Make WordPress Core

Opened 9 years ago

Closed 8 years ago

#19395 closed defect (bug) (duplicate)

Comment notifications are sent to post authors without checking blog membership

Reported by: nickmomrik Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.0
Component: Comments Keywords: has-patch
Focuses: Cc:


When sending a comment notification to a post author, there is no check to see if the post author is a member of the blog. In a multi-site setup, a user can still get comment notifications on a blog they no longer have access to.

Patched against r19482

Attachments (1)

19395.diff (553 bytes) - added by nickmomrik 9 years ago.

Download all attachments as: .zip

Change History (7)

9 years ago

#1 @nacin
9 years ago

  • Version changed from 3.3 to 3.0

If they're still a member of the network, why shouldn't they get the email? They're still the author of the post, they just no longer have permissions on the blog. Perhaps the issue here isn't that they're no longer a member of the blog, but that a particular current_user_can() would fail. Specifically, the Trash/Delete and Spam links should confirm that they can still moderate the comment, so current_user_can( 'edit_comment', $comment_id ).

#2 follow-up: @nickmomrik
9 years ago

What if it's a private blog and they shouldn't get the comment text?

#3 in reply to: ↑ 2 @nacin
9 years ago

Replying to nickmomrik:

What if it's a private blog and they shouldn't get the comment text?

Stock WordPress doesn't have the concept of a private blog.

I could go for a current_user_can( 'read', $id ) check as well. That would be a middle ground for both of our use cases.

#4 @nickmomrik
9 years ago

I still think it's wrong to send comment notification emails to the original author (even if they can read the post) unless you provide a way to "unsubscribe" from them.

#6 @nacin
8 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #23136.

Note: See TracTickets for help on using tickets.