Skip to:
Content
Pages
Categories
Search
Top
Bottom

Users Able To Edit Posts [HACK] Need Help


  • mciarlo
    Member

    @mciarlo

    Users on my forum are able to use the following url to edit posts:

    http ://www.cairoshell.com/forum/edit.php?id=

    How do I fix this? I suspect this is an available bug in every bbPress forum.

Viewing 6 replies - 1 through 6 (of 6 total)

  • chrishajer
    Participant

    @chrishajer

    I just checked on my bbPress installation and that does not work. It just redirects to the forum home page when I am not logged in. When I log in and try to access the edit.php url, I get redirected to the forum home page as well.

    I just checked on your forum and I cannot edit posts made by anyone else when I am not logged in. When I log in, I still cannot edit posts made by any other members. I tried this URL:

    http://www.cairoshell.com/forum/edit.php?id=10314

    FYI, the member who created the reply can edit the post for a period of time that is set in bb-config.php. And keymasters can edit posts made by anyone for an indefinite period of time. Is it possible you are using a plugin that gives members more permission than normal? Or that the user seeing this edit functionality is logged in as a keymaster?

    I am not seeing the problem you describe, so if your users can edit other members posts, you need to look at the permissions that they have. The default installation does not do this in any forum I’ve checked, including this forum, your forum and my own forum.


    mciarlo
    Member

    @mciarlo

    Thank you for the response. I will double check permissions.


    chrishajer
    Participant

    @chrishajer

    Try registering a new user, log in with a different browser if necessary, and see if you can edit another member’s post.


    mciarlo
    Member

    @mciarlo

    I did and I cannot. I guess it’s not a terrible problem, but it is a way for users to bypass the allowable edit time.


    chrishajer
    Participant

    @chrishajer

    Can you confirm that? I suspect that would not work either. I tried it in my forum, as a regular member, on a post I wrote a week ago, and I cannot edit it. Is it possible you have a longer time set for the edit lock? A really large number there will allow editing for a long time, and a negative number would probably make them editable by the member who wrote it forever, without expiration.

    By default, members should not be able to edit any other members posts, and members should only be able to edit their own posts for the configured period of time. Keymasters can edit anything at any time. Is that not your experience?


    mciarlo
    Member

    @mciarlo

    I tried it, and you are correct. I mistakenly had my edit time incorrectly set.

    Thanks!

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.