-
Bug
-
Resolution: Fixed
-
Major
-
None
-
2.0
-
None
-
Right now the editing/deletion of comment by non-author is only blocked on client-side JS, and can be bypassed by accessing the API functions in api.Comments directly. This must be blocked by a server-side check.