Skip to:
Content

bbPress.org

Opened 7 years ago

Closed 7 years ago

Last modified 13 months ago

#3164 closed defect (bug) (fixed)

Editing after time limit via direct URL

Reported by: clorith's profile Clorith Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: 2.6 Priority: normal
Severity: major Version: 2.5.14
Component: API - Roles/Capabilities Keywords: has-patch
Cc:

Description

If you access the edit screen for a post or topic by appending /edit to the URL you can make changes to your own post/topic after the time limit defined in wp-admin has passed.

The time limit appears to only hide the edit link from the hover-menu.

Attachments (1)

3164.patch (2.0 KB) - added by SergeyBiryukov 7 years ago.

Download all attachments as: .zip

Change History (6)

@SergeyBiryukov
7 years ago

#1 @SergeyBiryukov
7 years ago

  • Keywords has-patch added

#2 @SergeyBiryukov
7 years ago

  • Milestone changed from Awaiting Review to 2.6

#3 @johnjamesjacoby
7 years ago

  • Component changed from General to API - Roles/Capabilities
  • Owner set to johnjamesjacoby

Good catch. Thanks @SergeyBiryukov for the patch. I'm going to take a slightly different approach (we can bump up the moderator capability check to avoid duplicating it.)

#4 @johnjamesjacoby
7 years ago

  • Resolution set to fixed
  • Status changed from new to closed

In 6713:

Capabilities: prevent edits when past the edit-lock time.

This change increases the priority of the moderator check, so that moderators are not subjected to edit-lock restrictions, and maps to do_not_allow for topic/reply authors who normally can edit but are now beyond the allotted time period.

Fixes #3164. Props SergeyBiryukov.

#5 @johnjamesjacoby
5 years ago

Related: #3252.

Last edited 5 years ago by johnjamesjacoby (previous) (diff)
Note: See TracTickets for help on using tickets.