[wp-cvs] wordpress/wp-admin edit-comments.php,1.28,1.29

Matthew Mullenweg saxmatt at users.sourceforge.net
Thu Jul 8 01:10:53 UTC 2004 

Update of /cvsroot/cafelog/wordpress/wp-admin
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2039/wp-admin

Modified Files:
	edit-comments.php 
Log Message:
Register globals problem reported by Rich Bowen.

Index: edit-comments.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/edit-comments.php,v
retrieving revision 1.28
retrieving revision 1.29
diff -C2 -d -r1.28 -r1.29
*** edit-comments.php	6 Jul 2004 18:14:42 -0000	1.28
--- edit-comments.php	8 Jul 2004 01:10:50 -0000	1.29
***************
*** 40,58 ****
  <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
  <?php
! if (!empty($delete_comments)) {
! 
! 	// I had this all as one query but then realized we weren't checking permissions on each comment.
! 	$del_comments = ''; $safe_delete_commeents = ''; $i = 0;
! 	foreach ($delete_comments as $comment) { // Check the permissions on each
! 		$comment = intval($comment);
  		$post_id = $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
! 		$authordata = get_userdata($wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id"));
! 		if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) {
  			$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID = $comment");
  			++$i;
! 		}
! 	}
  	echo "<div class='wrap'><p>" . sprintf(__('%s comments deleted.'), $i) . "</p></div>";
! }
  
  if (isset($_GET['s'])) {
--- 40,56 ----
  <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
  <?php
! if ( !empty( $_POST['delete_comments'] ) ) :
! 	$i = 0;
! 	foreach ($delete_comments as $comment) : // Check the permissions on each
! 		$comment = (int) $comment;
  		$post_id = $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
! 		$authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
! 		if ( ($user_level > $authordata->user_level) || ($user_login == $authordata->user_login) ) :
  			$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID = $comment");
  			++$i;
! 		endif;
! 	endforeach;
  	echo "<div class='wrap'><p>" . sprintf(__('%s comments deleted.'), $i) . "</p></div>";
! endif;
  
  if (isset($_GET['s'])) {

More information about the cvs mailing list