WordPress.org

Make WordPress Core

Opened 11 years ago

Closed 10 years ago

#9144 closed defect (bug) (fixed)

dashboard: comments from private posts show up in recent comments list

Reported by: Taimon Owned by:
Milestone: 3.0 Priority: normal
Severity: normal Version: 2.7
Component: Comments Keywords: has-patch featured
Focuses: Cc:
PR Number:

Description

Comments that belong to private posts appear in the recent comments list on the dashboard, even if the current user doesn't have the appropriate capabilities to read the post.

Attachments (2)

dashboard.php.patch (617 bytes) - added by Taimon 11 years ago.
9144.diff (585 bytes) - added by nacin 10 years ago.

Download all attachments as: .zip

Change History (18)

#1 @Taimon
11 years ago

The patch should be taken with a grain of salt, as I'm not really familiar with wordpress.

#2 @mrmist
11 years ago

  • Keywords has-patch needs-testing added

Close #9144 as a dupe of this since this has a patch.

#3 follow-up: @mrmist
11 years ago

Sorry should have said closed #8559 as a dupe of this..

#4 in reply to: ↑ 3 @Taimon
11 years ago

Didn't find that one, sorry.
Patch was buggy (php4) - next try.

#5 follow-up: @Denis-de-Bernardy
11 years ago

  • Keywords needs-patch added; recent comments private has-patch needs-testing removed

shouldn't the patch list 5 comments, always? the sql query should be changed, rather than the comments filtered out, no?

#6 @janeforshort
11 years ago

  • Milestone changed from 2.8 to Future Release

Punting due to feature freeze. Reconsider with next release.

#8 @Denis-de-Bernardy
10 years ago

  • Priority changed from normal to low
  • Severity changed from normal to minor

#9 @Denis-de-Bernardy
10 years ago

  • Milestone changed from Future Release to 2.9

#10 @nacin
10 years ago

  • Milestone changed from 2.9 to Future Release

@nacin
10 years ago

#11 in reply to: ↑ 5 @nacin
10 years ago

  • Keywords has-patch added; needs-patch removed
  • Milestone changed from Future Release to 3.0
  • Severity changed from minor to normal

Replying to Denis-de-Bernardy:

shouldn't the patch list 5 comments, always? the sql query should be changed, rather than the comments filtered out, no?

It actually does. This patch is within a loop that pulls 50 comments at a time until it reaches 5 acceptable ones.

New patch attached that uses current_user_can().

#12 @hakre
10 years ago

  • Priority changed from low to normal

This patch is actually related to security because its a minor information disclosure issue. Will raise the priority a bit beause of that.

#13 @voyagerfan5761
10 years ago

  • Cc WordPress@… added

#14 @Denis-de-Bernardy
10 years ago

  • Keywords bug-hunt added

#15 @Denis-de-Bernardy
10 years ago

  • Keywords featured added; bug-hunt removed

#16 @automattor
10 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [13800]) Check cap before showing comments from private posts in recent comments dashboard widget. fixes #9144.

Note: See TracTickets for help on using tickets.