Ticket #14520: edit_comment.2.diff

wp-includes/link-template.php

@@ -874 +874 @@
  * @return string
  */
 function get_edit_comment_link( $comment_id = 0 ) {
-        $comment = &get_comment( $comment_id );
-        $post = &get_post( $comment->comment_post_ID );
+        if ( !current_user_can('edit_comment', $comment_id) )
+                return;
 
-        if ( $post->post_type == 'page' ) {
-                if ( !current_user_can( 'edit_page', $post->ID ) )
-                        return;
-        } else {
-                if ( !current_user_can( 'edit_post', $post->ID ) )
-                        return;
-        }
-
-        $location = admin_url('comment.php?action=editcomment&c=') . $comment->comment_ID;
+        $location = admin_url('comment.php?action=editcomment&c=') . $comment_id;
         return apply_filters( 'get_edit_comment_link', $location );
 }
 
@@ -900 +892 @@
  * @return string|null HTML content, if $echo is set to false.
  */
 function edit_comment_link( $link = null, $before = '', $after = '' ) {
-        global $comment, $post;
+        global $comment;
 
-        if ( $post->post_type == 'page' ) {
-                if ( !current_user_can( 'edit_page', $post->ID ) )
-                        return;
-        } else {
-                if ( !current_user_can( 'edit_post', $post->ID ) )
-                        return;
-        }
+        if ( !current_user_can('edit_comment', $comment->comment_ID) )
+                return;
 
         if ( null === $link )
                 $link = __('Edit This');

wp-includes/capabilities.php

@@ -990 +990 @@
                 else
                         $caps[] = 'read_private_pages';
                 break;
+        case 'edit_comment':
+                $caps[] = 'edit_published_posts';
+
+                $comment = get_comment( $args[0] );
+
+                if ( $comment->user_id != $user_id )
+                        $caps[] = 'moderate_comments';
+                break;
         case 'unfiltered_upload':
                 if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  )
                         $caps[] = $cap;

wp-admin/includes/dashboard.php

@@ -586 +586 @@
         $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';
 
         $actions_string = '';
-        if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
+        if ( current_user_can('edit_comment', $comment->comment_ID) ) {
                 // preorder it: Approve | Reply | Edit | Spam | Trash
                 $actions = array(
                         'approve' => '', 'unapprove' => '',

wp-admin/includes/template.php

@@ -2004 +2004 @@
         $comment = get_comment( $comment_id );
         $post = get_post($comment->comment_post_ID);
         $the_comment_status = wp_get_comment_status($comment->comment_ID);
-        $post_type_object = get_post_type_object($post->post_type);
-        $user_can = current_user_can($post_type_object->cap->edit_post, $post->ID);
+        $user_can = current_user_can('edit_comment', $comment_id);
 
         $comment_url = esc_url(get_comment_link($comment->comment_ID));
         $author_url = get_comment_author_url();
@@ -2025 +2024 @@
                 $del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
                 $approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
 
-                $approve_url = esc_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID&$approve_nonce" );
-                $unapprove_url = esc_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID&$approve_nonce" );
-                $spam_url = esc_url( "comment.php?action=spamcomment&p=$post->ID&c=$comment->comment_ID&$del_nonce" );
-                $unspam_url = esc_url( "comment.php?action=unspamcomment&p=$post->ID&c=$comment->comment_ID&$del_nonce" );
-                $trash_url = esc_url( "comment.php?action=trashcomment&p=$post->ID&c=$comment->comment_ID&$del_nonce" );
-                $untrash_url = esc_url( "comment.php?action=untrashcomment&p=$post->ID&c=$comment->comment_ID&$del_nonce" );
-                $delete_url = esc_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID&$del_nonce" );
+                $approve_url = esc_url( "comment.php?action=approvecomment&c=$comment->comment_ID&$approve_nonce" );
+                $unapprove_url = esc_url( "comment.php?action=unapprovecomment&c=$comment->comment_ID&$approve_nonce" );
+                $spam_url = esc_url( "comment.php?action=spamcomment&c=$comment->comment_ID&$del_nonce" );
+                $unspam_url = esc_url( "comment.php?action=unspamcomment&c=$comment->comment_ID&$del_nonce" );
+                $trash_url = esc_url( "comment.php?action=trashcomment&c=$comment->comment_ID&$del_nonce" );
+                $untrash_url = esc_url( "comment.php?action=untrashcomment&c=$comment->comment_ID&$del_nonce" );
+                $delete_url = esc_url( "comment.php?action=deletecomment&c=$comment->comment_ID&$del_nonce" );
         }
 
         echo "<tr id='comment-$comment->comment_ID' class='$the_comment_status'>";

wp-admin/comment.php

@@ -60 +60 @@
         if ( !$comment = get_comment( $comment_id ) )
                 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)') );
 
-        if ( !current_user_can('edit_post', $comment->comment_post_ID) )
-                comment_footer_die( __('You are not allowed to edit comments on this post.') );
+        if ( !current_user_can('edit_comment', $comment_id) )
+                comment_footer_die( __('You are not allowed to edit this comment.') );
 
         if ( 'trash' == $comment->comment_approved )
                 comment_footer_die( __('This comment is in the Trash. Please move it out of the Trash if you want to edit it.') );
@@ -84 +84 @@
                 die();
         }
 
-        if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) {
+        if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) {
                 wp_redirect( admin_url('edit-comments.php?error=2') );
                 die();
         }
@@ -184 +184 @@
 
 <?php wp_nonce_field( $nonce_action ); ?>
 <input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' />
-<input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' />
 <input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' />
 <input type='hidden' name='noredir' value='1' />
 </form>
@@ -212 +211 @@
 
         if ( !$comment = get_comment($comment_id) )
                 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php') );
-        if ( !current_user_can('edit_post', $comment->comment_post_ID ) )
+        if ( !current_user_can('edit_comment', $comment->comment_ID ) )
                 comment_footer_die( __('You are not allowed to edit comments on this post.') );
 
         if ( '' != wp_get_referer() && ! $noredir && false === strpos(wp_get_referer(), 'comment.php') )