From 04956b08a0115911eccfbc1270e05e4f738205af Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Thu, 23 Dec 2004 20:32:13 +0000
Subject: [PATCH] r17: Initial SVN for newcomment.php.

---
 newcomment.php | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)
 create mode 100644 newcomment.php

diff --git a/newcomment.php b/newcomment.php
new file mode 100644
index 0000000..d163bdd
--- /dev/null
+++ b/newcomment.php
@@ -0,0 +1,85 @@
+<?php
+/*=====================================================================*\
+|| ################################################################### ||
+|| # [#]app[#] [#]version[#]
+|| # --------------------------------------------------------------- # ||
+|| # All parts of this file are ©2003-[#]year[#] Iris Studios, Inc. No     # || 
+|| # part of this file may be reproduced in any way: part or whole.  # ||
+|| # --------------------------------------------------------------- # ||
+|| # ©2003 - [#]year[#] Iris Studios, Inc. | http://www.iris-studios.com   # ||
+|| ################################################################### ||
+\*=====================================================================*/
+
+require_once('./global.php');
+
+if (!($bugsys->userinfo['permissions'] & CANPOSTCOMMENTS))
+{
+	echo 'no permission';
+	exit;
+}
+
+// ###################################################################
+
+if (empty($_REQUEST['do']))
+{
+	$_REQUEST['do'] = 'add';
+}
+
+// ###################################################################
+
+if ($_POST['do'] == 'insert')
+{
+	sanitize(array('bugid' => INT, 'comment' => STR));
+	
+	if (!$bugsys->options['allowhtml'])
+	{
+		$vars['comment'] = htmlspecialcharslike($vars['comment']);
+	}
+	
+	$DB_sql->query("
+		INSERT INTO " . TABLE_PREFIX . "comment
+			(bugid, userid, dateline, comment)
+		VALUES
+			($vars[bugid], " . $bugsys->userinfo['userid'] . ",
+			" . time() . ", '" . addslasheslike($vars['comment']) . "'
+		)"
+	);
+	
+	echo 'comment inserted';
+}
+
+// ###################################################################
+
+if ($_REQUEST['do'] == 'add')
+{
+	sanitize(array('bugid' => INT));
+	
+	if (!$vars['bugid'])
+	{
+		echo 'alert: bad bug';
+		exit;
+	}
+	
+	$bug = $DB_sql->query_first("SELECT bug.*, comment.comment FROM " . TABLE_PREFIX . "bug LEFT JOIN " . TABLE_PREFIX . "comment AS comment ON (bug.bugid = comment.bugid) WHERE bug.bugid = $vars[bugid]");
+	if (!$bug)
+	{
+		echo 'alert: bad bug';
+		exit;
+	}
+	
+	echo "<div><strong>New comment for:</strong> <em>$bug[summary]</em></div>";
+	echo '<form name="newcomment" method="post" action="newcomment.php"><input type="hidden" name="do" value="insert" /><input type="hidden" name="bugid" value="' . $bug['bugid'] . '" />';
+	echo '<div><strong>Comment:</strong></div><textarea name="comment" cols="100" rows="35"></textarea>';
+	echo '<div><input type="submit" name="submit" value="Add Comment" /></form>';
+	
+	echo '<br /><br /><table border="1" cellspacing="2" cellpadding="4" width="100%"><tr style="background-color:#EEEEEE"><td><strong>Summary Report:</strong> ' . $bug['summary'] . '</td></tr>';
+	echo '<tr><td>' . $bug['comment'] . '</td></tr></table>';
+}
+
+/*=====================================================================*\
+|| ###################################################################
+|| # $HeadURL$
+|| # $Id$
+|| ###################################################################
+\*=====================================================================*/
+?>
\ No newline at end of file
-- 
2.22.5