Opened 13 years ago
Closed 12 years ago
#19395 closed defect (bug) (duplicate)
Comment notifications are sent to post authors without checking blog membership
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0 |
Component: | Comments | Keywords: | has-patch |
Focuses: | Cc: |
Description
When sending a comment notification to a post author, there is no check to see if the post author is a member of the blog. In a multi-site setup, a user can still get comment notifications on a blog they no longer have access to.
Patched against r19482
Attachments (1)
Change History (7)
#2
follow-up:
↓ 3
@
13 years ago
What if it's a private blog and they shouldn't get the comment text?
#3
in reply to:
↑ 2
@
13 years ago
Replying to nickmomrik:
What if it's a private blog and they shouldn't get the comment text?
Stock WordPress doesn't have the concept of a private blog.
I could go for a current_user_can( 'read', $id )
check as well. That would be a middle ground for both of our use cases.
Note: See
TracTickets for help on using
tickets.
If they're still a member of the network, why shouldn't they get the email? They're still the author of the post, they just no longer have permissions on the blog. Perhaps the issue here isn't that they're no longer a member of the blog, but that a particular current_user_can() would fail. Specifically, the Trash/Delete and Spam links should confirm that they can still moderate the comment, so
current_user_can( 'edit_comment', $comment_id )
.