BUG - claimee can edit listing before claim is approved
Hi,
If a person claims a listing via Vantage front end, they go through the process of selecting a plan etc. and reach the 'Order Complete' page, which has a link at the bottom for 'Continue to Listing'. If they click on this link they will see the listing, along with a link to 'Edit Listing' - even though their claim has not yet been approved!
I have tested this and any changes made do actually get written to the database...so anyone can essentially screw up a listing by claiming it and then trashing it before the site owner has had time to approve or deny the claim. As most sites have a basic free listing, there isn't even a financial deterrent to stop malicious folks doing this...
The problem is in this function:
Code:
function the_listing_edit_link( $listing_id = 0, $text = '' ) {
$listing_id = $listing_id ? $listing_id : get_the_ID();
if ( !current_user_can( 'edit_post', $listing_id ) )
return;
if( empty( $text ) )
$text = __( 'Edit Listing', APP_TD );
echo html( 'a', array(
'class' => 'listing-edit-link',
'href' => va_get_listing_edit_url( $listing_id ),
), $text );
}
The check for whether the edit listing link should appear need to also check whether the listing is currently being claimed....so the edit listing link should not be shown in the above situation...
Now, just got to figure out how to add that check myself, as I don't have time to wait for a bug fix. Any clues gratefully received!
red20
You must be an AppThemes customer and logged in to view this response.