mahara-contributors team mailing list archive

Thread
Date

[Bug 1171310] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <1171310@xxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Jul 2013 03:04:55 -0000
Reply-to: Bug 1171310 <1171310@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/2364
Committed: http://gitorious.org/mahara/mahara/commit/1b5babb00de1091568265797128b19aaf1a7c578
Submitter: Aaron Wells (aaronw@xxxxxxxxxxxxxxx)
Branch:    1.6_STABLE

commit 1b5babb00de1091568265797128b19aaf1a7c578
Author: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date:   Mon Apr 29 09:47:27 2013 +1200

Fix for bypassing moderation when making comment public (Bug #1171310)

To get a private -> public comment moderated the system needs to check:
* if the view has approvecomments set to 1
* if the submitter has checked the make public checkbox
* if the submitter is not the owner of the view
* if the view is a group view
* if the approvecomments are set per view

And update the comment table accordingly and now sends off notify
message if needed.

Removed some unneeded variable declarations

Change-Id: I74d44f5dab6442c2cae11df1dc588bd753471f8e
Signed-off-by: robertl <robertl@xxxxxxxxxxxxxxx>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
https://bugs.launchpad.net/bugs/1171310

Title:
  Can bypass comment moderation by editing a comment

Status in Mahara ePortfolio:
  Fix Committed
Status in Mahara 1.5 series:
  Fix Committed
Status in Mahara 1.6 series:
  Fix Committed
Status in Mahara 1.7 series:
  Fix Committed

Bug description:
  A user can make their comments on a page public, even if the page is
  set to require comment moderation, if they create the comment as a
  private comment and then change its status to public while editing it.

  To replicate:

  1. Create a Page for User 1
  2. Make the page accessible to the public, and activate comments & comment moderation for the page (this is all under the Sharing tab)
  3. Log in as User 2
  4. Place a comment on the Page, making sure to untick the "Make public" box so that the comment is private.
  5. Click the "edit" icon next to the newly created comment.
  6. On the edit page, tick the "Make public" box, and click Save.

  Expected result: The comment's status should be "This comment is
  private | You have requested that this comment be made public"; and it
  shouldn't become public until approved by User 1

  Actual result: The comment becomes public immediately after you click
  Save on the Edit page.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1171310/+subscriptions

References

[Bug 1171310] [NEW] Can bypass comment moderation by editing a comment
From: Mahara Bot, 2013-04-22