Skip to:
Content

bbPress.org

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#1869 closed defect (fixed)

Editing another user's post hijacks the post

Reported by: Sadr Owned by:
Milestone: 2.1 Priority: high
Severity: normal Version: 2.0
Component: Extend - Akismet Keywords: needs-patch
Cc: Sadr

Description

When I edit a user's post, be it a top post or reply, I hijack the thread, becoming the author of the post.

This is happening on a 20k thread forum migrated from BuddyPress forums to bbPress 2 RC3.

Change History (8)

#1 @johnjamesjacoby
9 years ago

  • Keywords reporter-feedback added
  • Milestone changed from Awaiting Review to 2.1

admin-side, or theme-side?

#2 @Sadr
9 years ago

  • Cc Sadr added

Theme/front-end side.

#3 @Sadr
9 years ago

I did a fresh install, made some topics in a BuddyPress forum, converted those to a bbPress 2 forum and tried editing a separate user's posts, but they weren't hijacked. Seems it's something specific to the forum on jmonkeyengine.org. I'll try investigate further, but I don't really know where to go from here.

#4 @Sadr
9 years ago

  • Component changed from Topics to Anonymous Posting

I forgot to actually test the admin-side, so now I did and here's another finding:
If I edit a post from the admin side, the post is not hijacked. However, I can still see the original poster's IP address being changed to mine upon saving my changes.

(...) Okay, found it. It's Akismet. If I disable Akismet, the bug disappears. I tried on a fresh install, and the same bug appears.

To reproduce:
Have the latest bbPress 2.1 (RC3) and Akisment installed and activated. As admin, edit any other user's post. The author of the post is now the admin.

#5 @johnjamesjacoby
9 years ago

  • Component changed from Anonymous Posting to Akismet
  • Keywords needs-patch added; reporter-feedback removed

Confirmed. Working on a fix.

#6 @johnjamesjacoby
9 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [4042]) Akismet:

  • Pass additional post information on topic/reply edit, to prevent Akismet from nooping it.
  • Revert part of r4041; put actions back before bbp_is_error() calls.
  • Replace some missing revision numbers.
  • Fixes #1869.

#7 follow-up: @johnjamesjacoby
9 years ago

Working on a fix for poster IP next.

#8 in reply to: ↑ 7 @johnjamesjacoby
9 years ago

Replying to johnjamesjacoby:

Working on a fix for poster IP next.

Not able to duplicate the post author IP changing. Either was fixed as a by-product of r4042, or it's unrelated to Akismet.

Note: See TracTickets for help on using tickets.