WordPress.org

Make WordPress Core

Ticket #17981: patch-core-17981.diff

File patch-core-17981.diff, 1.9 KB (added by koke, 4 years ago)
  • wp-includes/class-wp-xmlrpc-server.php

     
    989989                if ( !$user = $this->login($username, $password) ) 
    990990                        return $this->error; 
    991991 
    992                 if ( !current_user_can( 'moderate_comments' ) ) 
    993                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 
    994  
    995992                do_action('xmlrpc_call', 'wp.getComment'); 
    996993 
    997994                if ( ! $comment = get_comment($comment_id) ) 
    998995                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 
    999996 
     997                if ( !current_user_can( 'moderate_comments' ) && '1' != $comment->comment_approved ) 
     998                        return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 
     999 
    10001000                // Format page date. 
    10011001                $comment_date = mysql2date('Ymd\TH:i:s', $comment->comment_date, false); 
    10021002                $comment_date_gmt = mysql2date('Ymd\TH:i:s', $comment->comment_date_gmt, false); 
     
    10401040         * 
    10411041         * Accepted 'filter' keys are 'status', 'post_id', 'offset', and 'number'. 
    10421042         * 
     1043         * If the user doesn't have permission to moderate comments, it returns only approved comments. 
     1044         * 
    10431045         * The defaults are as follows: 
    10441046         * - 'status' - Default is ''. Filter by status (e.g., 'approve', 'hold') 
    10451047         * - 'post_id' - Default is ''. The post where the comment is posted. Empty string shows all comments. 
     
    10631065                if ( !$user = $this->login($username, $password) ) 
    10641066                        return $this->error; 
    10651067 
    1066                 if ( !current_user_can( 'moderate_comments' ) ) 
    1067                         return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) ); 
    1068  
    10691068                do_action('xmlrpc_call', 'wp.getComments'); 
    10701069 
    10711070                if ( isset($struct['status']) ) 
     
    10731072                else 
    10741073                        $status = ''; 
    10751074 
     1075                if ( !current_user_can( 'moderate_comments' ) ) 
     1076                        $status = 'approve'; 
     1077 
    10761078                $post_id = ''; 
    10771079                if ( isset($struct['post_id']) ) 
    10781080                        $post_id = absint($struct['post_id']);