Fixes a regression introduced in 03c6304 (Rework permission handling,
2014-07-15). Fixes FS#41379.
Signed-off-by: Lukas Fleischer <archli...@cryptocrack.de>
---
web/lib/pkgfuncs.inc.php | 18 +++++-------------
1 file changed, 5 insertions(+), 13 deletions(-)
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 69b1c94..defe7f4 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -13,27 +13,19 @@ include_once("pkgbasefuncs.inc.php");
* @return bool True if the user can delete the comment, otherwise false
*/
function can_delete_comment($comment_id=0) {
- if (!uid_from_sid($_COOKIE["AURSID"])) {
- /* Unauthenticated users cannot delete anything. */
- return false;
- }
- if (has_credential(CRED_COMMENT_DELETE)) {
- /* TUs and developers can delete any comment. */
- return true;
- }
-
$dbh = DB::connect();
- $q = "SELECT COUNT(*) FROM PackageComments ";
- $q.= "WHERE ID = " . intval($comment_id) . " AND UsersID = " . $uid;
+ $q = "SELECT UsersID FROM PackageComments ";
+ $q.= "WHERE ID = " . intval($comment_id);
$result = $dbh->query($q);
if (!$result) {
return false;
}
- $row = $result->fetch(PDO::FETCH_NUM);
- return ($row[0] > 0);
+ $uid = $result->fetch(PDO::FETCH_COLUMN, 0);
+
+ return has_credential(CRED_COMMENT_DELETE, array($uid));
}
/**
--
2.0.3
