Jump to content


All users are able to edit each other's comments


This topic has been archived. This means that you cannot reply to this topic.
9 replies to this topic

#1 Chris Fink

Chris Fink

    New Member

  • Members
  • 3 posts

Posted 13 October 2011 - 12:11 PM

For some reason, all users have permission to edit any comment, whether it is their comment or not. The links, "Click to Edit" and "Request Deletion" appear on all comments whether the user is a Contributor or Author. Obviously, this is a huge problem. I have just recently purchased this version, 5.0.3 and can't use it unless this is fixed.

I've reverted to an older version of the software for the time being.

Appreciate a swift fix to this! Thanks!

#2 Bes Zain

Bes Zain

    Member

  • Members
  • 4,268 posts

Posted 13 October 2011 - 12:41 PM

[UPDATE: I found the issue belowhttp://ithemes.com/forum/index.php?/topic/19211-all-users-are-able-to-edit-each-others-comments/#p91697and a fix for it too - please read my next reply in this thread]

Hi Chris, :)

Thanks for posting this, and welcome to the forums!



Hmmm, let's see:



1 : What site (url) is this happening on? I can try to test this as a guest user.



2 : Have you tried playing with the AEC â> Permissions â> Editors option?



3 : By all users, do you mean guests can also edit everyone's comments in addition to ALL user roles, OR only logged in users, or specific groups (Admins, Contributors and Authors only) or something else can edit everyone's comments?



4 : Is this happening only on one site for you or more than one site? (wondering if you've been able to duplicate/try this on more than one site)


5 : Which other plugins do you have? They usuallySHOULD not matter when it comes to user roles, but they may be doing something in your case. It's always good to know exactly what's on the system so we can try to duplicate or analyze it and offer suggestions.

The reason I ask theseis because AEC 5.0.3 works perfectly from my end and is showing no such issues on several of my test sites, including http://bes.internal.ithemes.com/blog/major-themes-2 for guest users or Authors.



So I'm trying to see how I can duplicate this issue, if I'm missing some step somewhere OR if there is something specific related to your site or plugins combination that's causing this.



Regards, and thanks again!



Bes

[UPDATE: I found the issue belowhttp://ithemes.com/forum/index.php?/topic/19211-all-users-are-able-to-edit-each-others-comments/#p91697and a fix for it too - please read my next reply in this thread]


Edited by Bes Zain, 21 October 2011 - 06:46 AM.


#3 Bill Toth

Bill Toth

    New Member

  • Members
  • 2 posts

Posted 20 October 2011 - 08:49 PM

We are having the same issue. subscriber level users can edit and delete any comment. I tried the editors privileges suggestion, and it doesn't matter if I disable all the other plugins or not, no go,

I left a subscriber test account up @ http://proligarchy.com user: xxx pw: xxx

please feel free to browse.

Edited by Bill Toth, 21 October 2011 - 08:03 AM.


#4 Bes Zain

Bes Zain

    Member

  • Members
  • 4,268 posts

Posted 21 October 2011 - 11:46 AM

Hi Bill (and Chris), :)

Thanks for posting this, and welcome to the forums!

Hmmmm, thanks for sharing that (I removed that login info from your post).

FOUND OUT THE REASON (Chris, this applies to you also please) and how to Duplicate this:

If you go to:

AEC --> Settings --> Behavior --> Registered Users --> "Allow Registered Users to Edit Comments Indefinitely?"

and choose "YES" for that option, any logged in user can then edit other people's comments.

If you choose "NO" for that option, then this problem goes away and Subscribers can NOT edit other people's comments.

Can you confirm this please?

I've filed this as a bug and will let you know as soon as there is any update on this.

WORKAROUND/FIX FOR NOW: Set the following option to "NO"

AEC --> Settings --> Behavior --> Registered Users --> "Allow Registered Users to Edit Comments Indefinitely?"

That will make this problem go away.

Please let me know if that makes the problem go away for you.

Regards, and thanks again!

Bes

#5 Bill Toth

Bill Toth

    New Member

  • Members
  • 2 posts

Posted 21 October 2011 - 12:44 PM

yes. That seems to be working. Is there a max for edit timeout? I put in 6000 mins. to give them a week. I hope that number is not out of range. Thanks for your help and the quick reply.

We've noticed some other issues like "stack overflow at line 2" error on ie8 when opening the editor, and a change in format when saving an edited comment (moves text, especially noticeable with @ Reply comments), but I haven't done my due diligence on that yet... so I will be back. :)

This is an awesome plugin and will only get better...

Thanks again Bes.

#6 Bes Zain

Bes Zain

    Member

  • Members
  • 4,268 posts

Posted 21 October 2011 - 01:21 PM

Hi Bill, :)

Thanks for the follow-up and double confirming the bug's cause and the workaround!



Yes, 6000 mins should be fine (I love 60 minutes, though now I'm thinking if I should make it longer too, hmmm). As far as I know, there is no time limit to that number at all.



And yes, for any other issues you find, please go ahead and if possible share their steps (to duplicate them, what browser you used, sample url, as a certain logged in user role or guest, etc etc) and screenshots too. You can open a new thread for them also.



Thanks again for helping make Ajax Edit Comments (and all PluginBuddy plugins) better and better! :D



Regards,



Bes


Edited by Bes Zain, 21 October 2011 - 08:22 AM.


#7 Chris Fink

Chris Fink

    New Member

  • Members
  • 3 posts

Posted 26 October 2011 - 03:16 PM

Hi Bes,

Thanks! Yes, that solved the issue. Thanks too for the heads up when the bug's addressed!

Sorry about this but I am getting another error though, when clicking to Edit a comment, there is a long pause than I often get an Unresponsive Script java error:

Quote


A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

Script: (site URL)/wp-includes/js/jquery/jquery.js?ver=1.6.1:17

After clicking to Stop the script, the edit window shows up and works properly.

Appreciate any suggestions on resolving this.

Best,

Chris

Edited by Chris Fink, 26 October 2011 - 10:18 AM.


#8 Bes Zain

Bes Zain

    Member

  • Members
  • 4,268 posts

Posted 26 October 2011 - 03:28 PM

Hi Chris, :)

Thanks for posting about that.

1 : Hmmmm, what is the URL that is happening on? I can try to see if it's browser OR computer related (hopefully, though maybe not).

2 : Could you please play with the following 3 options (you'll have to mix and match) in AEC â> Settings â> Behavior â> Other Features â> "Performance":

2A : Load scripts in footer (turn this on, test, then off, test)

2B : Use Compressed Javascript Files? (same â turn this on, test, then off, test)

2C : Load wp-load.php Directory? (same â turn on, test, turn off, test

Try to turn them all off, test, then all on, test, etc.

Hope that helps! Regards,

Bes

Edited by Bes Zain, 26 October 2011 - 10:29 AM.


#9 Chris Fink

Chris Fink

    New Member

  • Members
  • 3 posts

Posted 02 November 2011 - 12:25 AM

Bes,

I really appreciate all your help. Unfortunately, the errors keep growing. I haven't had a chance to test the java related steps you listed above (which are appreciated) because I had to remove the plugin again due to additional issues.

Since employing the work around to the bug that allows all users to edit all users, the plugin has been inconsistent, removing editing options for some users almost immediately even though the time limit was set for 10,000 minutes and it has been corrupting cookies on users browsers, causing an error screen to appear on their browser when they click to compose a new comment. After clearing their cookies, the issue is cleared too but I have had a number of users experiencing this.

I have now reverted back to the older version which only has the java issue listed above and none of these other issues.

Not sure what to do at this point. I had wanted to update the older version but this new version is causing too many issues on my site.

Is an update expected soon that solves the bug that allows all users to edit each others comments? At least in the short run, it would seem that if I could allow users unlimited editing, the cookie issues would go away.

Thanks,

Chris

Edited by Chris Fink, 01 November 2011 - 07:26 PM.


#10 Bes Zain

Bes Zain

    Member

  • Members
  • 4,268 posts

Posted 02 November 2011 - 05:33 PM

Hi Chris,

Thanks for the reply!

Sorry for those errors, and I completely understand! The latest new full version number upgrade (version 5) had major code changes (full code rewrite), and that resulted in a lot of new features (and side-effects also).

We've this on the radar on the top of the AEC to-do list. We hope an upgrade soon will solve this, though we don't have an ETA on it yet.

Once this specific issue is gone, others should be squashed with it soon or at the same time also. I wonder if some smaller time like 5,000 minutes OR logging out at least once OR clearing cookies will solve these problems forever for all the users affected by it (with the workaround)?

Thanks again for waiting (and for being patient with us)! Let us know if you encounter anything in the older version, btw.

Regards,

Bes