Fix for comment deletion priileges.
Bug reported by Michael Renzmann git-svn-id: http://svn.automattic.com/wordpress/trunk@527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
e1940bab18
commit
567a609308
wp-admin
|
@ -350,10 +350,17 @@ switch($action) {
|
||||||
if ($user_level == 0)
|
if ($user_level == 0)
|
||||||
die ('Cheatin’ uh?');
|
die ('Cheatin’ uh?');
|
||||||
|
|
||||||
|
|
||||||
$comment = $HTTP_GET_VARS['comment'];
|
$comment = $HTTP_GET_VARS['comment'];
|
||||||
$p = $HTTP_GET_VARS['p'];
|
$p = $HTTP_GET_VARS['p'];
|
||||||
|
|
||||||
|
$postdata = get_postdata($p) or die('Oops, no post with this ID. <a href="wp-post.php">Go back</a>!');
|
||||||
$commentdata = get_commentdata($comment) or die('Oops, no comment with this ID. <a href="wp-post.php">Go back</a>!');
|
$commentdata = get_commentdata($comment) or die('Oops, no comment with this ID. <a href="wp-post.php">Go back</a>!');
|
||||||
|
|
||||||
|
$authordata = get_userdata($postdata['Author_ID']);
|
||||||
|
if ($user_level < $authordata->user_level)
|
||||||
|
die ('You don’t have the right to delete <strong>'.$authordata->user_nickname.'</strong>’s post comments. <a href="wp-post.php">Go back</a>!');
|
||||||
|
|
||||||
$result = $wpdb->query("DELETE FROM $tablecomments WHERE comment_ID=$comment");
|
$result = $wpdb->query("DELETE FROM $tablecomments WHERE comment_ID=$comment");
|
||||||
|
|
||||||
if($HTTP_SERVER_VARS['HTTP_REFERER'] != "") {
|
if($HTTP_SERVER_VARS['HTTP_REFERER'] != "") {
|
||||||
|
|
Loading…
Reference in New Issue