[buddypress-trac] [BuddyPress] #3640: Non-admins can't edit their own forum posts

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Mon Oct 3 13:19:09 UTC 2011

#3640: Non-admins can't edit their own forum posts
 Reporter:  Sadr       |       Owner:
     Type:  defect     |      Status:  new
 Priority:  normal     |   Milestone:  1.5.1
Component:  Forums     |     Version:  1.5
 Severity:  normal     |  Resolution:
 Keywords:  has-patch  |
Changes (by boonebgorges):

 * keywords:   => has-patch


 3640.01.patch removes the bp_group_is_member() check that was keeping non-
 group-members from editing their own posts. I've run some tests to make
 sure that this doesn't cause any other security problems, but it looks
 clean (both in my tests, and in my understanding of how the screen
 function is added). Essentially, the screen function is never hooked if
 it's not your topic, so you get a 404 if you try to visit the Edit page
 directly and you shouldn't be able to visit it. So, in essence, this
 bp_group_is_member() check does nothing.

 Would like a second opinion/sanity check on this.

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/3640#comment:8>
BuddyPress <http://buddypress.org/>

More information about the buddypress-trac mailing list