commentedit.php checked if the user was the package owner, instead of checking if the user is the comment owner. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> --- web/html/commentedit.php | 4 ++-- web/lib/aur.inc.php | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/web/html/commentedit.php b/web/html/commentedit.php index c7dda63..83d86dd 100644 --- a/web/html/commentedit.php +++ b/web/html/commentedit.php @@ -9,9 +9,9 @@ set_lang(); check_sid(); $comment_id = intval($_REQUEST['comment_id']); -$comment = comment_by_id($comment_id); +list($user_id, $comment) = comment_by_id($comment_id); -if (!isset($base_id) || !has_credential(CRED_COMMENT_EDIT, array(pkgbase_maintainer_uid($base_id))) || is_null($comment)) { +if (!isset($base_id) || !has_credential(CRED_COMMENT_EDIT, array($user_id)) || is_null($comment)) { header('Location: /'); exit(); } diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 411d5ee..2d9f56e 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -581,18 +581,18 @@ function salted_hash($passwd, $salt) { * * @param int $comment_id The ID of the comment * - * @return string The comment + * @return array The user ID and comment OR null, null in case of an error */ function comment_by_id($comment_id) { $dbh = DB::connect(); - $q = "SELECT Comments FROM PackageComments "; + $q = "SELECT UsersID, Comments FROM PackageComments "; $q.= "WHERE ID = " . intval($comment_id); $result = $dbh->query($q); if (!$result) { - return null; + return array(null, null); } - return $result->fetchColumn(0); + return $result->fetch(PDO::FETCH_NUM); } /** -- 2.4.5