#1461 Forum: Can't edit own topic starter without p_admin_forum


It appears that a user cannot edit a forum post that he
just submitted (or the edit post control needs to be
hidden) and no error message is reported if comment
changes are submitted but fail to be saved to the db.

1) Add a new topic to a forum;
2) When the list returns, select the topic to view the
comment you entered when creating the new topic;
3) To the right of the topic title is the "edit.gif"
icon indicating that you can edit the comment. Select it.;
4) Add some more text in the comment field of the form;
5) Select "post";
6) You are automagically returned to the topic list.
Select your topic again to view it;
7) The added text from step 4) is NOT there.

Upon examination, it seems that the edit.gif icon is
viewable for the user because he is the owner of that
particular thread. The template
"tiki-view_forum_thread.tpl" allows user's matching the
thread's userName to be exposed to the edit control:
{if $tiki_p_admin_forum eq 'y' or ($tiki_p_forum_post
eq 'y' and ($thread_info.userName == $user)) }
<a href="tiki-view_forum.php?[params removed for
readability]" class="admlink"><img
src='img/icons/edit.gif' border='0' alt='{tr}edit{/tr}'
title='{tr}edit{/tr}' /></a>

This is fine but the controlling page for the form,
"tiki-view_forum.php" checks to see if a thread is
being edited and then only allows admins of that forum
to actually update the database with new comment
1: if ($_REQUEST["comments_threadId"] == 0) {
2: /* ... */
3: } else {
4: if ($tiki_p_admin_forum == 'y') {
$_REQUEST["comments_title"], '',
6: /* ... */
7: }
8: }

If the comments_threadId is not equal to 0 (line 1:),
the user must have tiki_p_admin_forum permission to
submit the comment changes (4:). Failing these two
conditions, the script simply stops processing the
data. No message is returned that the data has been
received but is not being saved.

For myself, I added a check to see if the user is the
original author (thread's userName) and, if so, allow
the processing just as if the user had
tiki_p_admin_forum. I also added an else clause @ 7:
to throw an error message if processing is denied.


  • Philippe Cloutier

    • summary: Forum: User can't edit own post --> Forum: Can't edit own topic starter without p_admin_forum
    • status: open --> open-fixed
  • Philippe Cloutier

    Logged In: YES

    Thanks for the report, I fixed that for 1.8.3.

  • Oliver Hertel

    Oliver Hertel - 2004-05-27
    • assigned_to: nobody --> ohertel
  • Oliver Hertel

    Oliver Hertel - 2004-05-27
    • assigned_to: ohertel --> chealer
    • status: open-fixed --> closed-fixed

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks