serendipity_deleteComment: Check for adminEntriesMaintainOthers

Please check this patch if it is okay, Garvin. Else redo it.
Now only users owning the depending article or having
adminEntriesMaintainOthers are allowed to delete a comment.

include/functions_comments.inc.php

@@ -538,6 +538,17 @@ function serendipity_deleteComment($id, $entry_id, $type='comments', $token=fals
     $goodtoken = serendipity_checkCommentToken($token, $id);
 
     if ($_SESSION['serendipityAuthedUser'] === true || $goodtoken) {
+        
+        // Check for adminEntriesMaintainOthers
+        if (!serendipity_checkPermission('adminEntriesMaintainOthers')) {
+            // Load articles author id and check it
+            $sql = serendipity_db_query("SELECT authorid FROM {$serendipity['dbPrefix']}entries
+                                                WHERE entry_id = ". $entry_id, true);
+            if ($sql['authorid'] != $serendipity['authorid']) { 
+                return false; // wrong user having no adminEntriesMaintainOthers right
+            }
+        }
+        
         $admin = '';
         if (!$goodtoken && !serendipity_checkPermission('adminEntriesMaintainOthers')) {
             $admin = " AND authorid = " . (int)$_SESSION['serendipityAuthorid'];