From 258fa3b40c0c60adad284ad3bc09ed33c5dc53a1 Mon Sep 17 00:00:00 2001
From: rub <rub@piwigo.org>
Date: Sat, 21 Oct 2006 12:28:07 +0000
Subject: Resolved Issue ID 0000356:   o Increase security on adviser mode

First modifications of n modifications.
All the others modifications will be done on BSF branch.


Merge branch-1_6 1568:1570 into BSF

git-svn-id: http://piwigo.org/svn/trunk@1571 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/comments.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'admin/comments.php')

diff --git a/admin/comments.php b/admin/comments.php
index 3d6d83268..3debab9d0 100644
--- a/admin/comments.php
+++ b/admin/comments.php
@@ -46,7 +46,7 @@ if (isset($_POST))
   $to_validate = array();
   $to_reject = array();
 
-  if (isset($_POST['submit']))
+  if (isset($_POST['submit']) and !is_adviser())
   {    
     foreach (explode(',', $_POST['list']) as $comment_id)
     {
@@ -68,11 +68,11 @@ if (isset($_POST))
       }
     }
   }
-  else if (isset($_POST['validate-all']) and !empty($_POST['list']))
+  else if (isset($_POST['validate-all']) and !empty($_POST['list']) and !is_adviser())
   {
     $to_validate = explode(',', $_POST['list']);
   }
-  else if (isset($_POST['reject-all']) and !empty($_POST['list']))
+  else if (isset($_POST['reject-all']) and !empty($_POST['list']) and !is_adviser())
   {
     $to_reject = explode(',', $_POST['list']);
   }
-- 
cgit v1.2.3