On clean installs (empty databases) of TW 1.10 and 1.9.11 (also tested and confirmed on the clean 1.9.11 install on opensourcecms.com).
After users (perms tiki_p_create_blogs and tiki_p_blog_post enabled)create a blog they can proceed to post to any other user's blog. More precisely, on the post blog page, a user can select all blogs from the "Blog" field
it seems that the function user_has_perm_on_object in tikilib.php (called by the list_blogs_user_can_post function) returns true for all blogs. It seems to me that user_has_perm_on_object either confuses the permission levels of tiki_p_blog_post or it simply doesn't check whether the blog has been marked as private or not.
A quick work around (which completely bypasses user_has_perm_on_object so is probably poses a bunch of security risk):
in the file tikilib.php
in the function function list_blogs_user_can_post
Replace
if( $this->user_has_perm_on_object($user, $res'blogId', 'blog', 'tiki_p_blog_post',0)){
with
if( $user $res'user' || $res'public' 'y'){
////////////////////////////////
fixed in tikitrunk(3.0)
commit 13737 + 13736
To help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
To help developers solve the bug, we kindly request that you demonstrate your bug on a show.tikiwiki.org instance. To start, simply select a version and click on "Create show.tikiwiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show.tikiwiki.org.
filename | created | hits | comment | version | filetype | ||
---|---|---|---|---|---|---|---|
No attachments for this item |