Skip to:

Opened 4 years ago

Closed 4 years ago

Last modified 2 years ago

#3164 closed defect (bug) (fixed)

Editing after time limit via direct URL

Reported by: Clorith Owned by: johnjamesjacoby
Milestone: 2.6 Priority: normal
Severity: major Version: 2.5.14
Component: API - Roles/Capabilities Keywords: has-patch


If you access the edit screen for a post or topic by appending /edit to the URL you can make changes to your own post/topic after the time limit defined in wp-admin has passed.

The time limit appears to only hide the edit link from the hover-menu.

Attachments (1)

3164.patch (2.0 KB) - added by SergeyBiryukov 4 years ago.

Download all attachments as: .zip

Change History (6)

4 years ago

#1 @SergeyBiryukov
4 years ago

  • Keywords has-patch added

#2 @SergeyBiryukov
4 years ago

  • Milestone changed from Awaiting Review to 2.6

#3 @johnjamesjacoby
4 years ago

  • Component changed from General to API - Roles/Capabilities
  • Owner set to johnjamesjacoby

Good catch. Thanks @SergeyBiryukov for the patch. I'm going to take a slightly different approach (we can bump up the moderator capability check to avoid duplicating it.)

#4 @johnjamesjacoby
4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

In 6713:

Capabilities: prevent edits when past the edit-lock time.

This change increases the priority of the moderator check, so that moderators are not subjected to edit-lock restrictions, and maps to do_not_allow for topic/reply authors who normally can edit but are now beyond the allotted time period.

Fixes #3164. Props SergeyBiryukov.

#5 @johnjamesjacoby
2 years ago

Related: #3252.

Last edited 2 years ago by johnjamesjacoby (previous) (diff)
Note: See TracTickets for help on using tickets.