aboutsummaryrefslogtreecommitdiffstats
path: root/comments.php
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--comments.php28
1 files changed, 15 insertions, 13 deletions
diff --git a/comments.php b/comments.php
index 8786605ef..4d9ca26db 100644
--- a/comments.php
+++ b/comments.php
@@ -155,28 +155,30 @@ else
// +-----------------------------------------------------------------------+
// | comments management |
// +-----------------------------------------------------------------------+
-if (is_admin() and !is_adviser() )
-{
- if (isset($_GET['delete']) and is_numeric($_GET['delete']) )
- {// comments deletion
- $query = '
+if (isset($_GET['delete']) and is_numeric($_GET['delete'])
+ and !is_adviser() )
+{// comments deletion
+ check_status(ACCESS_ADMINISTRATOR);
+ $query = '
DELETE FROM '.COMMENTS_TABLE.'
WHERE id='.$_GET['delete'].'
;';
- pwg_query($query);
- }
+ pwg_query($query);
+}
- if (isset($_GET['validate']) and is_numeric($_GET['validate']) )
- { // comments validation
- $query = '
+if (isset($_GET['validate']) and is_numeric($_GET['validate'])
+ and !is_adviser() )
+{ // comments validation
+ check_status(ACCESS_ADMINISTRATOR);
+ $query = '
UPDATE '.COMMENTS_TABLE.'
SET validated = \'true\'
- , validation_date = NOW()
+ , validation_date = NOW()
WHERE id='.$_GET['validate'].'
;';
- pwg_query($query);
- }
+ pwg_query($query);
}
+
// +-----------------------------------------------------------------------+
// | page header and options |
// +-----------------------------------------------------------------------+