Ticket #14520: edit_comment.4.diff
| File edit_comment.4.diff, 6.7 KB (added by , 13 years ago) |
|---|
-
wp-includes/link-template.php
875 875 */ 876 876 function get_edit_comment_link( $comment_id = 0 ) { 877 877 $comment = &get_comment( $comment_id ); 878 $post = &get_post( $comment->comment_post_ID );879 878 880 if ( $post->post_type == 'page' ) { 881 if ( !current_user_can( 'edit_page', $post->ID ) ) 882 return; 883 } else { 884 if ( !current_user_can( 'edit_post', $post->ID ) ) 885 return; 886 } 879 if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) 880 return; 887 881 888 882 $location = admin_url('comment.php?action=editcomment&c=') . $comment->comment_ID; 889 883 return apply_filters( 'get_edit_comment_link', $location ); … … 900 894 * @return string|null HTML content, if $echo is set to false. 901 895 */ 902 896 function edit_comment_link( $link = null, $before = '', $after = '' ) { 903 global $comment , $post;897 global $comment; 904 898 905 if ( $post->post_type == 'page' ) { 906 if ( !current_user_can( 'edit_page', $post->ID ) ) 907 return; 908 } else { 909 if ( !current_user_can( 'edit_post', $post->ID ) ) 910 return; 911 } 899 if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) 900 return; 912 901 913 902 if ( null === $link ) 914 903 $link = __('Edit This'); -
wp-includes/capabilities.php
898 898 $author_data = get_userdata( $user_id ); 899 899 //echo "post ID: {$args[0]}<br />"; 900 900 $post = get_post( $args[0] ); 901 901 902 $post_type = get_post_type_object( $post->post_type ); 902 903 if ( $post_type && 'post' != $post_type->capability_type ) { 903 904 $args = array_merge( array( $post_type->cap->edit_post, $user_id ), $args ); … … 990 991 else 991 992 $caps[] = 'read_private_pages'; 992 993 break; 994 case 'edit_comment': 995 $comment = get_comment( $args[0] ); 996 $post = get_post( $comment->comment_post_ID ); 997 $post_type_object = get_post_type_object( $post->post_type ); 998 999 $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID ); 1000 break; 993 1001 case 'unfiltered_upload': 994 1002 if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) ) 995 1003 $caps[] = $cap; -
wp-admin/edit-comments.php
36 36 foreach ( $comment_ids as $comment_id ) { // Check the permissions on each 37 37 $_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id ) ); 38 38 39 if ( !current_user_can( 'edit_ post', $_post_id ) )39 if ( !current_user_can( 'edit_comment', $comment_id ) ) 40 40 continue; 41 41 42 42 switch ( $doaction ) { -
wp-admin/includes/default-list-tables.php
2134 2134 $comment = get_comment( $comment_id ); 2135 2135 $post = get_post( $comment->comment_post_ID ); 2136 2136 $the_comment_status = wp_get_comment_status( $comment->comment_ID ); 2137 $post_type_object = get_post_type_object( $post->post_type ); 2138 $user_can = current_user_can( $post_type_object->cap->edit_post, $post->ID ); 2137 $user_can = current_user_can( 'edit_comment', $comment_id ); 2139 2138 2140 2139 $comment_url = esc_url( get_comment_link( $comment->comment_ID ) ); 2141 2140 $author_url = get_comment_author_url(); … … 2155 2154 $del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) ); 2156 2155 $approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) ); 2157 2156 2158 $url = "comment.php? post_ID=$post->ID&c=$comment->comment_ID";2157 $url = "comment.php?c=$comment->comment_ID"; 2159 2158 2160 2159 $approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" ); 2161 2160 $unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" ); -
wp-admin/includes/dashboard.php
586 586 $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>'; 587 587 588 588 $actions_string = ''; 589 if ( current_user_can( 'edit_post', $comment->comment_post_ID) ) {589 if ( current_user_can( 'edit_comment', $comment->comment_ID ) ) { 590 590 // preorder it: Approve | Reply | Edit | Spam | Trash 591 591 $actions = array( 592 592 'approve' => '', 'unapprove' => '', -
wp-admin/comment.php
60 60 if ( !$comment = get_comment( $comment_id ) ) 61 61 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)') ); 62 62 63 if ( !current_user_can( 'edit_post', $comment->comment_post_ID) )64 comment_footer_die( __('You are not allowed to edit comments on this post.') );63 if ( !current_user_can( 'edit_comment', $comment_id ) ) 64 comment_footer_die( __('You are not allowed to edit this comment.') ); 65 65 66 66 if ( 'trash' == $comment->comment_approved ) 67 67 comment_footer_die( __('This comment is in the Trash. Please move it out of the Trash if you want to edit it.') ); … … 84 84 die(); 85 85 } 86 86 87 if ( !current_user_can( 'edit_ post', $comment->comment_post_ID ) ) {87 if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) { 88 88 wp_redirect( admin_url('edit-comments.php?error=2') ); 89 89 die(); 90 90 } … … 184 184 185 185 <?php wp_nonce_field( $nonce_action ); ?> 186 186 <input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' /> 187 <input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' />188 187 <input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' /> 189 188 <input type='hidden' name='noredir' value='1' /> 190 189 </form> … … 212 211 213 212 if ( !$comment = get_comment($comment_id) ) 214 213 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php') ); 215 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )214 if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) 216 215 comment_footer_die( __('You are not allowed to edit comments on this post.') ); 217 216 218 217 if ( '' != wp_get_referer() && ! $noredir && false === strpos(wp_get_referer(), 'comment.php') )