Index: modules/comment/comment.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment/comment.pages.inc,v
retrieving revision 1.17
diff -u -p -r1.17 comment.pages.inc
--- modules/comment/comment.pages.inc	20 Apr 2009 21:28:14 -0000	1.17
+++ modules/comment/comment.pages.inc	9 May 2009 22:25:00 -0000
@@ -69,14 +69,16 @@ function comment_reply($node, $pid = NUL
       // $pid indicates that this is a reply to a comment.
       if ($pid) {
         // Load the comment whose cid = $pid
-        $comment = db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comment} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = :cid AND c.status = :status', array(
-          ':cid'=>$pid,
-          ':status'=>COMMENT_PUBLISHED))->fetchObject();
-        if ( $comment ) {
-          // If that comment exists, make sure that the current comment and the
-          // parent comment both belong to the same parent node.
-          if ($comment->nid != $node->nid) {
-            // Attempting to reply to a comment not belonging to the current nid.
+        $comment = db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comment} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = :cid', array(
+          ':cid' => $pid,
+        ))->fetchObject();
+        if ($comment) {
+          // Verify the current and parent comment both belong to the same
+          // parent node and that the comment is either published or the
+          // user can administer comments.
+          if ($comment->nid != $node->nid || ($comment->status != COMMENT_PUBLISHED && !user_access('administer comments'))) {
+            // Attempting to reply to a comment not belonging to the current nid
+            // or to an unpublished comment.
             drupal_set_message(t('The comment you are replying to does not exist.'), 'error');
             drupal_goto("node/$node->nid");
           }