mahara-contributors team mailing list archive

[Robert Lyon <rlyon@xxxxxxxxxxxxxxx>]

I have submitted a patch for this bug
https://reviews.mahara.org/#/c/2090/

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
https://bugs.launchpad.net/bugs/1171310

Title:
  Can bypass comment moderation by editing a comment

Status in Mahara ePortfolio:
  Triaged
Status in Mahara 1.5 series:
  New
Status in Mahara 1.6 series:
  New
Status in Mahara 1.7 series:
  New

Bug description:
  A user can make their comments on a page public, even if the page is
  set to require comment moderation, if they create the comment as a
  private comment and then change its status to public while editing it.

  To replicate:

  1. Create a Page for User 1
  2. Make the page accessible to the public, and activate comments & comment moderation for the page (this is all under the Sharing tab)
  3. Log in as User 2
  4. Place a comment on the Page, making sure to untick the "Make public" box so that the comment is private.
  5. Click the "edit" icon next to the newly created comment.
  6. On the edit page, tick the "Make public" box, and click Save.

  Expected result: The comment's status should be "This comment is
  private | You have requested that this comment be made public"; and it
  shouldn't become public until approved by User 1

  Actual result: The comment becomes public immediately after you click
  Save on the Edit page.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1171310/+subscriptions