diff options
| author | Dries Buytaert <dries@buytaert.net> | 2010-08-20 01:21:14 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2010-08-20 01:21:14 +0000 |
| commit | 317b9b4e0ca3d620abec0fe0f16ed0c691996dec (patch) | |
| tree | dac0bb09036781fa7a6b6f9302fe2b91212feae9 /modules/comment | |
| parent | f8952b675c8df8610e43f440bbfe48bd24dcc3cb (diff) | |
| download | brdo-317b9b4e0ca3d620abec0fe0f16ed0c691996dec.tar.gz brdo-317b9b4e0ca3d620abec0fe0f16ed0c691996dec.tar.bz2 | |
- Patch #881578 by Gábor Hojtsy, scor: solve SA-CORE-2010-002 issues.
Diffstat (limited to 'modules/comment')
| -rw-r--r-- | modules/comment/comment.module | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 02c0b9295..ce976d139 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -1398,7 +1398,7 @@ function comment_access($op, $comment) { global $user; if ($op == 'edit') { - return ($user->uid && $user->uid == $comment->uid && user_access('edit own comments')) || user_access('administer comments'); + return ($user->uid && $user->uid == $comment->uid && $comment->status == COMMENT_PUBLISHED && user_access('edit own comments')) || user_access('administer comments'); } } |