From 5fceee4f911bc7f3ba9c6c329410fcdc18da39d7 Mon Sep 17 00:00:00 2001 From: azaozz Date: Thu, 17 Dec 2009 21:02:38 +0000 Subject: [PATCH] Fix the 'current_user_can' check for 'add-comment'. git-svn-id: http://svn.automattic.com/wordpress/trunk@12438 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin-ajax.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index ae9c81dcd5..5778a12e2e 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -636,7 +636,7 @@ case 'get-tagcloud' : break; case 'add-comment' : check_ajax_referer( $action ); - if ( !current_user_can( 'edit_post', $id ) ) + if ( !current_user_can( 'edit_posts' ) ) die('-1'); $search = isset($_POST['s']) ? $_POST['s'] : false; $status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';