Fossil SCM
Correct inability of forum users to delete their own pending-moderation posts.
Commit
19333c8a499a0bb42ea497244d468c14867e82ebf3e7a4d4b2b783adcd1463aa
Parent
f82caec579e3313…
1 file changed
+7
-2
+7
-2
| --- src/forum.c | ||
| +++ src/forum.c | ||
| @@ -1206,10 +1206,12 @@ | ||
| 1206 | 1206 | const char *zTitle = 0; |
| 1207 | 1207 | char *zDate = 0; |
| 1208 | 1208 | const char *zFpid = PD("fpid",""); |
| 1209 | 1209 | int isCsrfSafe; |
| 1210 | 1210 | int isDelete = 0; |
| 1211 | + int bSameUser; /* True if author is also the reader */ | |
| 1212 | + int bPrivate; /* True if post is private (not yet moderated) */ | |
| 1211 | 1213 | |
| 1212 | 1214 | login_check_credentials(); |
| 1213 | 1215 | if( !g.perm.WrForum ){ |
| 1214 | 1216 | login_needed(g.anon.WrForum); |
| 1215 | 1217 | return; |
| @@ -1225,12 +1227,15 @@ | ||
| 1225 | 1227 | if( P("cancel") ){ |
| 1226 | 1228 | cgi_redirectf("%R/forumpost/%S",P("fpid")); |
| 1227 | 1229 | return; |
| 1228 | 1230 | } |
| 1229 | 1231 | isCsrfSafe = cgi_csrf_safe(1); |
| 1230 | - if( g.perm.ModForum && isCsrfSafe ){ | |
| 1231 | - if( P("approve") ){ | |
| 1232 | + bPrivate = content_is_private(fpid); | |
| 1233 | + bSameUser = login_is_individual() | |
| 1234 | + && fossil_strcmp(pPost->zUser, g.zLogin)==0; | |
| 1235 | + if( isCsrfSafe && (g.perm.ModForum || (bPrivate && bSameUser)) ){ | |
| 1236 | + if( g.perm.ModForum && P("approve") ){ | |
| 1232 | 1237 | const char *zUserToTrust; |
| 1233 | 1238 | moderation_approve('f', fpid); |
| 1234 | 1239 | if( g.perm.AdminForum |
| 1235 | 1240 | && PB("trust") |
| 1236 | 1241 | && (zUserToTrust = P("trustuser"))!=0 |
| 1237 | 1242 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -1206,10 +1206,12 @@ | |
| 1206 | const char *zTitle = 0; |
| 1207 | char *zDate = 0; |
| 1208 | const char *zFpid = PD("fpid",""); |
| 1209 | int isCsrfSafe; |
| 1210 | int isDelete = 0; |
| 1211 | |
| 1212 | login_check_credentials(); |
| 1213 | if( !g.perm.WrForum ){ |
| 1214 | login_needed(g.anon.WrForum); |
| 1215 | return; |
| @@ -1225,12 +1227,15 @@ | |
| 1225 | if( P("cancel") ){ |
| 1226 | cgi_redirectf("%R/forumpost/%S",P("fpid")); |
| 1227 | return; |
| 1228 | } |
| 1229 | isCsrfSafe = cgi_csrf_safe(1); |
| 1230 | if( g.perm.ModForum && isCsrfSafe ){ |
| 1231 | if( P("approve") ){ |
| 1232 | const char *zUserToTrust; |
| 1233 | moderation_approve('f', fpid); |
| 1234 | if( g.perm.AdminForum |
| 1235 | && PB("trust") |
| 1236 | && (zUserToTrust = P("trustuser"))!=0 |
| 1237 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -1206,10 +1206,12 @@ | |
| 1206 | const char *zTitle = 0; |
| 1207 | char *zDate = 0; |
| 1208 | const char *zFpid = PD("fpid",""); |
| 1209 | int isCsrfSafe; |
| 1210 | int isDelete = 0; |
| 1211 | int bSameUser; /* True if author is also the reader */ |
| 1212 | int bPrivate; /* True if post is private (not yet moderated) */ |
| 1213 | |
| 1214 | login_check_credentials(); |
| 1215 | if( !g.perm.WrForum ){ |
| 1216 | login_needed(g.anon.WrForum); |
| 1217 | return; |
| @@ -1225,12 +1227,15 @@ | |
| 1227 | if( P("cancel") ){ |
| 1228 | cgi_redirectf("%R/forumpost/%S",P("fpid")); |
| 1229 | return; |
| 1230 | } |
| 1231 | isCsrfSafe = cgi_csrf_safe(1); |
| 1232 | bPrivate = content_is_private(fpid); |
| 1233 | bSameUser = login_is_individual() |
| 1234 | && fossil_strcmp(pPost->zUser, g.zLogin)==0; |
| 1235 | if( isCsrfSafe && (g.perm.ModForum || (bPrivate && bSameUser)) ){ |
| 1236 | if( g.perm.ModForum && P("approve") ){ |
| 1237 | const char *zUserToTrust; |
| 1238 | moderation_approve('f', fpid); |
| 1239 | if( g.perm.AdminForum |
| 1240 | && PB("trust") |
| 1241 | && (zUserToTrust = P("trustuser"))!=0 |
| 1242 |