Skip to:

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#2389 closed defect (bug) (fixed)

users can edit their published posts via backend editing (even after editing should not be possible any more), make them sticky if they want, change published date etc.

Reported by: quan_flo Owned by: johnjamesjacoby
Milestone: 2.4 Priority: highest omg sweet tea
Severity: blocker Version: 2.3.2
Component: API - Roles/Capabilities Keywords:
Cc: stephen@…


Attachments (2)

1[1] (2.8 KB) - added by alex-ye 8 years ago.
2389.patch (2.8 KB) - added by alex-ye 8 years ago.

Download all attachments as: .zip

Change History (11)

#1 @alex-ye
8 years ago

404 error, The link is invaild :(

#2 @netweb
8 years ago

  • Cc stephen@… added

The link works for me, you can also see the post as a 'sticky' at the top of the forums

#3 @alex-ye
8 years ago

Thanks @netweb I see it now.. and It's really cool :D
I will try to make a fix patch..

#4 @alex-ye
8 years ago

hmmm.. I guess it's a security bug, is it safe to publish it here?! or even in the support forums ?!

8 years ago


8 years ago


#5 @alex-ye
8 years ago

@quan_flo, Can you test the patch above 2389.patch ?

In also I think it's a WordPress bug, becuase they should
check the post type show_ui argument or something like that.

#6 @johnjamesjacoby
8 years ago

  • Milestone changed from Awaiting Review to 2.4

#7 @johnjamesjacoby
8 years ago

  • Owner set to johnjamesjacoby
  • Resolution set to fixed
  • Status changed from new to closed

In 5079:

Do not allow forum/topic/reply author to edit their own replies via wp-admin. Fixes #2389.

#8 @quan_flo
8 years ago

Aah nice! Sorry for my late reply, I did not get any notices from trac (yes, my email address is set up in the trac preferences).

I'll try to test this soon and give feedback, if the test failed.

Thank you for your quick reaction!

#9 @quan_flo
8 years ago

test done.. works for me - thanks!

Note: See TracTickets for help on using tickets.