summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-07-29 15:17:58 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-07-29 15:17:58 +0200
commitd136d7c874cd3fbc012ca43250c64deb9e791b94 (patch)
tree1594e000026ccc44d3008f58ddc909a90b332326 /web
parent63f95bd86fa17e76b2a1b9a9ce61ebbc08017797 (diff)
downloadaurweb-d136d7c874cd3fbc012ca43250c64deb9e791b94.tar.xz
Allow users to delete their own comments
Fixes a regression introduced in 03c6304 (Rework permission handling, 2014-07-15). Fixes FS#41379. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r--web/lib/pkgfuncs.inc.php18
1 files changed, 5 insertions, 13 deletions
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 69b1c94..defe7f4 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -13,27 +13,19 @@ include_once("pkgbasefuncs.inc.php");
* @return bool True if the user can delete the comment, otherwise false
*/
function can_delete_comment($comment_id=0) {
- if (!uid_from_sid($_COOKIE["AURSID"])) {
- /* Unauthenticated users cannot delete anything. */
- return false;
- }
- if (has_credential(CRED_COMMENT_DELETE)) {
- /* TUs and developers can delete any comment. */
- return true;
- }
-
$dbh = DB::connect();
- $q = "SELECT COUNT(*) FROM PackageComments ";
- $q.= "WHERE ID = " . intval($comment_id) . " AND UsersID = " . $uid;
+ $q = "SELECT UsersID FROM PackageComments ";
+ $q.= "WHERE ID = " . intval($comment_id);
$result = $dbh->query($q);
if (!$result) {
return false;
}
- $row = $result->fetch(PDO::FETCH_NUM);
- return ($row[0] > 0);
+ $uid = $result->fetch(PDO::FETCH_COLUMN, 0);
+
+ return has_credential(CRED_COMMENT_DELETE, array($uid));
}
/**