mahara-contributors team mailing list archive

Thread
Date

[Bug 1171310] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <1171310@xxxxxxxxxxxxxxxxxx>
Date: Fri, 19 Jul 2013 03:59:34 -0000
Reply-to: Bug 1171310 <1171310@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/2090
Committed: http://gitorious.org/mahara/mahara/commit/1fe0319b9c1f9b3135428cca94914c5c8b4e027d
Submitter: Aaron Wells (aaronw@xxxxxxxxxxxxxxx)
Branch:    master

commit 1fe0319b9c1f9b3135428cca94914c5c8b4e027d
Author: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date:   Mon Apr 29 09:47:27 2013 +1200

Fix for bypassing moderation when making comment public (Bug #1171310)

To get a private -> public comment moderated the system needs to check:
* if the view has approvecomments set to 1
* if the submitter has checked the make public checkbox
* if the submitter is not the owner of the view
* if the view is a group view
* if the approvecomments are set per view

And update the comment table accordingly and now sends off notify
message if needed.

Removed some unneeded variable declarations

Change-Id: I276c3d3fa67a99d9030d10a6172048c255e91b5b
Signed-off-by: robertl <robertl@xxxxxxxxxxxxxxx>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
https://bugs.launchpad.net/bugs/1171310

Title:
  Can bypass comment moderation by editing a comment

Status in Mahara ePortfolio:
  In Progress
Status in Mahara 1.5 series:
  In Progress
Status in Mahara 1.6 series:
  In Progress
Status in Mahara 1.7 series:
  In Progress

Bug description:
  A user can make their comments on a page public, even if the page is
  set to require comment moderation, if they create the comment as a
  private comment and then change its status to public while editing it.

  To replicate:

  1. Create a Page for User 1
  2. Make the page accessible to the public, and activate comments & comment moderation for the page (this is all under the Sharing tab)
  3. Log in as User 2
  4. Place a comment on the Page, making sure to untick the "Make public" box so that the comment is private.
  5. Click the "edit" icon next to the newly created comment.
  6. On the edit page, tick the "Make public" box, and click Save.

  Expected result: The comment's status should be "This comment is
  private | You have requested that this comment be made public"; and it
  shouldn't become public until approved by User 1

  Actual result: The comment becomes public immediately after you click
  Save on the Edit page.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1171310/+subscriptions

References

[Bug 1171310] [NEW] Can bypass comment moderation by editing a comment
From: Mahara Bot, 2013-04-22