[wp-trac] [WordPress Trac] #11810: Some users able to comment on unpublished posts
WordPress Trac
wp-trac at lists.automattic.com
Thu Jan 7 17:56:22 UTC 2010
#11810: Some users able to comment on unpublished posts
--------------------------+-------------------------------------------------
Reporter: ericmann | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9.2
Component: Comments | Version: 2.9.1
Severity: normal | Keywords: has-patch needs-testing
--------------------------+-------------------------------------------------
Comment(by nacin):
Replying to [comment:8 filosofo]:
> Patch attached, but not using current_user_can() check, because it
returns false for non-logged-in users.
True, but we still need to cover our bases for a private post.
> Since we don't allow comments on "pending" despite capability, there's
no reason to allow them on "future," right?
Hypothetically, pending status is a type of draft status, while future is
a form of a published post. I don't think there are other restrictions (in
wp-comments-post, admin-ajax, the comments template, etc.) on commenting
on a future post just as long as they have capabilities to see the post.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11810#comment:10>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list