After reading this http://wordpress.org/support/index.php?action=vthread&forum=3&topic=10090&page=0
and then fixing it, I decided to check if the same weakness was to be found in comments.
I made 2 users of the same level (e.g. User A & B) and posted comments on posts that each user made. Next, I logged in as User A and tried to edit comments on User A’s post, which of course worked. As the comments have id’s of their own – id=4/5/etc, I tried to access User B’s comments to edit. And it worked. I even edited comments found on admin’s posts . Basically so long as you know the id of the comment, any user can access and change it.
As I don’t want this feature, I’m trying to change it so that only the admin can edit everyone’s comments, and the other users can edit their own comments and not other people’s ones.
Is there some way to do this? I’m guessing this will involve changes in either post.php or edit-comments.php but I’m not sure what to do. Still a newbie at PHP. If anyone can offer a solution, I’d be most grateful. 🙂
- The topic ‘users of same levels can edit any comment includin’ is closed to new replies.