Ticket #87 (closed defect: fixed)

Opened 5 years ago

Last modified 3 years ago

Recent[ly]Comment[ed|s] actions should check for permission

Reported by: dartar Owned by: DarTar
Priority: normal Milestone: 1.1.6.2
Component: actions Version: 1.1.6.1
Severity: normal Keywords:
Cc:

Description (last modified by DarTar) (diff)

(reported by JsnX - patch submitted by NickDamoulakis)

Comments are being previewed even if users do not have access. A simple check needs to be added. -- JsnX 

if ($this->HasAccess("comment"))

Related tickets #180 #136

Attachments

recentcomments.php Download (1.4 KB) - added by dartar 5 years ago.
replacement for recentcomments.php by NickDamoulakis
recentlycommented.php Download (1.7 KB) - added by dartar 5 years ago.
replacement for recentlycommented.php by NickDamoulakis

Change History

Changed 5 years ago by dartar

replacement for recentcomments.php by NickDamoulakis

Changed 5 years ago by dartar

replacement for recentlycommented.php by NickDamoulakis

Changed 4 years ago by DarTar

  • owner changed from unassigned to DarTar
  • status changed from new to assigned

Changed 4 years ago by DarTar

Actually the check has to be made on the page's read ACL, not on the permission to write comments.

Changed 4 years ago by DarTar

  • status changed from assigned to closed
  • resolution set to fixed

Fixedin [77]

Changed 4 years ago by DarTar

  • description modified (diff)

Changed 3 years ago by JavaWoman

  • status changed from reopened to closed
  • resolution set to fixed

seems to have been reopened by spam removal; closing again.

Note: See TracTickets for help on using tickets.