From 10244cc066a3a78b8705f4a2a1bdcb5b8eacd8d4 Mon Sep 17 00:00:00 2001
From: Peter Westwood <westi@git.wordpress.org>
Date: Wed, 8 Dec 2010 16:52:08 +0000
Subject: [PATCH] Check for extra caps here too.

git-svn-id: https://develop.svn.wordpress.org/trunk@16801 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/class-wp-xmlrpc-server.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php
index 3ad27b74bb..44934c9eab 100644
--- a/wp-includes/class-wp-xmlrpc-server.php
+++ b/wp-includes/class-wp-xmlrpc-server.php
@@ -1099,6 +1099,9 @@ class wp_xmlrpc_server extends IXR_Server {
 		if ( !current_user_can( 'moderate_comments' ) )
 			return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
 
+		if ( !current_user_can( 'edit_comment', $comment_ID ) )
+			return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
+			
 		do_action('xmlrpc_call', 'wp.deleteComment');
 
 		if ( ! get_comment($comment_ID) )
@@ -1130,6 +1133,9 @@ class wp_xmlrpc_server extends IXR_Server {
 		if ( !current_user_can( 'moderate_comments' ) )
 			return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
 
+		if ( !current_user_can( 'edit_comment', $comment_ID ) )
+			return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
+			
 		do_action('xmlrpc_call', 'wp.editComment');
 
 		if ( ! get_comment($comment_ID) )