Make WordPress Core

Opened 11 years ago

Closed 9 years ago

Last modified 9 years ago

#4353 closed enhancement (fixed)

Users with edit_posts capability can see everyone's comments, IPs, and email addresses

Reported by: idahofallzcom Owned by: markjaquith
Milestone: 2.7 Priority: high
Severity: normal Version: 2.7
Component: Comments Keywords: needs-patch reporter-feedback needs-testcase
Focuses: Cc:

Description (last modified by markjaquith)

I've been fighting this problem for several weeks now. I've updated Role Manager to the new one (not the owen winkler version), and it also does not fix the problem.

Everyone above subscriber can click "comments" and see everyone's comments, email addresses, and IP addresses. This is a very BAD thing.

From what I've read, edit_posts for contributor and authors is supposed to only display the person's own comments. However this function is broken somehow and instead anyone can see everyone else's comments.

Mark Jaquith says:

It wasn't designed to restrict people with edit_posts from only being able to see the comments they can edit. That would require a slight tweak in the code.

Is this a core code issue or a plugin issue? I think it is core code.

This is very important for me to resolve because i've had to demote everyone on my blog to subscriber, and nobody is able to post anymore.

Attachments (1)

4353-trunk.diff (2.5 KB) - added by markjaquith 10 years ago.

Download all attachments as: .zip

Change History (18)

#1 @markjaquith
11 years ago

  • Description modified (diff)
  • Owner changed from anonymous to markjaquith
  • Severity changed from critical to major
  • Status changed from new to assigned
  • Summary changed from Everyone above subscriber sees everyone's comments, IPs, and emails to Users with edit_posts capability can see everyone's comments, IPs, and email addresses
  • Type changed from defect to enhancement

edit_posts is used to control comment editing, specifically, but viewing, generally. If you have the edit_posts capability, you'll be able to view all comments, but only be able to edit the ones on your posts.

Contributors won't be able to view any comments or edit any. The only default role affected here is "Author."

What you're advocating is a change in functionality, so I'm going to update the ticket to reflect that.

#2 @markjaquith
10 years ago

  • Keywords has-patch added

Attachment hides IP address and e-mail address from authors who can't edit those comments.

#3 @westi
10 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [7322]) Only show IP and email address for comments a user can edit. Fixes #4353.

#4 @spencerp
10 years ago

  • Milestone changed from 2.5 to 2.7
  • Resolution fixed deleted
  • Status changed from closed to reopened
  • Version changed from 2.1.3 to 2.7

I know this is set to "fixed", but this really needs another good looking at. No matter what I do, even using a Role Manager type plugin, I can't hide ANY comments and their informations from Authors, Editors, and Contributors.

IMHO; Authors, Editors, and Contributors shouldn't NOT be able to view ANY comment information(s) at all, unless it's comments of their own, on their own posts. I used the analogy in the wp-hackers or wp-testers list before; That's like Bank employees leaving bank member's important informations out over night, and even though it's supposedly kept secret and hidden from anyone else, it's not. The night clean crew comes in after hours, and their informations could be right there in plain view to the clean crew.

It's not supposed to be viewed/seen by just anyone, and everyone. What if you have an Author, Contributor or whatever that turns stalker/ whacko on you (site admin), and goes through all the comments, digging for people's email addresses, IP addresses and what-not? I had that happen to me already. I had some chick as an Author, and she was using my own plugins against me. Stalking me.

I had to get rid of the Useronline & LastFm plugin before. It's not wonderful to find draft posts titled: Just you, me, and 2 bots. And for the content, was making references to knowing that I was really online, but I must be hiding from her on messengers. If she can see certain things, because of her "Higher Status" in a blog, then use that "status" for evil.

I can just picture HER or ANYONE, going through other comments NOT NEEDED for their eyes, contacting them via their email addresses for either email or instant messengers, or, even going to their websites try to start drama that way too. Bottom line is, I just don't think all that extra information should be viewed by Authors, Contributors, and Editors just "because" they have the "status".

Don't get me wrong though, I DO believe and think "they" should be able to view that stuff, if it's on their OWN posts. But, just not ALL of the comments, that aren't even on their posts. You know? The site admin should have that access, just not everyone that has a write post status. Maybe I'm alone here... ?

#5 @spencerp
10 years ago

Too bad there wasn't some way to add the functionality and control of this [=http://www.laboratoriocaffeina.it/development/2007/07/20/restrict-authors-access-to-edit-comments-the-plugin.html/ plugin], into the core. [=http://wordpress.org/support/topic/137505/ Support thread] referenced.

#6 @mrmist
10 years ago

Personal story aside, I'd agree about the wrong-ness of a contributor or author being able to see any comments that aren't related to anything other than their own entries. Once you get into editor-level then everything is fair game, but at levels below that there should be restrictions.

If nothing else, it makes the "view comments" screen a bit broken - if I log in as a contributor to my test blog just now, and "manage comments", I can see -

Four buttons at the top of the screen "Approve" "Mark as spam" "unapprove" "delete" that shouldn't appear at all (because I can never use them).

5 Approved comments on entries that are nothing to do with the user. 5 Unapproved comments on entries that are nothing to do with the user.

As a contributor it's highly debatable whether I should have access to the manage comments screen at all, because it's a functionally useless screen. As an author, visibilty should surely be restricted to comments on posts "authored by me".

#7 @ryan
10 years ago

  • Keywords has-patch removed

#8 @ryan
10 years ago

  • Milestone changed from 2.7 to 2.8

Postponing to 2.8.

#9 @mrmist
9 years ago

See also #8684 which is related by not quite the same. (My patch on there to alter the menu privs for the comment section would squash this at the risk of annoying half the people some of the time.)

#10 @Denis-de-Bernardy
9 years ago

  • Milestone changed from 2.8 to 2.9

still current?

#11 @mrmist
9 years ago

  • Severity changed from major to normal

It's still partially current, yes.

Non-admin users can see comments (pending) for articles that they have no permissions to approve comments for. This is a potentially non-desirable situation, as no admin/editor has approved those comments for viewing.

IP addresses of commenters are no longer revealed, though, another patch addressed that.

#12 @mrmist
9 years ago

Also I'd see this as a defect, not an enhancement.

#13 @Denis-de-Bernardy
9 years ago

  • Component changed from Administration to Comments

#14 @hakre
9 years ago

  • Keywords needs-patch reporter-feedback needs-testcase added; comments edit_posts IP email privacy subscriber author role_manager removed

Tested against 2.9-bleeding with a user having the subscribers role. That user can not access wp-admin/edit-comments.php and therefore is unable to edit comments.

Is there a testcase to actually figure out that this is something else then worksforme? if not this should be closed.

#15 @dd32
9 years ago

Is there a testcase to actually figure out that this is something else then worksforme? if not this should be closed.

As the ticket says, Use a user with the 'edit_posts' capability. So that means a user role which can edit posts or use a Role management plugin to modify a role for it.

I'm pretty sure this would've been fixed by (In [7322]) in the sense that If you cant edit the comment, You cant view those details, so.. not entirely sure.

Try with a contributor role. (And close it in 2.7 milestone as fixed if theres no problem)

#16 @hakre
9 years ago

  • Milestone 2.9 deleted
  • Resolution set to fixed
  • Status changed from reopened to closed

My fault. Tested with the contributor role and can open that page and read public viewable comments. I can not see a IP nor an email. I can not edit the comment.

Looks fixed. Close as suggested but there is no 2.7 Milestone any longer.

#17 @dd32
9 years ago

  • Milestone set to 2.7
Note: See TracTickets for help on using tickets.