diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-29 15:17:58 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-29 15:17:58 +0200 |
commit | d136d7c874cd3fbc012ca43250c64deb9e791b94 (patch) | |
tree | 1594e000026ccc44d3008f58ddc909a90b332326 | |
parent | 63f95bd86fa17e76b2a1b9a9ce61ebbc08017797 (diff) | |
download | aur-d136d7c874cd3fbc012ca43250c64deb9e791b94.tar.gz aur-d136d7c874cd3fbc012ca43250c64deb9e791b94.tar.xz |
Allow users to delete their own comments
Fixes a regression introduced in 03c6304 (Rework permission handling,
2014-07-15). Fixes FS#41379.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r-- | web/lib/pkgfuncs.inc.php | 18 |
1 files changed, 5 insertions, 13 deletions
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 69b1c94c..defe7f45 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -13,27 +13,19 @@ include_once("pkgbasefuncs.inc.php"); * @return bool True if the user can delete the comment, otherwise false */ function can_delete_comment($comment_id=0) { - if (!uid_from_sid($_COOKIE["AURSID"])) { - /* Unauthenticated users cannot delete anything. */ - return false; - } - if (has_credential(CRED_COMMENT_DELETE)) { - /* TUs and developers can delete any comment. */ - return true; - } - $dbh = DB::connect(); - $q = "SELECT COUNT(*) FROM PackageComments "; - $q.= "WHERE ID = " . intval($comment_id) . " AND UsersID = " . $uid; + $q = "SELECT UsersID FROM PackageComments "; + $q.= "WHERE ID = " . intval($comment_id); $result = $dbh->query($q); if (!$result) { return false; } - $row = $result->fetch(PDO::FETCH_NUM); - return ($row[0] > 0); + $uid = $result->fetch(PDO::FETCH_COLUMN, 0); + + return has_credential(CRED_COMMENT_DELETE, array($uid)); } /** |