Why current_user_can('edit_comment') always true?

  • Resolved Caio

    (@umagrama)


    10 years, 9 months ago

    I am always getting TRUE for current_user_can(‘edit_comment’); on two different installations of WordPress (4.2.2 and 4.2.4) no matter what role the user is. Even when the user is logged out.

    I tested this on a clean WP install and got the same result.

    Why would this be?

    What this is causing:
    On comments, the ‘Edit’ comment link points to the back end edit-comment action even for registered users without the role/capability.

    https://wordpress.org/plugins/wpdiscuz/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter Caio

    (@umagrama)

    10 years, 9 months ago

    This is where the problem is:

    FILE: tpl-comment.php
    LINE 173: if ( current_user_can(‘edit_comment’, $comment->comment_ID)) { … }

    WordPress core doesn’t seem to support ‘edit_comment’ capability.

    Thread Starter Caio

    (@umagrama)

    10 years, 9 months ago

    Well, I replaced line 173 with

    if ( current_user_can(‘edit_comment’, $comment->comment_ID) && ( current_user_can(‘administrator’) || current_user_can(‘editor’) ) ) { … }

    Plugin Author gVectors Team

    (@gvectors-team)

    10 years, 9 months ago

    Hi Bear,
    The “Edit” link is an AJAX link which replaces the comment content to textarea then allows you to edit text and save, like it’s shown here: //ps.w.org/wpdiscuz/assets/screenshot-4.png?rev=1158718
    However only for Admins and editors it redirects to Dashboard>Comments Edit page to allow use full editing options. So if it doesn’t work like I explained above then something wrong on your end. May be a Theme or Plugin conflict.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Why current_user_can('edit_comment') always true?’ is closed to new replies.