[wp-xmlrpc] possible bug: deleteComment, etc say you're not authorized when comment doesn't exist

Alexander Concha alex at buayacorp.com
Wed Jul 13 17:12:54 UTC 2011


On Wed, Jul 13, 2011 at 6:55 PM, Alexander Concha <alex at buayacorp.com> wrote:
>>> On Wed, Jul 13, 2011 at 5:17 PM, Ryan B <wp-xmlrpc at ryanb.org> wrote:
>>>> hi wp-xmlrpc! i noticed an odd behavior today with a few methods like
>>>> deleteComment and editComment. if you give them a nonexistent comment
>>>> id, they say "you're not allowed to moderate this comment," even when
>>>> you are allowed. it seems like they should say the comment doesn't
>>>> exist. this seems like a bug, since deletePage, etc do tell you that
>>>> the page doesn't exist.
>>>>
>>>> can you all confirm? if so, i'll gladly send the patch, it's pretty
>>>> trivial. thanks!
>>>
>>> Yes, the condition "if ( ! get_comment($comment_ID) )" should be done first.
>>
>>
>> Correct.  Anyone filed a ticket on this yet?
>
> Apparently not. I will do it.

Done.

http://core.trac.wordpress.org/ticket/18104

I am not sure if the first patch cover all the cases.
-- 
Alexander Concha
http://www.buayacorp.com


More information about the wp-xmlrpc mailing list