Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

Major issue: you can easily "approve" your own posts by hiding then reshowing them!

+3 votes
949 views
asked Dec 28, 2012 in Q2A Core by Scott
Just discovered this issue with the approve/reject feature. If you post an answer that is sent for moderation, you can see it on the page with the message "Your answer will be checked and approved shortly."

However, you have two options there: edit and hide. If you click hide, the answer changes (via AJAX) to the grey hidden style, with a button to reshow it. If you click "reshow" then the answer shows up with no problems and no longer needs to be approved!

Pretty serious oversight there...
Q2A version: 1.5.4

3 Answers

0 votes
answered Dec 29, 2012 by q2apro
nice found!

...this is another reason why I do not allow default users to edit or hide questions :)
+1 vote
answered Dec 30, 2012 by gidgreen
I checked this out and it doesn't seem to be the case in general. Perhaps it's due to a particular combination of settings, or some plugin which is modifying the general permissions? The default permission check for reshowing a hidden post checks that the user trying to reshow is not subject to moderation.
commented Jun 3, 2013 by gidgreen
Sorry for the delayed response... it does also prevent the button working. But I'm looking into this issue more deeply now.
commented Jun 3, 2013 by gidgreen
OK, so I've been examining it some more, and I think it does indeed make sense to pass reshown posts through filter modules, but *only* to check for whether they should be queued, not to modify their content in other ways. Otherwise the act of reshowing could modify post content, and that is confusing for users. Does this make sense to you?
+3 votes
answered Jun 4, 2013 by gidgreen
The latest version of Q2A 1.6-dev fixes this.
...