maven

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter maven

    (@maven)

    Thanks! ??

    Thread Starter maven

    (@maven)

    Sure. Here’s the diff. I essentially added a comment_id argument to user_can_edit/delete_post and then changed these functions to allow a user to edit their own comments IF
    – they either wrote the original post, or
    – have the same userlevel as the post author (could be changed to e.g. userlevel >= 1 ) and have the same nickname as the one used on the comment.

    diff -uNr wp1.5wp-adminedit-comments.php wp1.5_ev1lwp-adminedit-comments.php
    --- wp1.5wp-adminedit-comments.php Fri Feb 11 02:00:38 2005
    +++ wp1.5_ev1lwp-adminedit-comments.php Tue Feb 22 16:23:00 2005
    @@ -43,7 +43,7 @@
    $comment = (int) $comment;
    $post_id = $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
    $authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
    - if ( user_can_delete_post_comments($user_ID, $post_id) ) :
    + if ( user_can_delete_post_comments($user_ID, $post_id, $comment) ) :
    $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID = $comment");
    ++$i;
    endif;
    @@ -93,10 +93,10 @@
    <?php comment_text() ?>

    <p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');
    - if ( user_can_edit_post_comments($user_ID, $comment->comment_post_ID) ) {
    + if ( user_can_edit_post_comments($user_ID, $comment->comment_post_ID, $comment->comment_ID) ) {
    echo " | <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
    }
    - if ( user_can_delete_post_comments($user_ID, $comment->comment_post_ID) ) {
    + if ( user_can_delete_post_comments($user_ID, $comment->comment_post_ID, $comment->comment_ID) ) {
    echo " | <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by '%s'\n 'Cancel' to stop, 'OK' to delete."), $comment->comment_author) . "')\">" . __('Delete Comment') . "</a> — ";
    } // end if any comments to show
    // Get post title
    @@ -138,15 +138,15 @@
    $class = ('alternate' == $class) ? '' : 'alternate';
    ?>
    <tr class='<?php echo $class; ?>'>
    - <td><?php if (user_can_delete_post_comments($user_ID, $comment->comment_post_ID) ) { ?><input type="checkbox" name="delete_comments[]" value="<?php echo $comment->comment_ID; ?>" /><?php } ?></td>
    + <td><?php if (user_can_delete_post_comments($user_ID, $comment->comment_post_ID, $comment->comment_ID) ) { ?><input type="checkbox" name="delete_comments[]" value="<?php echo $comment->comment_ID; ?>" /><?php } ?></td>
    <td><?php comment_author_link() ?></td>
    <td><?php comment_author_email_link() ?></td>
    <td><a href="https://ws.arin.net/cgi-bin/whois.pl?queryinput=&lt;?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></td>
    <td><?php comment_excerpt(); ?></td>
    <td><a href="<?php echo get_permalink($comment->comment_post_ID); ?>#comment-<?php comment_ID() ?>" class="edit"><?php _e('View') ?></a></td>
    - <td><?php if ( user_can_edit_post_comments($user_ID, $comment->comment_post_ID) ) {
    + <td><?php if ( user_can_edit_post_comments($user_ID, $comment->comment_post_ID, $comment->comment_ID) ) {
    echo "<a href='post.php?action=editcomment&amp;comment=$comment->comment_ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
    - <td><?php if ( user_can_delete_post_comments($user_ID, $comment->comment_post_ID) ) {
    + <td><?php if ( user_can_delete_post_comments($user_ID, $comment->comment_post_ID, $comment->comment_ID) ) {
    echo "<a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by '%s'\n 'Cancel' to stop, 'OK' to delete."), $comment->comment_author) . "')\" class='delete'>" . __('Delete') . "</a>"; } ?></td>
    </tr>
    <?php
    diff -uNr wp1.5wp-adminpost.php wp1.5_ev1lwp-adminpost.php
    --- wp1.5wp-adminpost.php Mon Feb 14 09:46:08 2005
    +++ wp1.5_ev1lwp-adminpost.php Tue Feb 22 16:25:00 2005
    @@ -464,7 +464,7 @@
    $comment = $_GET['comment'];
    $commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'javascript:history.go(-1)'));

    - if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'])) {
    + if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'], $comment)) {
    die('You are not allowed to edit comments on this post.');
    }

    @@ -486,7 +486,7 @@
    $p = $_GET['p'];
    $commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));

    - if (!user_can_delete_post_comments($user_ID, $commentdata['comment_post_ID'])) {
    + if (!user_can_delete_post_comments($user_ID, $commentdata['comment_post_ID'], $comment)) {
    die('You are not allowed to delete comments on this post.');
    }

    @@ -528,7 +528,7 @@
    $postdata = get_postdata($p) or die(sprintf(__('Oops, no post with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
    $commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'post.php'));

    - if (!user_can_delete_post_comments($user_ID, $commentdata['comment_post_ID'])) {
    + if (!user_can_delete_post_comments($user_ID, $commentdata['comment_post_ID'], $comment)) {
    die('You are not allowed to edit comments on this post.');
    }

    @@ -559,7 +559,7 @@

    $commentdata = get_commentdata($comment) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));

    - if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'])) {
    + if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'], $comment)) {
    die('You are not allowed to edit comments on this post, so you cannot disapprove this comment.');
    }

    @@ -579,7 +579,7 @@

    $commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));

    - if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'])) {
    + if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'], $comment)) {
    die('You are not allowed to edit comments on this post, so you cannot approve this comment.');
    }

    @@ -604,7 +604,7 @@
    }
    $commentdata = get_commentdata($comment) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));

    - if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'])) {
    + if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'], $comment)) {
    die('You are not allowed to edit comments on this post, so you cannot approve this comment.');
    }

    @@ -631,7 +631,7 @@
    $newcomment_author_url = $_POST['newcomment_author_url'];
    $comment_status = $_POST['comment_status'];

    - if (!user_can_edit_post_comments($user_ID, $comment_post_ID)) {
    + if (!user_can_edit_post_comments($user_ID, $comment_post_ID, $comment_ID)) {
    die('You are not allowed to edit comments on this post, so you cannot edit this comment.');
    }

    diff -uNr wp1.5wp-includesfunctions-post.php wp1.5_ev1lwp-includesfunctions-post.php
    --- wp1.5wp-includesfunctions-post.php Wed Feb 16 22:01:52 2005
    +++ wp1.5_ev1lwp-includesfunctions-post.php Tue Feb 22 16:56:00 2005
    @@ -381,15 +381,20 @@
    }

    /* returns true if $user_id can edit $post_id's comments */
    -function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1) {
    +function user_can_edit_post_comments($user_id, $post_id, $comment_id, $blog_id = 1) {
    + $author_data = get_userdata($user_id);
    + $post_data = get_postdata($post_id);
    + $post_author_data = get_userdata($post_data['Author_ID']);
    + $commd = get_commentdata($comment_id, 1);
    +
    // right now if one can edit a post, one can edit comments made on it
    - return user_can_edit_post($user_id, $post_id, $blog_id);
    + return user_can_edit_post($user_id, $post_id, $blog_id) || ($author_data->user_level == $post_author_data->user_level && $author_data->user_nickname == $commd['comment_author']);
    }

    /* returns true if $user_id can delete $post_id's comments */
    -function user_can_delete_post_comments($user_id, $post_id, $blog_id = 1) {
    +function user_can_delete_post_comments($user_id, $post_id, $comment_id, $blog_id = 1) {
    // right now if one can edit comments, one can delete comments
    - return user_can_edit_post_comments($user_id, $post_id, $blog_id);
    + return user_can_edit_post_comments($user_id, $post_id, $comment_id, $blog_id);
    }

    function user_can_edit_user($user_id, $other_user) {
    diff -uNr wp1.5wp-includestemplate-functions-links.php wp1.5_ev1lwp-includestemplate-functions-links.php
    --- wp1.5wp-includestemplate-functions-links.php Wed Feb 16 15:49:02 2005
    +++ wp1.5_ev1lwp-includestemplate-functions-links.php Tue Feb 22 16:50:00 2005
    @@ -193,8 +193,8 @@
    global $user_ID, $post, $comment;

    get_currentuserinfo();
    -
    - if (!user_can_edit_post_comments($user_ID, $post->ID)) {
    +
    + if (!user_can_edit_post_comments($user_ID, $post->ID, $comment->comment_ID)) {
    return;
    }

    Thread Starter maven

    (@maven)

    I think you’re right. I had hacked 1.2 so that equal level users couldn’t edit each other’s posts.

    But it would indeed be very helpful, if (in wp-includes/functions-post.php)
    function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1) would get the actual comment as argument, so that such a check can easily be incorporated.

Viewing 3 replies - 1 through 3 (of 3 total)