Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#55622, Security threat -- any user can delete comments, patch by robertgarrigos

4.7.x
Gerhard Killesreiter 2006-03-24 11:38:00 +00:00
parent 717d6e30c5
commit 0fad496ca0
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/comment.module
View File

@ -120,12 +120,13 @@ function comment_menu($may_cache) {
$items[] = array('path' => 'admin/comment/configure/settings', 'title' => t('settings'), $items[] = array('path' => 'admin/comment/configure/settings', 'title' => t('settings'),
'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
$items[] = array('path' => 'comment/delete', 'title' => t('delete comment'),
'callback' => 'comment_delete', 'access' => $access, 'type' => MENU_CALLBACK);
$access = user_access('post comments'); $access = user_access('post comments');
$items[] = array('path' => 'comment/edit', 'title' => t('edit comment'), $items[] = array('path' => 'comment/edit', 'title' => t('edit comment'),
'callback' => 'comment_edit', 'access' => $access, 'type' => MENU_CALLBACK); 'callback' => 'comment_edit', 'access' => $access, 'type' => MENU_CALLBACK);
$items[] = array('path' => 'comment/delete', 'title' => t('delete comment'),
'callback' => 'comment_delete', 'access' => $access, 'type' => MENU_CALLBACK);
} }
else { else {
if (arg(0) == 'comment' && arg(1) == 'reply' && is_numeric(arg(2))) { if (arg(0) == 'comment' && arg(1) == 'reply' && is_numeric(arg(2))) {

5
modules/comment/comment.module
View File

@ -120,12 +120,13 @@ function comment_menu($may_cache) {
$items[] = array('path' => 'admin/comment/configure/settings', 'title' => t('settings'), $items[] = array('path' => 'admin/comment/configure/settings', 'title' => t('settings'),
'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
$items[] = array('path' => 'comment/delete', 'title' => t('delete comment'),
'callback' => 'comment_delete', 'access' => $access, 'type' => MENU_CALLBACK);
$access = user_access('post comments'); $access = user_access('post comments');
$items[] = array('path' => 'comment/edit', 'title' => t('edit comment'), $items[] = array('path' => 'comment/edit', 'title' => t('edit comment'),
'callback' => 'comment_edit', 'access' => $access, 'type' => MENU_CALLBACK); 'callback' => 'comment_edit', 'access' => $access, 'type' => MENU_CALLBACK);
$items[] = array('path' => 'comment/delete', 'title' => t('delete comment'),
'callback' => 'comment_delete', 'access' => $access, 'type' => MENU_CALLBACK);
} }
else { else {
if (arg(0) == 'comment' && arg(1) == 'reply' && is_numeric(arg(2))) { if (arg(0) == 'comment' && arg(1) == 'reply' && is_numeric(arg(2))) {