Addon that allows edit thread title but not edit posts

[Masetrix]

Not with my add-ons,

No, I hadn't said that, and I would never deal with such things in a forum as publicly as the others do here.

 

[Lawrence]

No, I hadn't said that, and I would never deal with such things in a forum as publicly as the others do here.

I just edited my post that made that statement,

 

[Masetrix]

We're happy to. If you can let us know which add-ons allow data to be manipulated without proper permission checks which may cause data loss to any of our customers via passing simple URL parameters, we'd like to know so we can remove them from the resource manager and perhaps reconsider whether the author should be releasing their products here.

The author of the addon I was referring to is informed. It is not about the wide-ranging "possibilities" as @Kirby throws this into the public eye. I don't want anyone to suffer a disadvantage.


I had already tried to solve the problem with too wide rights in this addon using PHP,

Help on phpcode and its small extension

Hi, I have to adapt an addon and would like to check in the code below whether the current user, who already has the group right to change the topic title, is also the owner of the topic that he wants to work on ... If not, "Exit - Not your thread ". class Thread extends XFCP_Thread {...

xenforo.com

But when it comes to "need to extend the Thread entity and implement a method with type checking", then that's above my ability because I am still too unknown to the internal structure of XF.

So it was easy to restrict the rights for my Users using @AndyB template.
But I was not aware of the gap between templates and php.