If you edit a comment from an anonymous user or a different user that your current user, the comment preview shows a link to your own user profile instead of the expected user's information. This is not a security issue since it does not change the current logged in user.

CommentFileSizeAuthor
#1 live-comment-user.patch3.05 KBdave reid

Comments

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Status: Active » Needs review
StatusFileSize
new live-comment-user.patch3.05 KB

Solution: Add the comment's uid to the JavaScript so it can be properly passed into $comment->uid. Patch attached for 6.x-1.x.

Gurpartap Singh’s picture

Gurpartap Singh commented
Status: Needs review » Fixed

Thanks man! I never really worked on it because it needed a lot of user logic (anonymous vs authenticated/current vs commenter user(again anon vs real user) on add vs edit forms) blllaaaah haha. I have fixed that now, hopefully. A bug remains: when anonymous user is allowed to edit all comments, user is always shown as "Anonymous". It might be really trivial but I didn't care to look into it.

http://drupal.org/cvs?commit=244592
http://drupal.org/cvs?commit=244592

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.