Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
02/02/2010 06:29:33 PM (15 years ago)
Author:
apeatling
Message:

Fixes #1767

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-themes/bp-default/_inc/ajax.php

    r2514 r2542  
    156156    }
    157157
    158     if ( empty( $_POST['id'] ) || !is_numeric( $_POST['id'] ) || !bp_activity_delete( array( 'id' => $_POST['id'] ) ) ) {
     158    $activity = new BP_Activity_Activity( $_POST['id'] );
     159
     160    /* Check access */
     161    if ( !is_site_admin() && $activity->user_id != $bp->loggedin_user->id )
     162        return false;
     163
     164    if ( empty( $_POST['id'] ) || !is_numeric( $_POST['id'] ) || !bp_activity_delete( array( 'id' => $_POST['id'], 'user_id' => $activity->user_id ) ) ) {
    159165        echo '-1<div id="message" class="error"><p>' . __( 'There was a problem when deleting. Please try again.', 'buddypress' ) . '</p></div>';
    160166        return false;
Note: See TracChangeset for help on using the changeset viewer.