diff options
| author | Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org> | 2006-03-24 11:38:00 +0000 |
|---|---|---|
| committer | Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org> | 2006-03-24 11:38:00 +0000 |
| commit | 0fad496ca03090666045f03f161504dbd22a60e8 (patch) | |
| tree | 06a3f9cc95478a5ef3441a7f330b8028dcc678f9 /modules/comment | |
| parent | 717d6e30c5f2fd6d8c55239a4af50b4b76b140b4 (diff) | |
| download | brdo-0fad496ca03090666045f03f161504dbd22a60e8.tar.gz brdo-0fad496ca03090666045f03f161504dbd22a60e8.tar.bz2 | |
#55622, Security threat -- any user can delete comments, patch by robertgarrigos
Diffstat (limited to 'modules/comment')
| -rw-r--r-- | modules/comment/comment.module | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 4ea12cb4f..f7c9383f0 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -120,12 +120,13 @@ function comment_menu($may_cache) { $items[] = array('path' => 'admin/comment/configure/settings', 'title' => t('settings'), 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); + + $items[] = array('path' => 'comment/delete', 'title' => t('delete comment'), + 'callback' => 'comment_delete', 'access' => $access, 'type' => MENU_CALLBACK); $access = user_access('post comments'); $items[] = array('path' => 'comment/edit', 'title' => t('edit comment'), 'callback' => 'comment_edit', 'access' => $access, 'type' => MENU_CALLBACK); - $items[] = array('path' => 'comment/delete', 'title' => t('delete comment'), - 'callback' => 'comment_delete', 'access' => $access, 'type' => MENU_CALLBACK); } else { if (arg(0) == 'comment' && arg(1) == 'reply' && is_numeric(arg(2))) { |