diff options
| -rw-r--r-- | web/html/pkgedit.php | 4 | ||||
| -rw-r--r-- | web/lib/pkgfuncs.inc | 18 | ||||
| -rw-r--r-- | web/template/pkg_comments.php | 3 |
3 files changed, 19 insertions, 6 deletions
diff --git a/web/html/pkgedit.php b/web/html/pkgedit.php index 3b1c8257..5a711d04 100644 --- a/web/html/pkgedit.php +++ b/web/html/pkgedit.php @@ -35,9 +35,9 @@ if (!$_REQUEST["ID"]) { # if ($_REQUEST["del_Comment"]) { if ($_REQUEST["comment_id"]) { - if (canDeleteComment($_REQUEST["comment_id"], $atype, $_COOKIE["AURSID"])) { + $uid = uid_from_sid($_COOKIE["AURSID"]); + if (canDeleteComment($_REQUEST["comment_id"], $atype, $uid)) { $dbh = db_connect(); - $uid = uid_from_sid($_COOKIE["AURSID"]); $q = "UPDATE PackageComments "; $q.= "SET DelUsersID = ".$uid." "; $q.= "WHERE ID = ".intval($_REQUEST["comment_id"]); diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index 6ce96159..056552b9 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -8,13 +8,11 @@ $pkgsearch_vars = array("O", "L", "C", "K", "SB", "SO", "PP", "do_Orphans", "SeB # Make sure this visitor can delete the requested package comment # They can delete if they were the comment submitter, or if they are a TU/Dev # -function canDeleteComment($comment_id=0, $atype="", $SID="") { +function canDeleteComment($comment_id=0, $atype="", $uid=0) { if ($atype == "Trusted User" || $atype == "Developer") { # A TU/Dev can delete any comment - # return TRUE; } - $uid = uid_from_sid($SID); $dbh = db_connect(); $q = "SELECT COUNT(ID) AS CNT "; $q.= "FROM PackageComments "; @@ -30,6 +28,20 @@ function canDeleteComment($comment_id=0, $atype="", $SID="") { return FALSE; } +# Make sure this visitor can delete the requested package comment +# They can delete if they were the comment submitter, or if they are a TU/Dev +# +function canDeleteCommentArray($comment, $atype="", $uid=0) { + if ($atype == "Trusted User" || $atype == "Developer") { + # A TU/Dev can delete any comment + return TRUE; + } else if ($comment['UsersID'] == $uid) { + # User's own comment + return TRUE; + } + return FALSE; +} + # see if this Users.ID can manage the package # function canManagePackage($uid=0,$AURMUID=0, $MUID=0, $SUID=0, $managed=0) { diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index 20cd2787..7c42ac16 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -1,8 +1,9 @@ <div class="pgbox"> <?php +$uid = uid_from_sid($SID); while (list($indx, $carr) = each($comments)) { ?> <div class="comment-header"><?php - if (canDeleteComment($carr['ID'], $atype, $SID)) { + if (canDeleteCommentArray($carr, $atype, $uid)) { $durl = '<a href="pkgedit.php?del_Comment=1'; $durl.= '&comment_id=' . $carr['ID'] . '&ID=' . $row['ID']; $durl.= '"><img src="images/x.png" border="0"'; |