Anyone can delete anyone else's comments
Bug #701811 reported by
Brad Phillips
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
scalejournal |
Fix Released
|
High
|
Brad Phillips |
Bug Description
Even if not signed in, the delete link is displaying under comments. Probably related to issue that was happening on writers page & same solution should do the trick. Need to fix ASAP.
To post a comment you must log in.
Ok cool, this is fixed. It was a combination of no "if authorized" content in place & also some limited sql inquries. Now comments can only be removed if a user is signed in & was the same user who posted the comment.