userinfo['permissions'] & CANPOSTCOMMENTS)) { echo 'no permission'; exit; } // ################################################################### if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'add'; } // ################################################################### if ($_POST['do'] == 'insert') { sanitize(array('bugid' => INT, 'comment' => STR)); if (!$bugsys->options['allowhtml']) { $vars['comment'] = htmlspecialcharslike($vars['comment']); } $DB_sql->query(" INSERT INTO " . TABLE_PREFIX . "comment (bugid, userid, dateline, comment) VALUES ($vars[bugid], " . $bugsys->userinfo['userid'] . ", " . time() . ", '" . addslasheslike($vars['comment']) . "' )" ); echo 'comment inserted'; } // ################################################################### if ($_REQUEST['do'] == 'add') { sanitize(array('bugid' => INT)); if (!$vars['bugid']) { echo 'alert: bad bug'; exit; } $bug = $DB_sql->query_first("SELECT bug.*, comment.comment FROM " . TABLE_PREFIX . "bug LEFT JOIN " . TABLE_PREFIX . "comment AS comment ON (bug.bugid = comment.bugid) WHERE bug.bugid = $vars[bugid]"); if (!$bug) { echo 'alert: bad bug'; exit; } echo "
New comment for: $bug[summary]
"; echo '
'; echo '
Comment:
'; echo '
'; echo '

'; echo '
Summary Report: ' . $bug['summary'] . '
' . $bug['comment'] . '
'; } /*=====================================================================*\ || ################################################################### || # $HeadURL$ || # $Id$ || ################################################################### \*=====================================================================*/ ?>