Addon that allows edit thread title but not edit posts

Mr Lucky

Mr Lucky

Well-known member
Permissions don't allow edit thread title unless you have edit own post permissions.

Doers anyone know an addon (or even better a template modification or edit) that would allow this?

Thanks
 
Maybe this one from AndyB :
xenforo.com

Edit thread title

Premium upgrade: This XF2 add-on along with the entire collection can be purchased for $35.00 USD. Your Premium upgrade will allow you to download as many XF2 add-ons as you like for one year. Please see the entire collection located in the...
xenforo.com xenforo.com
 
I'm not sure of your use case but if you are looking to add something like SOLD to the title, the prefix actions add-on allows you to edit the prefix even when the edit time has passed in which case you could use a "SOLD" prefix etc. Just FYI.
 
Last edited:
beerForo said:
I'm not sure of your use case but if you are looking to add something like SOLD to the title, the prefix actions add-on allows you to edit the prefix even when the edit time has passed in which case you could use a "SOLD" prefix etc. Just FYI.
Click to expand...

yes, that's the reason. Users should not edit for sale posts (too much potential for fraud editing descriptions after a sale, but I want sellers to say SOLD.

So this could be the one!
 
Cool check this out. Not only can they edit the prefix when the edit time has passed, when they change the prefix to SOLD it can also close or move the thread (or do nothing, and use it for the prefix permission when edit time has passed, but check with author on that one).
xenforo.com

[OzzModz] Prefix Actions

This add-on adds the ability to open, close, stick, unstick or move threads automatically when any prefix is selected. If the original poster has permission to use a prefix, they can change the prefix at any time and the thread will be open...
xenforo.com xenforo.com
 
Mr Lucky said:
Permissions don't allow edit thread title unless you have edit own post permissions.

Doers anyone know an addon (or even better a template modification or edit) that would allow this?

Thanks
Click to expand...

I am also looking for this option so that users can subsequently adapt their topic title to the content of the post without having to edit the post themselves.

We do not need topic titles with "Help wanted", but titles that relate to the content of the posting and that the user should be able to adjust later.

Anyone?
 
Found :D
xenforo.com

Edit thread title

Premium upgrade: This XF2 add-on along with the entire collection can be purchased for $35.00 USD. Your Premium upgrade will allow you to download as many XF2 add-ons as you like for one year. Please see the entire collection located in the...
xenforo.com xenforo.com

Super tool, does what it promises, but a little too well.

Unfortunately, this not only gives the user group access to its own headings, the user group can then edit every title, including the titles of other users.
To prevent this, I have a little code for you here, so a workaround.
This means that (with this Tool) everyone in the user group can only edit their own topic titles ...

Open: /admin.php?styles/default-style.1/templates&type=public (XF2.1.10 Default Style here)
and edit template: andy_edit_thread_title.
@Line 1, before, insert:
Code: 
<xf:if is="{$thread.user_id} == {$xf.visitor.user_id}">

at the end of the template replace </xf: if>
with the following code:
Code: 
<xf:else />
  <xf:title>{{'Ooops Not your title! Please ---->'}}</xf:title>
</xf:if>
That's all, save, exit, enjoy. :D

Edit 2.

Let's add a time limit and Link to Staff (Thanks again @Jeremy P )
replace:"<xf:title>{{ phrase('editthreadtitle_edit_thread_title') }}</xf:title>"
Code: 
<xf:if is="{$thread.user_id} != {$xf.visitor.user_id}">
    <xf:title>{{'Ooops.. Not your title?!'}}</xf:title>
<xf:else />
<xf:if is="$xf.time < $thread.post_date + 86400 * 3">
       xf:title>{{ phrase('editthreadtitle_edit_thread_title') }}</xf:title>
....

Replace the last </xf:if>by this code:
Code: 
<xf:else />
    <xf:title>{{ Unfortunately the editing time has already expired! Please contact  <u><b><a href="Add your link to staff here">Staffmember...</a></b></u>'}}</xf:title>
</xf:if>
</xf:if>

You could still use phrases here instead of using the notes directly in the code. But I don't like to take all the joy out of experimenting;)
And always remember to create a backup before changing the code!
 
Last edited:
Masetrix said:
Open: /admin.php?styles/default-style.1/templates&type=public (XF2.1.10 Default Style here)
[..]
That's all, save, exit, enjoy. :D
Click to expand...
This won't prevent non-owners from editing thread titles if the PHP code does allow that (which seems to be the case by judging your comment, I don't have the Add-on so I can't say for sure).
 
Kirby said:
This won't prevent non-owners from editing thread titles if the PHP code does allow that (which seems to be the case by judging your comment, I don't have the Add-on so I can't say for sure).
Click to expand...

1592560242373.png
new with "timebomb" ;)
1592560603686.webp
Even the "Superadmin" cannot - with this function - avoid the limitation.

Therefore, you should never make a public statement without first checking that it is correct.


You can test that, it works. And if you edit the modifiction directly in the "template.xml", in the addon version, the whole thing works - after reinstalling - in all separate styles ... :D
 
Last edited:
Kirby said:
Thanks for the offer, I've "successfully" tested it:
View attachment 228247


So before making such statements you might want to check the facts ...

"Hiding" functions from the GUI never stops users from using them.
Click to expand...
So far I've only talked from the GUI perspective and specifically that the modification works. With the technique you use you can influence some modifications, but you can also turn that off. ;)

For me in the forum, or in normal forums at all, there is no reason for that - there is nobody who knows so far, or someone who wants to prove themselves in this way. ;)

Our forums are more about user friendliness, providing user guidance functions and helping members with their concerns.
 
Masetrix said:
For me in the forum, or in normal forums at all, there is no reason for that - there is nobody who knows so far, or someone who wants to prove themselves in this way. ;)
Click to expand...
It's your forum, so do whatever you want :)

I consider this a serious security issue and recipe for desaster (as it would allow any registered user to nuke off a lot of (all?) thread titles using a script) but YMMV.
 
Last edited:
Kirby said:
It's your forum, so do whatever you want :)

I consider this a serious security issue and recipe for desaster (as it would allow any registered user to nuke off a lot of (all?) thread titles using a script) but YMMV.
Click to expand...

I know that.
This is the case with a whole range of other addons that we (and others) use as well. Parameters passed via URL are no secret.
Why don't you make such an uprising there? Do you want to prove something to me or the others here? The impression arises because of the enthusiasm you are currently showing. But which I have never seen in any other tool of yours where the same possibilities exist.
In any other case, a conversation would have been sufficient to sort this out.
 
Masetrix said:
Found :D
xenforo.com

Edit thread title

Premium upgrade: This XF2 add-on along with the entire collection can be purchased for $35.00 USD. Your Premium upgrade will allow you to download as many XF2 add-ons as you like for one year. Please see the entire collection located in the...
xenforo.com xenforo.com

Super tool, does what it promises, but a little too well.

Unfortunately, this not only gives the user group access to its own headings, the user group can then edit every title, including the titles of other users.
To prevent this, I have a little code for you here, so a workaround.
This means that (with this Tool) everyone in the user group can only edit their own topic titles ...

Open: /admin.php?styles/default-style.1/templates&type=public (XF2.1.10 Default Style here)
and edit template: andy_edit_thread_title.
@Line 1, before, insert:
Code: 
<xf:if is="{$thread.user_id} == {$xf.visitor.user_id}">

at the end of the template replace </xf: if>
with the following code:
Code: 
<xf:else />
  <xf:title>{{'Ooops Not your title! Please ---->'}}</xf:title>
</xf:if>
That's all, save, exit, enjoy. :D

Edit 2.

Let's add a time limit and Link to Staff (Thanks again @Jeremy P )
replace:"<xf:title>{{ phrase('editthreadtitle_edit_thread_title') }}</xf:title>"
Code: 
<xf:if is="{$thread.user_id} != {$xf.visitor.user_id}">
    <xf:title>{{'Ooops.. Not your title?!'}}</xf:title>
<xf:else />
<xf:if is="$xf.time < $thread.post_date + 86400 * 3">
       xf:title>{{ phrase('editthreadtitle_edit_thread_title') }}</xf:title>
....

Replace the last </xf:if>by this code:
Code: 
<xf:else />
    <xf:title>{{ Unfortunately the editing time has already expired! Please contact  <u><b><a href="Add your link to staff here">Staffmember...</a></b></u>'}}</xf:title>
</xf:if>
</xf:if>

You could still use phrases here instead of using the notes directly in the code. But I don't like to take all the joy out of experimenting;)
And always remember to create a backup before changing the code!
Click to expand...

You are only hiding the link to edit the title. The ability to edit the title is still available to a user. Every permission needs two checks: one for the HTML side of things, and one for the PHP side of things. The latter is the most important one, as that prevents the editing.
 
Masetrix said:
I know that.
This is the case with a whole range of other addons that we (and others) use as well. Parameters passed via URL are no secret.
Click to expand...

Not with my add-ons, :)

Edit: just want to clarify: parameters passed via the URL are viewable but my add-ons check for the relevant permissions before they perform any requests.
 
Last edited:
Masetrix said:
Why don't you make such an uprising there?
Click to expand...
We're happy to. If you can let us know which add-ons allow data to be manipulated without proper permission checks which may cause data loss to any of our customers via passing simple URL parameters, we'd like to know so we can remove them from the resource manager and perhaps reconsider whether the author should be releasing their products here.

@AndyB can you please comment as to whether this is the expected behaviour or if it's a bug. If the former, why? Can this please be addressed ASAP?
 
Masetrix said:
Why don't you make such an uprising there? Do you want to prove something to me or the others here?
Click to expand...
I just pointed out that a template modification does not prevent users from exploiting this functionality, you accused me that this statement was incorrect and offered to test this, I did that to confirm my statement was correct.

That's all.
 
You must log in or register to reply here.

Similar threads

T
  • Question Question
XF 2.2 Give edit permission to thread starter, but not repliers?
Replies
6
Views
252
TomCann
T
Dimitris T
Add-on Allow users to edit their own polls (in their thread)
Replies
0
Views
292
Dimitris T
Dimitris T
Mr Lucky
  • Question Question
XF 2.2 Make Location show on registration form as optional - not as required
Replies
8
Views
335
Opus X
Opus X
Ozzy47
[OzzModz] Thread Title Edit
Replies
1
Views
489
Melvin Garcia
Melvin Garcia
taydin
  • Question Question
XF 2.2 Allow users to delete a thread if it only contains their posts
Replies
5
Views
202
Mr Lucky
Mr Lucky
Top Bottom