WordPress.org

Ready to get started?Download WordPress

Forums

A bug in /wp-admin/menu.php (3 posts)

  1. CrazySerb
    Member
    Posted 6 years ago #

    There's an obvious (at least to me) bug in the menu.php file on line 26, and it should read:

    $menu[20] = array( sprintf( __('Comments %s'), "<span id='awaiting-mod' class='count-$awaiting_mod'><span class='comment-count'>$awaiting_mod</span></span>" ), 'moderate_comments', 'edit-comments.php');

    (I just replaced the 'edit_posts' with 'moderate_comments' and it's working the way it should now, as in, those users who do not have moderate_comments role assigned to them cannot see the Comments link in the navigation menu)

    hopefully this should be looked at and fixed in 2.5.2 or something, just so I don't have to do it manually every time....

  2. chelmer
    Member
    Posted 5 years ago #

    The only problem with this change is that changes are still needed throughout the code, since comment moderation is always tied to editor capabilities. In other words, only those with capabilities of 'edit_posts' (editors) and 'edit_post' (with an ID passed, for authors of those posts) can approve, unapprove, edit, spam or delete comments.

    This is true as of 2.6.3, and it is reported in Trac, but changes are pushed back to 2.8 currently.

  3. chelmer
    Member
    Posted 5 years ago #

    I had to modify our school's installation in order to allow correct comment moderation. Here are the changes with documentation.

    * * *

    The following modifications were made in order to allow a user assigned with 'moderate_comments' capability (via the Role Manager plugin, for example) to moderate comments (WordPress assumes users who are 'editors' only have this ability and so bases its conditional statements on the editor capability 'edit_posts' or 'edit_post'). The simple rationale for making these rare code modifications is that users with 'moderate_comments' should be able to moderate comments. This is a shortcoming in the WordPress code and necessitates modification (where comment moderators are required).

    Where 'edit_posts' (plural) is used in the current_user_can() function call, in regard to comment moderation, 'moderate_comments' can safely replace it. Where 'edit_post' (singular) is used, the post ID is also passed (this is because in addition to all editors being able to edit all comments, individual authors can edit comments to their own posts and may have 'edit_post' capability). Therefore, 'moderate_comments' does not replace 'edit_post' but modifies the conditional statements in which they are found.

    1. /wp-admin/menu.php, lines 26 and 42 (as of version 2.6.3), changed 'edit_posts' to 'moderate_comments'
    2. /wp-admin/edit_comments.php, line 16 (ver. 2.6.3), changed from if ( !current_user_can('edit_post', $post_id) ) to if ( !current_user_can('edit_post', $post_id) && !current_user_can('moderate_comments') )
    3. /wp-admin/comment.php, lines 32, 54, 136, 166 and 191 (ver. 2.6.3), from if ( !current_user_can('edit_post', $comment->comment_post_ID) ) to if ( !current_user_can('edit_post', $comment->comment_post_ID) && !current_user_can('moderate_comments') )
    4. /wp-admin/includes/template.php, lines 736, 769, 776 and 792 (ver. 2.6.3), from if ( current_user_can('edit_post', $comment->comment_post_ID) ) to if ( current_user_can('edit_post', $comment->comment_post_ID) || current_user_can('moderate_comments') )
    5. /wp-admin/includes/comment.php, line 14 (ver. 2.6.3), from if (!current_user_can( 'edit_post', $comment_post_ID ) ) to if (!current_user_can( 'edit_post', $comment_post_ID ) && (!current_user_can( 'moderate_comments' ) ) )
    6. /wp-admin/admin-ajax.php, lines 34 and 384, from if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) to if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments') )
    7. /wp-admin/admin-ajax.php, lines 164-167, from
      if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
                  die('-1');
              if ( !current_user_can( 'moderate_comments' ) )
      
                  die('-1');

      to

      if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments') )
                  die('-1');

Topic Closed

This topic has been closed to new replies.

About this Topic