[aur-dev] [PATCH] Fix bug where a user could not edit their own comment

[Marcel Korpel]

commentedit.php checked if the user was the package owner, instead of
checking if the user is the comment owner.

Signed-off-by: Marcel Korpel <marcel.korpel at gmail.com>
---
 web/html/commentedit.php | 4 ++--
 web/lib/aur.inc.php      | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/web/html/commentedit.php b/web/html/commentedit.php
index c7dda63..83d86dd 100644
--- a/web/html/commentedit.php
+++ b/web/html/commentedit.php
@@ -9,9 +9,9 @@ set_lang();
 check_sid();
 
 $comment_id = intval($_REQUEST['comment_id']);
-$comment = comment_by_id($comment_id);
+list($user_id, $comment) = comment_by_id($comment_id);
 
-if (!isset($base_id) || !has_credential(CRED_COMMENT_EDIT, array(pkgbase_maintainer_uid($base_id))) || is_null($comment)) {
+if (!isset($base_id) || !has_credential(CRED_COMMENT_EDIT, array($user_id)) || is_null($comment)) {
 	header('Location: /');
 	exit();
 }
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 411d5ee..2d9f56e 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -581,18 +581,18 @@ function salted_hash($passwd, $salt) {
  *
  * @param  int $comment_id The ID of the comment
  *
- * @return string The comment
+ * @return array The user ID and comment OR null, null in case of an error
  */
 function comment_by_id($comment_id) {
 	$dbh = DB::connect();
-	$q = "SELECT Comments FROM PackageComments ";
+	$q = "SELECT UsersID, Comments FROM PackageComments ";
 	$q.= "WHERE ID = " . intval($comment_id);
 	$result = $dbh->query($q);
 	if (!$result) {
-		return null;
+		return array(null, null);
 	}
 
-	return $result->fetchColumn(0);
+	return $result->fetch(PDO::FETCH_NUM);
 }
 
 /**
-- 
2.4.5