Posted 1 year ago #
When I log in as a regular author, they have the ability to click the all comments on page checkbox and hit delete. Why is this? I've had someone delete a ton of comments accidentally, and in he codex it says authors cannot moderate comments - does deleting not count?
If this wasn't bad enough, they are not just marked as deleted in the database, but removed completely so I can't get them back.
Depends on the role assigned to the person who deleted them. If he/she is admin, they can do anything.
Posted 1 year ago #
The person was an author, not an admin.
Posted 1 year ago #
Here's some proof when logged in as a newly created author:
http://img103.imageshack.us/img103/5927/commentsbugne3.jpg
As you can see, although the individual check boxes and moderate links are hidden, the 'all on this page' checkbox isn't, as well as the delete button. So if someone wants to delete a single one they can't, and so could mistakenly try and mass delete one.
I think its because an Author can "edit posts" it allows them to delete comments as a result. See here
Posted 1 year ago #
It says there it will only allow them to moderate their own comments. This bug has enabled them to delete a page of comments rather than a single comment.
Sorry I dont know much more, I just read that edit_posts gives Author user access to do the following
Manage > Comments -- The "show post", "edit post", "edit comment", and "delete comment" links are enabled only on own posts, since edit-comment.php looks for "current_user_can('edit_post', $comment->comment_post_ID)"'
Posted 1 year ago #
This is quite a serious bug.
Is it just my install??
This topic has been closed to new replies.
