- ivnish Kazakhstan
Automatically closed because Drupal 7 security and bugfix support has ended β as of 5 January 2025. If the issue verifiably applies β to later versions, please reopen with details and update the version.
If a user does not have the "administer comments" permission and attempts to edit a comment, the comment "created" date will be overridden with the current date/time.
The reason this happens is due to the following code in core's comment_form function:
// Prepare default values for form elements.
if ($is_admin) {
$author = (!$comment->uid && $comment->name ? $comment->name : $comment->registered_name);
$status = (isset($comment->status) ? $comment->status : COMMENT_NOT_PUBLISHED);
$date = (!empty($comment->date) ? $comment->date : format_date($comment->created, 'custom', 'Y-m-d H:i O'));
}
else {
if ($user->uid) {
$author = $user->name;
}
else {
$author = ($comment->name ? $comment->name : '');
}
$status = (user_access('skip comment approval') ? COMMENT_PUBLISHED : COMMENT_NOT_PUBLISHED);
$date = '';
}
A default value for $date is only set if the user is an admin, otherwise it is left blank. A blank value in comment_save is interpreted to mean that a value needs to be set to the current timestamp, overriding whatever existed the database.
The attached patch intercepts comment_form when editing a comment and the user does not have "administer comments". It then adds a #default_value for author date based on the current created time of the comment.
See attached, thanks.
Closed: outdated
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Automatically closed because Drupal 7 security and bugfix support has ended β as of 5 January 2025. If the issue verifiably applies β to later versions, please reopen with details and update the version.