[wp-trac] [WordPress Trac] #11810: Some users able to comment on unpublished posts
WordPress Trac
wp-trac at lists.automattic.com
Thu Jan 7 18:19:02 UTC 2010
#11810: Some users able to comment on unpublished posts
--------------------------+-------------------------------------------------
Reporter: ericmann | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9.2
Component: Comments | Version: 2.9.1
Severity: normal | Keywords: has-patch needs-testing
--------------------------+-------------------------------------------------
Comment(by ericmann):
Replying to [comment:13 filosofo]:
> Replying to [comment:11 ericmann]:
> > So your patch keeps a not-logged-in user from creating comments for
all the different kinds of posts
>
> No. Why do you say that?
I meant it worked for the different kinds of posts we're working on. Not-
logged-in users cannot comment on private, password protected, draft, or
future posts. This is what we want.
>
> > For example, if you try posting a comment to a password protected or
future post, you are dumped to a blank page with no branding, no content,
and no explanation as to why.
>
> That's current behavior for commenting on drafts, pending, or trashed
posts.
But is that the behavior we want?
>
> > It also doesn't prevent users from posting to other posts (which
wasn't addressed in the original ticket). But I can comment on post ID
130 from post ID 1 if both posts are published, public, and open to
comments.
>
> I don't see why that's a bug, except perhaps in HTTP itself.
It's not exactly a bug, but could be a problem. Logically, you should
only be able to comment on the post you're on ... not any post you want by
changing the post ID.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11810#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list