WordPress.org

Make WordPress Core

Ticket #23939: wp_ajax_replyto_comment.patch

File wp_ajax_replyto_comment.patch, 874 bytes (added by fgauthier, 5 years ago)

Replaces the "edit_post" capability by the "edit_comment" capability in wp_ajax_replyto_comment

  • wp-admin/includes/ajax-actions.php

     
    728728        if ( ! $post )
    729729                wp_die( -1 );
    730730
    731         if ( !current_user_can( 'edit_post', $comment_post_ID ) )
     731        $comment_parent = absint($_POST['comment_ID']);
     732        if ( !current_user_can( 'edit_comment', $comment_parent ) )
    732733                wp_die( -1 );
    733734
    734735        if ( empty( $post->post_status ) )
     
    756757        if ( '' == $comment_content )
    757758                wp_die( __( 'ERROR: please type a comment.' ) );
    758759
    759         $comment_parent = absint($_POST['comment_ID']);
    760760        $comment_auto_approved = false;
    761761        $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
    762762