Skip to:
Content

#3164 closed defect (fixed)

Editing after time limit via direct URL

Reported by: Clorith Owned by: johnjamesjacoby
Milestone: 2.6 Priority: normal
Severity: major Version: 2.5.14
Component: API - Roles/Capabilities Keywords: has-patch
Cc:

Description

If you access the edit screen for a post or topic by appending /edit to the URL you can make changes to your own post/topic after the time limit defined in wp-admin has passed.

The time limit appears to only hide the edit link from the hover-menu.

Attachments (1)

3164.patch (2.0 KB) - added by SergeyBiryukov 18 months ago.

Download all attachments as: .zip

Change History (5)

#1 @SergeyBiryukov
18 months ago

  • Keywords has-patch added

#2 @SergeyBiryukov
18 months ago

  • Milestone changed from Awaiting Review to 2.6

#3 @johnjamesjacoby
18 months ago

  • Component changed from General to API - Roles/Capabilities
  • Owner set to johnjamesjacoby

Good catch. Thanks @SergeyBiryukov for the patch. I'm going to take a slightly different approach (we can bump up the moderator capability check to avoid duplicating it.)

#4 @johnjamesjacoby
18 months ago

  • Resolution set to fixed
  • Status changed from new to closed

In 6713:

Capabilities: prevent edits when past the edit-lock time.

This change increases the priority of the moderator check, so that moderators are not subjected to edit-lock restrictions, and maps to do_not_allow for topic/reply authors who normally can edit but are now beyond the allotted time period.

Fixes #3164. Props SergeyBiryukov.

Note: See TracTickets for help on using tickets.