[Bb-trac] [bbPress] #877: ajaxPostDelete should not refer to user
by name but by number (or no author at all)
bbPress
bb-trac at lists.bbpress.org
Mon May 5 15:12:06 GMT 2008
#877: ajaxPostDelete should not refer to user by name but by number (or no author
at all)
----------------------+-----------------------------------------------------
Reporter: _ck_ | Owner:
Type: defect | Status: new
Priority: normal | Milestone: 1.0-beta & XML-RPC
Component: Back-end | Version:
Severity: normal | Keywords:
----------------------+-----------------------------------------------------
The javascript ajaxPostDelete function added by the delete link function
in `template-functions.php` uses the post author's actual username. That
should not be done that way as it can contain special characters and be
affected by get_post_author.
Instead it should directly refer to the post author's user id which will
always be a simple numeric (and can never change for the same post
anyway).
But I am uncertain why in the first place the post author has to be stored
and then passed since the post author can be referenced by looking up the
post on the back-end anyway, and the user doing the deleting has to be
authenticated to perform the action also. Why is it even there? The ajax
functions to hide the deleted post don't need it, just the post id to
hide. Very strange approach.
--
Ticket URL: <http://trac.bbpress.org/ticket/877>
bbPress <http://bbpress.org/>
Innovative forum development
More information about the Bb-trac
mailing list