[thesite] Bug?

[David McCreath]

Hi hi hi --

I don't know if this constitutes a bug, but while playing around with some
of the comment documents, I was trying to find the comment search (which I
still haven't found... is it an admin function?). Anyway, while looking at a
comment, I started plugging actions into the query string based on
app_comment to try to get to the comment search. So I tried "delete" and I
got a 404 message, but when I went back to the article that the comment was
attached to, I realized that I had deleted it! It was one of Elfur's
comments (sorry, E. :(), not mine which is what concerns me.

Do we need to have a confirmation *page* instead of just a dialogue box? I'm
just thinking about malicious deletion of comments, and I guess anybody bent
on deleting someone else's comment would just answer yes, but is there some
way to prevent that from happening (deleting a comment by adding "delete" to
the query string)?

Dave