords: has-patch |
-----------------------+--------------------
Changes (by boonebgorges):
* keywords: => has-patch
Comment:
3640.01.patch removes the bp_group_is_member() check that was keeping non-
group-members from editing their own posts. I've run some tests to make
sure that this doesn't cause any other security problems, but it looks
clean (both in my tests, and in my understanding of how the screen
function is added). Essentially, the screen function is never hooked if
it's not your topic, so you get a 404 if you try to visit the Edit page
directly and you shouldn't be able to visit it. So, in essence, this
bp_group_is_member() check does nothing.
Would like a second opinion/sanity check on this.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/3640#comment:8>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list