From de6f589f96382c7dd046a5135bc2cb2ccb53d6d5 Mon Sep 17 00:00:00 2001
From: Garvin Hicking <blog@garv.in>
Date: Sat, 31 Dec 2011 15:10:00 +0100
Subject: [PATCH] The $goodtoken thing is important, as when this is used, the
 user is not logged in, and so the comment approval via token would not work
 (at least this is how I read it, I didn't implement the token approval)

---
 include/functions_comments.inc.php | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php
index dbe648b6..5fb3acf5 100644
--- a/include/functions_comments.inc.php
+++ b/include/functions_comments.inc.php
@@ -539,19 +539,17 @@ function serendipity_deleteComment($id, $entry_id, $type='comments', $token=fals
 
     if ($_SESSION['serendipityAuthedUser'] === true || $goodtoken) {
         
-        // Check for adminEntriesMaintainOthers
-        if (!serendipity_checkPermission('adminEntriesMaintainOthers')) {
+        $admin = '';
+        if (!$goodtoken && !serendipity_checkPermission('adminEntriesMaintainOthers')) {
+            $admin = " AND authorid = " . (int)$_SESSION['serendipityAuthorid'];
+
             // Load articles author id and check it
             $sql = serendipity_db_query("SELECT authorid FROM {$serendipity['dbPrefix']}entries
                                                 WHERE entry_id = ". $entry_id, true);
             if ($sql['authorid'] != $serendipity['authorid']) { 
                 return false; // wrong user having no adminEntriesMaintainOthers right
             }
-        }
-        
-        $admin = '';
-        if (!$goodtoken && !serendipity_checkPermission('adminEntriesMaintainOthers')) {
-            $admin = " AND authorid = " . (int)$_SESSION['serendipityAuthorid'];
+
         }
 
         /* We have to figure out if the comment we are about to delete, is awaiting approval,