[wp-trac] [WordPress Trac] #11810: Some users able to comment on unpublished posts
WordPress Trac
wp-trac at lists.automattic.com
Thu Jan 7 18:08:26 UTC 2010
#11810: Some users able to comment on unpublished posts
--------------------------+-------------------------------------------------
Reporter: ericmann | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9.2
Component: Comments | Version: 2.9.1
Severity: normal | Keywords: has-patch needs-testing
--------------------------+-------------------------------------------------
Comment(by ericmann):
Replying to [comment:8 filosofo]:
> Patch attached, but not using current_user_can() check, because it
returns false for non-logged-in users.
>
> Since we don't allow comments on "pending" despite capability, there's
no reason to allow them on "future," right?
So your patch keeps a not-logged-in user from creating comments for all
the different kinds of posts, but rather than supply a useful error, it
just dumps some to a blank page. For example, if you try posting a
comment to a password protected or future post, you are dumped to a blank
page with no branding, no content, and no explanation as to why.
It also doesn't prevent users from posting to other posts (which wasn't
addressed in the original ticket). But I can comment on post ID 130 from
post ID 1 if both posts are published, public, and open to comments.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11810#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list