up-port 8d828e1 - check goodtoken while approving comments

2012-04-11 18:09:56 +02:00 · 2012-04-11 18:09:56 +02:00 · d8bcff11a7
commit d8bcff11a7
parent 3c7dfd935e
1 changed files with 1 additions and 1 deletions
--- a/include/functions_comments.inc.php
+++ b/include/functions_comments.inc.php
@ -658,7 +658,7 @@ function serendipity_approveComment($cid, $entry_id, $force = false, $moderate =
    $rs  = serendipity_db_query($sql, true);
    
    // Check for adminEntriesMaintainOthers
-    if (!$force && $rs['entry_authorid'] != $serendipity['authorid'] && !serendipity_checkPermission('adminEntriesMaintainOthers')) {
+    if (!$force && !$goodtoken && $rs['entry_authorid'] != $serendipity['authorid'] && !serendipity_checkPermission('adminEntriesMaintainOthers')) {
        return false; // wrong user having no adminEntriesMaintainOthers right
    }