From ad84dc4ea3db45841f6d0eafd1182a5369b19292 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Fri, 24 Dec 2004 10:23:37 +0000 Subject: [PATCH] r24: Initial SVN for editcomment.php and editreport.php. --- editcomment.php | 108 ++++++++++++++++++ editreport.php | 296 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 404 insertions(+) create mode 100644 editcomment.php create mode 100644 editreport.php diff --git a/editcomment.php b/editcomment.php new file mode 100644 index 0000000..5596c73 --- /dev/null +++ b/editcomment.php @@ -0,0 +1,108 @@ + INT)); + +$comment = $DB_sql->query_first(" + SELECT comment.*, user.email, user.showemail, user.displayname + FROM " . TABLE_PREFIX . "comment AS comment + LEFT JOIN " . TABLE_PREFIX . "user AS user + ON (comment.userid = user.userid) + WHERE comment.commentid = $vars[commentid]" +); + +if (!$comment) +{ + echo 'alert: bad comment'; + exit; +} + +$bug = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]"); + +if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers'))) +{ + echo 'no permission'; + exit; +} + +// ################################################################### + +if (empty($_REQUEST['do'])) +{ + $_REQUEST['do'] = 'edit'; +} +/* +#*# do these later after we work out some kind of permission system +// ################################################################### + +if ($_REQUEST['do'] == 'kill') +{ + // run code to remove item in database +} + +// ################################################################### + +if ($_REQUEST['do'] == 'delete') +{ + // display delete confirmation message +}*/ + +// ################################################################### + +if ($_POST['do'] == 'update') +{ + sanitize(array('comment' => STR)); + + if (!$vars['comment']) + { + echo 'you need to enter some text'; + exit; + } + + $vars['comment_parsed'] = $vars['comment']; + + if (!$bugsys->options['allowhtml']) + { + $vars['comment_parsed'] = htmlspecialcharslike($vars['comment_parsed']); + } + + $DB_sql->query(" + UPDATE " . TABLE_PREFIX . "comment + SET comment = '" . addslasheslike($vars['comment']) . "', + comment_parsed = '" . addslasheslike(nl2br($vars['comment_parsed'])) . "' + WHERE commentid = $vars[commentid]" + ); + + echo 'comment saved'; +} + +// ################################################################### + +if ($_REQUEST['do'] == 'edit') +{ + echo "
Bug: $bug[summary]
"; + echo "
Comment posted on: " . datelike('standard', $comment['dateline']) . "
"; + echo "
Comment posted by: " . construct_user_display($comment) . "
"; + echo '
'; + echo '
Comment:
'; + echo '
'; +} + +/*=====================================================================*\ +|| ################################################################### +|| # $HeadURL$ +|| # $Id$ +|| ################################################################### +\*=====================================================================*/ +?> \ No newline at end of file diff --git a/editreport.php b/editreport.php new file mode 100644 index 0000000..b4536b1 --- /dev/null +++ b/editreport.php @@ -0,0 +1,296 @@ + INT)); + +$bug = $DB_sql->query_first(" + SELECT bug.*, user.email, user.displayname, user.showemail + FROM " . TABLE_PREFIX . "bug AS bug + LEFT JOIN " . TABLE_PREFIX . "user AS user + ON (bug.userid = user.userid) + WHERE bug.bugid = $vars[bugid]" +); + +if (!$bug) +{ + echo 'alert: bad bug'; + exit; +} + +if (!(((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')) AND can_perform('caneditinfo'))) +{ + echo 'no permission'; + exit; +} + +// ################################################################### + +if (empty($_REQUEST['do'])) +{ + $_REQUEST['do'] = 'edit'; +} + +// ################################################################### +/* +#*# do these later once we have delete permissions figured out +if ($_REQUEST['do'] == 'kill') +{ + // run code to remove item in database +} + +// ################################################################### + +if ($_REQUEST['do'] == 'delete') +{ + // display delete confirmation message +}*/ + +// ################################################################### + +if ($_POST['do'] == 'update') +{ + sanitize(array( + 'summary' => STR_NOHTML, + 'priority' => INT, + 'status' => INT, + 'resolution' => INT, + 'assignedto' => INT, + 'changeproduct' => STR) + ); + + $DB_sql->query(" + UPDATE " . TABLE_PREFIX . "bug + SET summary = '" . addslasheslike($vars['summary']) . "', + priority = $vars[priority], status = $vars[status], + resolution = $vars[resolution], + assignedto = $vars[assignedto] + WHERE bugid = $bug[bugid]" + ); + + echo 'done with update bug'; + + if ($vars['changeproduct']) + { + $_REQUEST['do'] = 'editproduct'; + } +} + +// ################################################################### + +if ($_REQUEST['do'] == 'edit') +{ + echo '
'; + echo ''; + echo "
Bug ID: $bug[bugid]
"; + echo "
Summary/title: "; + if (can_perform('canchangestatus')) + { + echo '
Priority:
'; + + echo '
Status:
'; + + echo '
Resolution:
'; + } + if (can_perform('canassign')) + { + echo '
Assigned to:
'; + } + echo '
'; + echo '
'; +} + +// ################################################################### + +if ($_POST['do'] == 'updateproduct') +{ + sanitize(array('product' => INT, 'component' => INT, 'version' => INT)); + + var_dump($vars); + + if (!$vars['product'] OR !$vars['component'] OR !$vars['version']) + { + echo 'there was a problem selecting the product, component, or version'; + exit; + } + $product = $bugsys->datastore['product']["$vars[product]"]; + if (!$product) + { + echo 'please select a valid product'; + exit; + } + $version = $bugsys->datastore['version']["$vars[version]"]; + if (!$version) + { + echo 'please select a valid version'; + exit; + } + // no component + if ($vars['component'] == -1) + { + // not global version and version.productid != product.productid + if ($version['productid'] != 0 AND $version['productid'] != $product['productid']) + { + echo 'invalid version specified'; + exit; + } + } + // using a component + else + { + $component = $bugsys->datastore['product']["$vars[component]"]; + // component has the right mother + if ($component['componentmother'] == $product['productid']) + { + // version.productid != {component.productid | product.productid} + if (($version['productid'] != $component['productid'] AND $version['productid'] != $product['productid']) AND $version['productid'] != 0) + { + echo 'invalid version specified'; + exit; + } + } + else + { + echo 'invalid component specified'; + exit; + } + } + + // good-to-go + $DB_sql->query("UPDATE " . TABLE_PREFIX . "bug SET productid = $vars[product], componentid = $vars[component], versionid = $vars[version] WHERE bugid = $bug[bugid]"); + + echo 'changed product info'; +} + +// ################################################################### + +if ($_REQUEST['do'] == 'editproduct') +{ + sanitize(array('product' => INT, 'component' => INT, 'version' => INT)); + + // the user can hit the back button without reposting data... + if (!$vars['product'] OR !$vars['component']) + { + $method = 'get'; + } + else + { + $method = 'post'; + } + + echo '
'; + + $do = 'editproduct'; + + if (!$vars['product']) + { + echo 'Product: '; + } + else if (!$vars['component']) + { + echo 'Component: '; + echo ''; + } + else if (!$vars['version']) + { + echo 'Version: '; + echo ''; + echo ''; + $do = 'updateproduct'; + } + + echo ''; + echo '
'; + echo '
'; +} + +/*=====================================================================*\ +|| ################################################################### +|| # $HeadURL$ +|| # $Id$ +|| ################################################################### +\*=====================================================================*/ +?> \ No newline at end of file -- 2.43.5