From 1c0fab30c9050cfe515afe0776a30bc697c1f0af Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Mon, 22 Aug 2005 03:10:34 +0000 Subject: [PATCH] r367: Only allow quick comment insert if we don't have permission to edit; hackish... will change with API's :-D --- editreport.php | 54 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/editreport.php b/editreport.php index 1f09778..530221c 100644 --- a/editreport.php +++ b/editreport.php @@ -52,7 +52,7 @@ if ($_POST['do'] == 'update') { // ------------------------------------------------------------------- // process comment stuff - if (can_perform('canpostcomments')) + if (!(((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')) AND can_perform('caneditinfo'))) { $hascomment = (!empty($bugsys->in['comment'])) ? true : false; @@ -260,7 +260,59 @@ if ($_POST['do'] == 'update') } $log->allowempty = false; + + $hascomment = (!empty($bugsys->in['comment'])) ? true : false; + + if ($hascomment OR $autoaction['comment']) + { + if ($hascomment AND $autoaction['comment']) + { + $bugsys->in['comment'] .= "\n\n--------------- AUTOMATIC RESPONSE ---------------\n" . $autoaction['comment']; + } + else if (!$hascomment AND $autoaction['comment']) + { + $bugsys->in['comment'] = $autoaction['comment']; + } + + $bugsys->in['comment_parsed'] = $bugsys->in['comment']; + + if (!$bugsys->options['allowhtml']) + { + $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']); + } + + $time = TIMENOW; + + $db->query(" + INSERT INTO " . TABLE_PREFIX . "comment + (bugid, userid, dateline, comment, comment_parsed) + VALUES + (" . intval($bugsys->in['bugid']) . ", " . $bugsys->userinfo['userid'] . ", + $time, '" . $bugsys->in['comment'] . "', + '" . nl2br($bugsys->in['comment_parsed']) . "' + )" + ); + + $commentid = $db->insert_id(); + + $db->query(" + UPDATE " . TABLE_PREFIX . "bug + SET lastposttime = $time, + lastpostby = " . $bugsys->userinfo['userid'] . ", + hiddenlastposttime = $time, + hiddenlastpostby = " . $bugsys->userinfo['userid'] . " + WHERE bugid = " . intval($bugsys->in['bugid']) + ); + + if ($hascomment) + { + $log->language = 'log_new_comment'; + $log->arguments = array($commentid); + $log->log(); + } + } + $message->redirect('done with update bug', "showreport.php?bugid=$bug[bugid]"); } -- 2.43.5