From 567a60930822b67fbbbd32aab04b47f775c2e03a Mon Sep 17 00:00:00 2001
From: mikelittle <mikelittle@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 6 Nov 2003 00:34:41 +0000
Subject: [PATCH] Fix for comment deletion priileges. Bug reported by Michael
 Renzmann

git-svn-id: http://svn.automattic.com/wordpress/trunk@527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/wp-post.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/wp-admin/wp-post.php b/wp-admin/wp-post.php
index 49d6207b5..1f524686c 100644
--- a/wp-admin/wp-post.php
+++ b/wp-admin/wp-post.php
@@ -350,10 +350,17 @@ switch($action) {
 		if ($user_level == 0)
 			die ('Cheatin&#8217; uh?');
 
+
 		$comment = $HTTP_GET_VARS['comment'];
 		$p = $HTTP_GET_VARS['p'];
+
+		$postdata = get_postdata($p) or die('Oops, no post with this ID. <a href="wp-post.php">Go back</a>!');
 		$commentdata = get_commentdata($comment) or die('Oops, no comment with this ID. <a href="wp-post.php">Go back</a>!');
 
+		$authordata = get_userdata($postdata['Author_ID']);
+		if ($user_level < $authordata->user_level)
+			die ('You don&#8217;t have the right to delete <strong>'.$authordata->user_nickname.'</strong>&#8217;s post comments. <a href="wp-post.php">Go back</a>!');
+
 		$result = $wpdb->query("DELETE FROM $tablecomments WHERE comment_ID=$comment");
 
 		if($HTTP_SERVER_VARS['HTTP_REFERER'] != "") {