From 04956b08a0115911eccfbc1270e05e4f738205af Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Thu, 23 Dec 2004 20:32:13 +0000 Subject: [PATCH] r17: Initial SVN for newcomment.php. --- newcomment.php | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 newcomment.php diff --git a/newcomment.php b/newcomment.php new file mode 100644 index 0000000..d163bdd --- /dev/null +++ b/newcomment.php @@ -0,0 +1,85 @@ +userinfo['permissions'] & CANPOSTCOMMENTS)) +{ + echo 'no permission'; + exit; +} + +// ################################################################### + +if (empty($_REQUEST['do'])) +{ + $_REQUEST['do'] = 'add'; +} + +// ################################################################### + +if ($_POST['do'] == 'insert') +{ + sanitize(array('bugid' => INT, 'comment' => STR)); + + if (!$bugsys->options['allowhtml']) + { + $vars['comment'] = htmlspecialcharslike($vars['comment']); + } + + $DB_sql->query(" + INSERT INTO " . TABLE_PREFIX . "comment + (bugid, userid, dateline, comment) + VALUES + ($vars[bugid], " . $bugsys->userinfo['userid'] . ", + " . time() . ", '" . addslasheslike($vars['comment']) . "' + )" + ); + + echo 'comment inserted'; +} + +// ################################################################### + +if ($_REQUEST['do'] == 'add') +{ + sanitize(array('bugid' => INT)); + + if (!$vars['bugid']) + { + echo 'alert: bad bug'; + exit; + } + + $bug = $DB_sql->query_first("SELECT bug.*, comment.comment FROM " . TABLE_PREFIX . "bug LEFT JOIN " . TABLE_PREFIX . "comment AS comment ON (bug.bugid = comment.bugid) WHERE bug.bugid = $vars[bugid]"); + if (!$bug) + { + echo 'alert: bad bug'; + exit; + } + + echo "
New comment for: $bug[summary]
"; + echo '
'; + echo '
Comment:
'; + echo '
'; + + echo '

'; + echo '
Summary Report: ' . $bug['summary'] . '
' . $bug['comment'] . '
'; +} + +/*=====================================================================*\ +|| ################################################################### +|| # $HeadURL$ +|| # $Id$ +|| ################################################################### +\*=====================================================================*/ +?> \ No newline at end of file -- 2.43.5