WordPress.org

Make WordPress Core

Opened 11 years ago

Closed 10 years ago

Last modified 5 years ago

#11893 closed feature request (wontfix)

Comment author should be able to edit his comments for a half hour

Reported by: Denis-de-Bernardy Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.9.1
Component: Comments Keywords: needs-patch
Focuses: Cc:

Description

It's a shame that, in 2010, WP still doesn't allow (even on wp.com) to edit one's comment for a half hour/an hour after writing it, in order to fix a typo.

Change History (8)

#1 @scribu
11 years ago

  • Milestone changed from 3.0 to Future Release
  • Type changed from enhancement to feature request

I agree.

However, it's not a trivial task. Moving to Future Release until a patch is submitted.

Since we don't have a special template for editing... anything, here's how I think it could be done:

Have a special query_var that would populate the comment area with the desired comment to edit.

Example:

  1. You have a post http://example.com/2010/01/my-post
  1. A user posts a comment that gets the id 123.
  1. He finds a typo and clicks on the "edit comment" link
  1. He is sent to http://example.com/2010/01/my-post?edit_comment=123
  1. On this page, the form is prefilled with the comment content.
  1. The user edits the comment and clicks submit, as usual.

#3 @miqrogroove
11 years ago

I assume you mean for registered users only?

#4 @scribu
11 years ago

I assumed he meant for anonymous commenters as well.

For registered users only, it would be easier:

  • add a link in the theme to the comment editing screen in the admin
  • check if the current user is the author of the comment (or add a new capability: edit_own_comments)

#5 @miqrogroove
11 years ago

I did some light testing with anonymous comments. It looks like the author cookie isn't set unless the commenter fills the name field. Unless that gets changed, the editing feature wouldn't be available to everyone.

#6 @miqrogroove
11 years ago

Ah, you've also got trivial session fixation in the existing system. That's a deal-breaker for anonymous comment editing.

  1. Fill the name field as 'user1' and leave a comment.
  1. Delete author cookie or switch computers.
  1. Leave a second comment with same name value as the first commenter.

WordPress resets the second user's author cookie with the first user's session key. The second user can now guess the comment ID number and edit the first user's comment.

Conversely:

  1. Leave a comment using a known name, 'scribu'.
  1. Use your favorite method to sneak your author cookie onto scribu's computer.
  1. When scribu leaves a comment, the author key is already known by a third party and the comment ID number can be guessed for editing access.

#7 @jane
10 years ago

  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I'd like this to be available either in core or as a core plugin, too, but since it's been 2 years with no patch and there are plugins that do this, closing as wontfix.

#8 @swissspidy
5 years ago

#35245 was marked as a duplicate.

Note: See TracTickets for help on using tickets.