WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 8 months ago

#16134 new defect (bug)

Check capabilities/role before adding comment links to email

Reported by: GaryJ Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 3.0.4
Component: Comments Keywords: has-patch 3.2-early
Focuses: Cc:

Description

Currently the Trash it, Delete it, Spam it are added to comment notifcation emails, which are sent to the author.

However, the author may have had their role changed down to a lower-role (or had capability removed) since they wrote the post, and no longer would have permissions to use the links added to the email.

It may also be the case that a subscriber user was assigned as the Post Author (perhaps as a sort of Guest Author) for a post, and never had the permissions to use those links.

Can some sort of check be added, before these links be added to the email?

Attachments (1)

16134.patch (1.4 KB) - added by solarissmoke 3 years ago.
Check that a post author still has permissions to edit comments before inserting spam/trash links into notification email

Download all attachments as: .zip

Change History (12)

comment:1 solarissmoke3 years ago

Think this should be relatively easy to do, here's a patch that works for me.

comment:2 solarissmoke3 years ago

  • Keywords has-patch dev-feedback added; needs-patch removed

solarissmoke3 years ago

Check that a post author still has permissions to edit comments before inserting spam/trash links into notification email

comment:3 dd323 years ago

  • Keywords 3.2-early added
  • Milestone changed from Awaiting Review to Future Release

comment:4 follow-up: tislam1003 years ago

I tried your patch by making a plugin. Now, whenever I post a comment I get a blank page. here is the link to the plugin:

http://pastebin.com/9zeAecXj

comment:5 in reply to: ↑ 4 solarissmoke3 years ago

  • Keywords dev-feedback removed

Replying to tislam100:

I tried your patch by making a plugin. Now, whenever I post a comment I get a blank page.

Works fine for me. Are you using trunk?

comment:6 tislam1003 years ago

What is trunk? Did you try the plugin I made? Maybe there is a bug in the plugin. can you take a look at it?

Thank you.

comment:7 solarissmoke3 years ago

Trunk is the latest development version of Wordpress, as opposed to the latest stable version. The patch (and your plugin) will not work in Wordpress 3.0.5 because it uses the user_can() function is new to Wordpress 3.1. It works in 3.1 however.

comment:8 tislam1003 years ago

any alternative to user_can() that works in wordpress 3.0.5?
Can it be done with user role?

Thanks

comment:9 solarissmoke3 years ago

This is going off-topic for this ticket. Please lets take this to #wordpress IRC or the support forums.

comment:10 tislam1003 years ago

yeah. you are right. I am sorry.

comment:11 sillybean8 months ago

  • Cc steph@… added
Note: See TracTickets for help on using tickets.