bbPress

Info

• 7 posts
• 2 voices
• Started 3 years ago by mciarlo
• Latest reply from mciarlo
• This topic is resolved

Tags

• bug
• edit

• Posts in this topic

Users Able To Edit Posts [HACK] Need Help

1. • 
   • mciarlo
   • Member

   • Posted 3 years ago #

   Users on my forum are able to use the following url to edit posts:

   http ://www.cairoshell.com/forum/edit.php?id=['post id here']

   How do I fix this? I suspect this is an available bug in every bbPress forum.
2. • 
   • chrishajer
   • Moderator

   • Posted 3 years ago #

   I just checked on my bbPress installation and that does not work. It just redirects to the forum home page when I am not logged in. When I log in and try to access the edit.php url, I get redirected to the forum home page as well.

   I just checked on your forum and I cannot edit posts made by anyone else when I am not logged in. When I log in, I still cannot edit posts made by any other members. I tried this URL:
   http://www.cairoshell.com/forum/edit.php?id=10314

   FYI, the member who created the reply can edit the post for a period of time that is set in bb-config.php. And keymasters can edit posts made by anyone for an indefinite period of time. Is it possible you are using a plugin that gives members more permission than normal? Or that the user seeing this edit functionality is logged in as a keymaster?

   I am not seeing the problem you describe, so if your users can edit other members posts, you need to look at the permissions that they have. The default installation does not do this in any forum I've checked, including this forum, your forum and my own forum.
3. • 
   • mciarlo
   • Member

   • Posted 3 years ago #

   Thank you for the response. I will double check permissions.
4. • 
   • chrishajer
   • Moderator

   • Posted 3 years ago #

   Try registering a new user, log in with a different browser if necessary, and see if you can edit another member's post.
5. • 
   • mciarlo
   • Member

   • Posted 3 years ago #

   I did and I cannot. I guess it's not a terrible problem, but it is a way for users to bypass the allowable edit time.
6. • 
   • chrishajer
   • Moderator

   • Posted 3 years ago #

   Can you confirm that? I suspect that would not work either. I tried it in my forum, as a regular member, on a post I wrote a week ago, and I cannot edit it. Is it possible you have a longer time set for the edit lock? A really large number there will allow editing for a long time, and a negative number would probably make them editable by the member who wrote it forever, without expiration.

   By default, members should not be able to edit any other members posts, and members should only be able to edit their own posts for the configured period of time. Keymasters can edit anything at any time. Is that not your experience?
7. • 
   • mciarlo
   • Member

   • Posted 3 years ago #

   I tried it, and you are correct. I mistakenly had my edit time incorrectly set.

   Thanks!

8. You must log in to post.