![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] Form for editing entry shows up even when you don't own the journal in question
[commit: http://hg.dwscoalition.org/dw-free/rev/547cfe82ac04]
http://bugs.dwscoalition.org/show_bug.cgi?id=4302
Add a check for whether we're actually trying to edit a community and
shortcircuit if not. (To be clear: you couldn't view anything you didn't
actually have permission to view, and trying to save edits wouldn't have
worked, but this is understandably alarming to run into!)
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
fu.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=4302
Add a check for whether we're actually trying to edit a community and
shortcircuit if not. (To be clear: you couldn't view anything you didn't
actually have permission to view, and trying to save edits wouldn't have
worked, but this is understandably alarming to run into!)
Patch by
fu.Files modified:
- htdocs/editjournal.bml
--------------------------------------------------------------------------------
diff -r 8f821c19ee73 -r 547cfe82ac04 htdocs/editjournal.bml
--- a/htdocs/editjournal.bml Tue Jan 31 11:02:03 2012 +0800
+++ b/htdocs/editjournal.bml Tue Jan 31 15:04:23 2012 +0800
@@ -123,6 +123,8 @@
$usejournal_u = LJ::load_user($usejournal);
return LJ::bad_input( $ML{'error.nocomm'} )
unless $usejournal_u;
+ return LJ::bad_input( $ML{'error.invalidauth'} )
+ unless $usejournal_u->is_comm;
}
###
--------------------------------------------------------------------------------