https://src.bluestatic.org / bugdar.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix DB_MySQL_PDO::escape_binary().
[bugdar.git] / editcomment.php
1 <?php
2 /*=====================================================================*\
3 || ###################################################################
4 || # Bugdar
5 || # Copyright (c)2002-2007 Blue Static
6 || #
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version 2 of the License.
10 || #
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 || # more details.
15 || #
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
21
22 $fetchtemplates = array(
23 'editcomment'
24 );
25
26
27 $focus['showreport'] = 'focus';
28
29 require_once('./global.php');
30 require_once('./includes/api_comment.php');
31
32 require_once('./includes/class_api_error.php');
33 APIError(array(new API_Error_Handler($message), 'user_cumulative'));
34
35 $commentapi = new CommentAPI($bugsys);
36 $commentapi->set('commentid', $bugsys->in['commentid']);
37 $commentapi->set_condition();
38 $commentapi->fetch();
39
40 $comment =& $commentapi->objdata;
41
42 $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");
43
44 if (!check_bug_permissions($bug))
45 {
46 $message->errorPermission();
47 }
48
49 function update_lastpost_time($bug) {
50 global $bugsys;
51 $lastgoodpublic = $bugsys->db->query_first("
52 SELECT comment.dateline, comment.userid, user.displayname AS username
53 FROM " . TABLE_PREFIX . "comment AS comment
54 LEFT JOIN " . TABLE_PREFIX . "user AS user
55 ON (user.userid = comment.userid)
56 WHERE bugid = $bug[bugid]
57 AND !hidden ORDER BY dateline DESC
58 ");
59 $lastgoodprivate = $bugsys->db->query_first("
60 SELECT comment.dateline, comment.userid, user.displayname AS username
61 FROM " . TABLE_PREFIX . "comment AS comment
62 LEFT JOIN " . TABLE_PREFIX . "user AS user
63 ON (user.userid = comment.userid)
64 WHERE bugid = $bug[bugid]
65 ORDER BY dateline DESC
66 ");
67 $bugsys->db->query("
68 UPDATE " . TABLE_PREFIX . "bug
69 SET hiddenlastposttime = $lastgoodpublic[dateline],
70 hiddenlastpostby = $lastgoodpublic[userid],
71 hiddenlastpostbyname = '" . $bugsys->db->escape_string($lastgoodpublic['username']) . "',
72 lastposttime = $lastgoodprivate[dateline],
73 lastpostby = $lastgoodprivate[userid],
74 lastpostbyname = '" . $bugsys->db->escape_string($lastgoodprivate['username']) . "'
75 WHERE bugid = $bug[bugid]"
76 );
77 }
78
79 // ###################################################################
80
81 if (empty($_REQUEST['do']))
82 {
83 $_REQUEST['do'] = 'edit';
84 }
85
86 // ###################################################################
87
88 if ($_POST['do'] == 'kill')
89 {
90 if (!can_perform('candeletedata', $bug['product']))
91 {
92 $message->errorPermission();
93 }
94
95 // get the last post (as in prior to deletion)
96 $lastpost = $db->query_first("SELECT commentid FROM " . TABLE_PREFIX . "comment WHERE bugid = $bug[bugid] ORDER BY dateline DESC");
97
98 $commentapi->delete();
99
100 // check to see if we need to rebuild the lastpost information
101 if ($lastpost['commentid'] == $comment['commentid'])
102 {
103 update_lastpost_time($bug);
104 }
105
106 $message->redirect(T('The comment has been deleted. You will be redirected back to the bug.'), 'showreport.php?bugid=' . $bug['bugid']);
107 }
108
109 // ###################################################################
110
111 if ($_REQUEST['do'] == 'delete')
112 {
113 if (!can_perform('candeletedata', $bug['product']))
114 {
115 $message->errorPermission();
116 }
117
118 if ($bug['initialreport'] == $comment['commentid'])
119 {
120 $message->error(T('You cannot delete this comment because it is attached to the bug as the first comment. You have to delete the entire bug instead (which is not recommended unless it is spam).'));
121 }
122
123 $message->confirm(T('Are you sure you want to delete this comment? After you do so, the data <strong>will</strong> be lost forever. We recommend only deleting spam comments and nothing else.'), 'editcomment.php', 'kill', T('Delete Comment'), 'showreport.php?bugid=' . $bug['bugid'], array('commentid' => $comment['commentid']));
124 }
125
126 // ###################################################################
127
128 if ($_POST['do'] == 'update')
129 {
130 if (!((can_perform('caneditownreply', $bug['product']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['product']) AND $bugsys->userinfo['userid'] != $comment['userid'])))
131 {
132 $message->errorPermission();
133 }
134
135 $commentapi->set('comment', $bugsys->in['comment']);
136 $commentapi->set('parselinks', $bugsys->in['parselinks']);
137 $commentapi->set('hidden', $bugsys->in['hidden']);
138
139 if ($bugsys->in['commentid'] == $bug['initialreport'] AND $bugsys->in['hidden'])
140 {
141 $message->addError(T('You cannot hide the first comment/initial report of a bug. Instead, hide the entire bug.'));
142 }
143
144 if (!$message->hasErrors())
145 {
146 $commentapi->update();
147
148 // setup logging
149 require_once('./includes/class_logging.php');
150 $log = new Logging;
151 $log->set_bugid($bug['bugid']);
152 $log->set_commentid($comment['commentid']);
153
154 $log->add_data(true, $commentapi->objdata, array('comment', 'hidden'), false, 'comment');
155 $log->add_data(false, $commentapi->values, array('comment', 'hidden'), false, 'comment');
156
157 update_lastpost_time($bug);
158 $log->update_history();
159 $message->redirect(T('The comment was modified successfully.'), "showreport.php?bugid=$bug[bugid]");
160 }
161 else
162 {
163 $show['errors'] = true;
164 $_REQUEST['do'] = 'edit';
165 $comment['comment'] = $bugsys->in['comment'];
166 $comment['hidden'] = $bugsys->in['hidden'];
167 }
168 }
169
170 // ###################################################################
171
172 if ($_REQUEST['do'] == 'edit')
173 {
174 if (!((can_perform('caneditownreply', $bug['product']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['product']) AND $bugsys->userinfo['userid'] != $comment['userid'])))
175 {
176 $message->errorPermission();
177 }
178
179 $comment['posttime'] = $datef->format($bugsys->options['dateformat'], $comment['dateline']);
180 if ($comment['userid'])
181 {
182 $commenter = new UserAPI($bugsys);
183 $commenter->set('userid', $comment['userid']);
184 $commenter->set_condition();
185 $commenter->fetch();
186 $commenter = $commenter->objdata;
187 }
188 $comment['postby'] = construct_user_display($commenter);
189 $comment['comment'] = $bugsys->sanitize($comment['comment']);
190 $show['hide'] = ($bug['initialreport'] != $comment['commentid'] ? true : false);
191 eval('$template->flush("' . $template->fetch('editcomment') . '");');
192 }
193
Open-source PHP-MySQL bug tracking system that has customizable CSS/XHTML templates, email notifications, Atom syndication, internationalization support, and a very simple setup.