In a Drupal moderated site users can bypass comment moderation if some days after comment approval they decide to edit their own comments.

The solution is provide a "edit own comments" option under permissions.

Otherwise those users could eventually make the Drupal site editor liable for comments in fact he didn't approve.

CommentFileSizeAuthor
#4 edit_own_comments_0.patch1.51 KBwebchick
#1 edit_own_comments.patch1.15 KBwebchick

Comments

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
commented
Title: Users can bypass comment moderation » Add an 'edit own comments' permission
Version: 4.7.3 » x.y.z
Assigned: Unassigned » webchick
Category: bug » feature
Status: Active » Needs review
StatusFileSize
new edit_own_comments.patch1.15 KB

This is true, however it involves an API change, and thus is a new feature, and thus will only get applied to HEAD, not 4.7. :( Though this patch will actually probably work for 4.7 too.

robertdouglass’s picture

robertdouglass commented

This can be used to avoid another unwanted byproduct of editing comments in flat forums; that the comments change order.
The query that builds the comment list takes the timestamp of the comment into consideration and the timestamp gets updated when a comment is edited, so in a flat forum, you can change the order of comments by editing yours after other replies have come in. While this patch doesn't actually address that bug, it does make it so that site admins could avoid the bug altogether.

dundun’s picture

dundun commented

Patch works well in Drupal 4.7.3 but 'edit' link still appears under own comments.

Anyway when you click on it all you can get is a 'permission denied' page.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
commented
StatusFileSize
new edit_own_comments_0.patch1.51 KB

You're exactly right! Don't know how I managed to miss that, sorry!

dundun’s picture

dundun commented

It looks perfect now.

Thanks a lot.

nedjo’s picture

nedjo
he/him/his
Primary language English
commented

This is a good idea. Ideally we'd implement it in a way parallel to the 'edit own [contenttype]' permissions. I.e., it's handled in comment_access() rather than being an additional permission test.

dundun’s picture

dundun commented

There is a better solution though.

If you allow edit own comments they should be unpublished and sent to moderation queue again.

Would be that possible?

rkn-dupe’s picture

rkn-dupe commented

Thanks for this patch. However its not working for me on 4.7.3.

Running the patch program it says its failed on 2 out of 3 bits.

Doing the changes by hand i can edit them in fine - everything is as it should be. But when i try and load up my forums page everything comes up blank.

robertdouglass’s picture

robertdouglass commented

yeah, this is a patch against the development branch. It isn't expected to work for 4.7.3. If you are able to tease it into working for 4.7.3 and can submit a patch, that would be a useful resource for people in the future, but it won't get committed to the 4.7.* code base because that is a release and thus frozen... only bugfixes and security issues are committed to releases.

deavidsedice’s picture

deavidsedice commented
Version: x.y.z » 4.7.x-dev
Component: user system » comment.module

I've send other issue to correct the bug itself:

http://drupal.org/node/128162

But my patch does not add any feature of any kind.

killes@www.drop.org’s picture

killes@www.drop.org commented
Status: Needs review » Closed (duplicate)

marking duplicate in favour of http://drupal.org/node/128162

killes@www.drop.org’s picture

killes@www.drop.org commented

marking duplicate in favour of http://drupal.org/node/128162