summaryrefslogtreecommitdiff
path: root/web
diff options
context:
space:
mode:
Diffstat (limited to 'web')
-rw-r--r--web/html/pkgedit.php4
-rw-r--r--web/lib/pkgfuncs.inc18
-rw-r--r--web/template/pkg_comments.php3
3 files changed, 19 insertions, 6 deletions
diff --git a/web/html/pkgedit.php b/web/html/pkgedit.php
index 3b1c825..5a711d0 100644
--- a/web/html/pkgedit.php
+++ b/web/html/pkgedit.php
@@ -35,9 +35,9 @@ if (!$_REQUEST["ID"]) {
#
if ($_REQUEST["del_Comment"]) {
if ($_REQUEST["comment_id"]) {
- if (canDeleteComment($_REQUEST["comment_id"], $atype, $_COOKIE["AURSID"])) {
+ $uid = uid_from_sid($_COOKIE["AURSID"]);
+ if (canDeleteComment($_REQUEST["comment_id"], $atype, $uid)) {
$dbh = db_connect();
- $uid = uid_from_sid($_COOKIE["AURSID"]);
$q = "UPDATE PackageComments ";
$q.= "SET DelUsersID = ".$uid." ";
$q.= "WHERE ID = ".intval($_REQUEST["comment_id"]);
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index 6ce9615..056552b 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -8,13 +8,11 @@ $pkgsearch_vars = array("O", "L", "C", "K", "SB", "SO", "PP", "do_Orphans", "SeB
# Make sure this visitor can delete the requested package comment
# They can delete if they were the comment submitter, or if they are a TU/Dev
#
-function canDeleteComment($comment_id=0, $atype="", $SID="") {
+function canDeleteComment($comment_id=0, $atype="", $uid=0) {
if ($atype == "Trusted User" || $atype == "Developer") {
# A TU/Dev can delete any comment
- #
return TRUE;
}
- $uid = uid_from_sid($SID);
$dbh = db_connect();
$q = "SELECT COUNT(ID) AS CNT ";
$q.= "FROM PackageComments ";
@@ -30,6 +28,20 @@ function canDeleteComment($comment_id=0, $atype="", $SID="") {
return FALSE;
}
+# Make sure this visitor can delete the requested package comment
+# They can delete if they were the comment submitter, or if they are a TU/Dev
+#
+function canDeleteCommentArray($comment, $atype="", $uid=0) {
+ if ($atype == "Trusted User" || $atype == "Developer") {
+ # A TU/Dev can delete any comment
+ return TRUE;
+ } else if ($comment['UsersID'] == $uid) {
+ # User's own comment
+ return TRUE;
+ }
+ return FALSE;
+}
+
# see if this Users.ID can manage the package
#
function canManagePackage($uid=0,$AURMUID=0, $MUID=0, $SUID=0, $managed=0) {
diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php
index 20cd278..7c42ac1 100644
--- a/web/template/pkg_comments.php
+++ b/web/template/pkg_comments.php
@@ -1,8 +1,9 @@
<div class="pgbox">
<?php
+$uid = uid_from_sid($SID);
while (list($indx, $carr) = each($comments)) { ?>
<div class="comment-header"><?php
- if (canDeleteComment($carr['ID'], $atype, $SID)) {
+ if (canDeleteCommentArray($carr, $atype, $uid)) {
$durl = '<a href="pkgedit.php?del_Comment=1';
$durl.= '&comment_id=' . $carr['ID'] . '&ID=' . $row['ID'];
$durl.= '"><img src="images/x.png" border="0"';