WordPress.org

Make WordPress Core

Ticket #17981: patch-core-17981.diff

File patch-core-17981.diff, 1.9 KB (added by koke, 7 years ago)
  • wp-includes/class-wp-xmlrpc-server.php

     
    989989                if ( !$user = $this->login($username, $password) )
    990990                        return $this->error;
    991991
    992                 if ( !current_user_can( 'moderate_comments' ) )
    993                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
    994 
    995992                do_action('xmlrpc_call', 'wp.getComment');
    996993
    997994                if ( ! $comment = get_comment($comment_id) )
    998995                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
    999996
     997                if ( !current_user_can( 'moderate_comments' ) && '1' != $comment->comment_approved )
     998                        return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
     999
    10001000                // Format page date.
    10011001                $comment_date = mysql2date('Ymd\TH:i:s', $comment->comment_date, false);
    10021002                $comment_date_gmt = mysql2date('Ymd\TH:i:s', $comment->comment_date_gmt, false);
     
    10401040         *
    10411041         * Accepted 'filter' keys are 'status', 'post_id', 'offset', and 'number'.
    10421042         *
     1043         * If the user doesn't have permission to moderate comments, it returns only approved comments.
     1044         *
    10431045         * The defaults are as follows:
    10441046         * - 'status' - Default is ''. Filter by status (e.g., 'approve', 'hold')
    10451047         * - 'post_id' - Default is ''. The post where the comment is posted. Empty string shows all comments.
     
    10631065                if ( !$user = $this->login($username, $password) )
    10641066                        return $this->error;
    10651067
    1066                 if ( !current_user_can( 'moderate_comments' ) )
    1067                         return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) );
    1068 
    10691068                do_action('xmlrpc_call', 'wp.getComments');
    10701069
    10711070                if ( isset($struct['status']) )
     
    10731072                else
    10741073                        $status = '';
    10751074
     1075                if ( !current_user_can( 'moderate_comments' ) )
     1076                        $status = 'approve';
     1077
    10761078                $post_id = '';
    10771079                if ( isset($struct['post_id']) )
    10781080                        $post_id = absint($struct['post_id']);