2 /*=====================================================================*\
3 || ################################################################### ||
4 || # Renapsus [#]version[#]
5 || # --------------------------------------------------------------- # ||
6 || # All parts of this file are ©2003-[#]year[#] Iris Studios, Inc. No # ||
7 || # part of this file may be reproduced in any way: part or whole. # ||
8 || # --------------------------------------------------------------- # ||
9 || # ©2003 - [#]year[#] Iris Studios, Inc. | http://www.iris-studios.com # ||
10 || ################################################################### ||
11 \*=====================================================================*/
13 require_once('./global.php');
15 sanitize(array('commentid' => INT));
17 $comment = $DB_sql->query_first("
18 SELECT comment.*, user.email, user.showemail, user.displayname
19 FROM " . TABLE_PREFIX
. "comment AS comment
20 LEFT JOIN " . TABLE_PREFIX
. "user AS user
21 ON (comment.userid = user.userid)
22 WHERE comment.commentid = $vars[commentid]"
27 echo 'alert: bad comment';
31 $bug = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX
. "bug WHERE bugid = $comment[bugid]");
33 if (!((can_perform('caneditown') AND $bugsys->userinfo
['userid'] == $comment['userid']) OR can_perform('caneditothers')))
39 // ###################################################################
41 if (empty($_REQUEST['do']))
43 $_REQUEST['do'] = 'edit';
46 #*# do these later after we work out some kind of permission system
47 // ###################################################################
49 if ($_REQUEST['do'] == 'kill')
51 // run code to remove item in database
54 // ###################################################################
56 if ($_REQUEST['do'] == 'delete')
58 // display delete confirmation message
61 // ###################################################################
63 if ($_POST['do'] == 'update')
65 sanitize(array('comment' => STR
));
67 if (!$vars['comment'])
69 echo 'you need to enter some text';
73 $vars['comment_parsed'] = $vars['comment'];
75 if (!$bugsys->options
['allowhtml'])
77 $vars['comment_parsed'] = htmlspecialcharslike($vars['comment_parsed']);
81 UPDATE " . TABLE_PREFIX
. "comment
82 SET comment = '" . addslasheslike($vars['comment']) . "',
83 comment_parsed = '" . addslasheslike(nl2br($vars['comment_parsed'])) . "'
84 WHERE commentid = $vars[commentid]"
87 echo "<a href=\"showreport.php?bugid=$bug[bugid]\">comment saved</a>";
90 // ###################################################################
92 if ($_REQUEST['do'] == 'edit')
94 echo "<div><strong>Bug:</strong> $bug[summary]</div>";
95 echo "<div><strong>Comment posted on:</strong> " . datelike('standard', $comment['dateline']) . "</div>";
96 echo "<div><strong>Comment posted by:</strong> " . construct_user_display($comment) . "</div>";
97 echo '<form name="editcomment" method="post" action="editcomment.php"><input type="hidden" name="do" value="update" /><input type="hidden" name="commentid" value="' . $comment['commentid'] . '" />';
98 echo '<div><strong>Comment:</strong></div><textarea name="comment" cols="100" rows="35">' . htmlspecialcharslike($comment['comment']) . '</textarea>';
99 echo '<div><input type="submit" name="submit" value="Save Changes" /></div></form>';
102 /*=====================================================================*\
103 || ###################################################################
106 || ###################################################################
107 \*=====================================================================*/