Changeset 3745


Ignore:
Timestamp:
10/01/09 11:50:15 (2 years ago)
Author:
rickc
Message:

Ensure the user has permission to delete a post before deleting it.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/htdocs/system/classes/adminhandler.php

    r3744 r3745  
    606606                        $okay = FALSE; 
    607607                } 
     608 
     609                $post = Post::get( array( 'id' => $id, 'status' => Post::status( 'any' ) ) ); 
     610                if ( ! ACL::access_check( $post->get_access(), 'delete' ) ) { 
     611                        $okay = FALSE; 
     612                } 
     613 
    608614                if ( !$okay )   { 
    609615                        Utils::redirect( URL::get( 'admin', 'page=posts&type='. Post::status( 'any' ) ) ); 
    610616                } 
    611                 $post = Post::get( array( 'id' => $id, 'status' => Post::status( 'any' ) ) ); 
     617 
    612618                $post->delete(); 
    613619                Session::notice( sprintf( _t( 'Deleted the %1$s titled "%2$s".' ), Post::type_name( $post->content_type ), htmlspecialchars( $post->title ) ) ); 
Note: See TracChangeset for help on using the changeset viewer.