scalejournal

Anyone can delete anyone else's comments

Bug #701811 reported by Brad Phillips on 2011-01-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	scalejournal	Fix Released	High	Brad Phillips

Bug Description

Even if not signed in, the delete link is displaying under comments. Probably related to issue that was happening on writers page & same solution should do the trick. Need to fix ASAP.

Revision history for this message

Brad Phillips (brad-bradphillips) wrote on 2011-01-12:

Ok cool, this is fixed. It was a combination of no "if authorized" content in place & also some limited sql inquries. Now comments can only be removed if a user is signed in & was the same user who posted the comment.

Changed in scalejournal:
status:	New → Fix Released

Revision history for this message

rejon (rejon) wrote on 2011-01-12: Re: [Bug 701811] Re: Anyone can delete anyone else's comments

great work!

On Wed, Jan 12, 2011 at 6:15 PM, Brad Phillips
<email address hidden> wrote:
> Ok cool, this is fixed. It was a combination of no "if authorized"
> content in place & also some limited sql inquries. Now comments can
> only be removed if a user is signed in & was the same user who posted
> the comment.
>
> ** Changed in: scalejournal
> Status: New => Fix Released
>
> --
> You received this bug notification because you are a member of Scale
> Journal Developers, which is subscribed to scalejournal.
> https://bugs.launchpad.net/bugs/701811
>
> Title:
> Anyone can delete anyone else's comments
>

--
Jon Phillips
http://rejon.org/
http://fabricatorz.com/
chat/skype: kidproto | irc: rejon
+1.415.830.3884 (sf/global)
+86.187.1003.9974 (china)
+852.9647,9389 (hongkong)
+65.8330.5807 (singapore)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.