From 94a121205136b891043f446757fe20c369fc2c6c Mon Sep 17 00:00:00 2001
From: JT Smith <jt@plainblack.com>
Date: Fri, 5 Jul 2002 01:53:52 +0000
Subject: [PATCH] Fixed a problem where prev/next buttons could allow a user to
 view a message that wasn't approved.

---
 lib/WebGUI/Discussion.pm | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/WebGUI/Discussion.pm b/lib/WebGUI/Discussion.pm
index 21cb97a3d..b6dc8886b 100644
--- a/lib/WebGUI/Discussion.pm
+++ b/lib/WebGUI/Discussion.pm
@@ -398,13 +398,15 @@ sub showMessage {
                         	.'">'.WebGUI::International::get(577).'</a><br>';
 		} 
         	@data = WebGUI::SQL->quickArray("select max(messageId) from discussion 
-			where wobjectId=$message{wobjectId} and pid=0 and messageId<$message{rid}".$sqlAdd);
+			where wobjectId=$message{wobjectId} and pid=0 and messageId<$message{rid} 
+			and (userId=$session{user}{userId} or status='Approved') ".$sqlAdd);
         	if ($data[0] ne "") {
                 	$html .= '<a href="'.WebGUI::URL::page('func=showMessage&mid='.$data[0].'&sid='.$session{form}{sid}.'&wid='.
                         	$session{form}{wid}).'">&laquo; '.WebGUI::International::get(513).'</a><br>';
         	}
         	@data = WebGUI::SQL->quickArray("select min(messageId) from discussion 
-			where wobjectId=$message{wobjectId} and pid=0 and messageId>$message{rid}".$sqlAdd);
+			where wobjectId=$message{wobjectId} and pid=0 and messageId>$message{rid}
+			and (userId=$session{user}{userId} or status='Approved')".$sqlAdd);
         	if ($data[0] ne "") {
                 	$html .= '<a href="'.WebGUI::URL::page('func=showMessage&mid='.$data[0].'&sid='.$session{form}{sid}.'&wid='.
                         	$session{form}{wid}).'">'.WebGUI::International::get(512).' &raquo;</a><br>';