Changeset 18435

Timestamp:

07/11/2011 09:48:43 PM (14 years ago)

Author:

nacin

Message:

Use edit_comment rather than edit_post in admin-ajax. props ejdanderson, see #17909. for trunk.

File:

• trunk/wp-admin/admin-ajax.php (modified) (5 diffs)

trunk/wp-admin/admin-ajax.php

@@ -322 +322 @@
     if ( !$comment = get_comment( $id ) )
         die( (string) time() );
-    if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
+    if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) )
         die('-1');
 
@@ -458 +458 @@
     }
 
-    if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) )
+    if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) )
         die('-1');
 
@@ -613 +613 @@
     ob_start();
     foreach ( $wp_list_table->items as $comment ) {
+        if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) 
+            continue;
         get_comment( $comment );
         $wp_list_table->single_row( $comment );
@@ -715 +717 @@
     set_current_screen( 'edit-comments' );
 
-    $comment_post_ID = (int) $_POST['comment_post_ID'];
-    if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
+    $comment_id = (int) $_POST['comment_ID'];
+    if ( ! current_user_can( 'edit_comment', $comment_id ) )
         die('-1');
 
@@ -722 +724 @@
         die( __('Error: please type a comment.') );
 
-    $comment_id = (int) $_POST['comment_ID'];
     $_POST['comment_status'] = $_POST['status'];
     edit_comment();