WordPress.org

Make WordPress Core

Ticket #14520: edit_comment.4.diff

File edit_comment.4.diff, 6.7 KB (added by scribu, 8 years ago)

also update edit-comment.php

  • wp-includes/link-template.php

     
    875875 */
    876876function get_edit_comment_link( $comment_id = 0 ) {
    877877        $comment = &get_comment( $comment_id );
    878         $post = &get_post( $comment->comment_post_ID );
    879878
    880         if ( $post->post_type == 'page' ) {
    881                 if ( !current_user_can( 'edit_page', $post->ID ) )
    882                         return;
    883         } else {
    884                 if ( !current_user_can( 'edit_post', $post->ID ) )
    885                         return;
    886         }
     879        if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
     880                return;
    887881
    888882        $location = admin_url('comment.php?action=editcomment&c=') . $comment->comment_ID;
    889883        return apply_filters( 'get_edit_comment_link', $location );
     
    900894 * @return string|null HTML content, if $echo is set to false.
    901895 */
    902896function edit_comment_link( $link = null, $before = '', $after = '' ) {
    903         global $comment, $post;
     897        global $comment;
    904898
    905         if ( $post->post_type == 'page' ) {
    906                 if ( !current_user_can( 'edit_page', $post->ID ) )
    907                         return;
    908         } else {
    909                 if ( !current_user_can( 'edit_post', $post->ID ) )
    910                         return;
    911         }
     899        if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
     900                return;
    912901
    913902        if ( null === $link )
    914903                $link = __('Edit This');
  • wp-includes/capabilities.php

     
    898898                $author_data = get_userdata( $user_id );
    899899                //echo "post ID: {$args[0]}<br />";
    900900                $post = get_post( $args[0] );
     901
    901902                $post_type = get_post_type_object( $post->post_type );
    902903                if ( $post_type && 'post' != $post_type->capability_type ) {
    903904                        $args = array_merge( array( $post_type->cap->edit_post, $user_id ), $args );
     
    990991                else
    991992                        $caps[] = 'read_private_pages';
    992993                break;
     994        case 'edit_comment':
     995                $comment = get_comment( $args[0] );
     996                $post = get_post( $comment->comment_post_ID );
     997                $post_type_object = get_post_type_object( $post->post_type );
     998
     999                $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
     1000                break;
    9931001        case 'unfiltered_upload':
    9941002                if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  )
    9951003                        $caps[] = $cap;
  • wp-admin/edit-comments.php

     
    3636        foreach ( $comment_ids as $comment_id ) { // Check the permissions on each
    3737                $_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id ) );
    3838
    39                 if ( !current_user_can( 'edit_post', $_post_id ) )
     39                if ( !current_user_can( 'edit_comment', $comment_id ) )
    4040                        continue;
    4141
    4242                switch ( $doaction ) {
  • wp-admin/includes/default-list-tables.php

     
    21342134                $comment = get_comment( $comment_id );
    21352135                $post = get_post( $comment->comment_post_ID );
    21362136                $the_comment_status = wp_get_comment_status( $comment->comment_ID );
    2137                 $post_type_object = get_post_type_object( $post->post_type );
    2138                 $user_can = current_user_can( $post_type_object->cap->edit_post, $post->ID );
     2137                $user_can = current_user_can( 'edit_comment', $comment_id );
    21392138
    21402139                $comment_url = esc_url( get_comment_link( $comment->comment_ID ) );
    21412140                $author_url = get_comment_author_url();
     
    21552154                        $del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
    21562155                        $approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
    21572156
    2158                         $url = "comment.php?post_ID=$post->ID&c=$comment->comment_ID";
     2157                        $url = "comment.php?c=$comment->comment_ID";
    21592158
    21602159                        $approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
    21612160                        $unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );
  • wp-admin/includes/dashboard.php

     
    586586        $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';
    587587
    588588        $actions_string = '';
    589         if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
     589        if ( current_user_can( 'edit_comment', $comment->comment_ID ) ) {
    590590                // preorder it: Approve | Reply | Edit | Spam | Trash
    591591                $actions = array(
    592592                        'approve' => '', 'unapprove' => '',
  • wp-admin/comment.php

     
    6060        if ( !$comment = get_comment( $comment_id ) )
    6161                comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)') );
    6262
    63         if ( !current_user_can('edit_post', $comment->comment_post_ID) )
    64                 comment_footer_die( __('You are not allowed to edit comments on this post.') );
     63        if ( !current_user_can( 'edit_comment', $comment_id ) )
     64                comment_footer_die( __('You are not allowed to edit this comment.') );
    6565
    6666        if ( 'trash' == $comment->comment_approved )
    6767                comment_footer_die( __('This comment is in the Trash. Please move it out of the Trash if you want to edit it.') );
     
    8484                die();
    8585        }
    8686
    87         if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) {
     87        if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) {
    8888                wp_redirect( admin_url('edit-comments.php?error=2') );
    8989                die();
    9090        }
     
    184184
    185185<?php wp_nonce_field( $nonce_action ); ?>
    186186<input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' />
    187 <input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' />
    188187<input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' />
    189188<input type='hidden' name='noredir' value='1' />
    190189</form>
     
    212211
    213212        if ( !$comment = get_comment($comment_id) )
    214213                comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php') );
    215         if ( !current_user_can('edit_post', $comment->comment_post_ID ) )
     214        if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
    216215                comment_footer_die( __('You are not allowed to edit comments on this post.') );
    217216
    218217        if ( '' != wp_get_referer() && ! $noredir && false === strpos(wp_get_referer(), 'comment.php') )