r206: Allow bugs to be hidden for security reasons or if they want to look deleted.

[bugdar.git] / editcomment.php

<?php
/*=====================================================================*\
|| ################################################################### ||
|| # BugStrike [#]version[#]
|| # --------------------------------------------------------------- # ||
|| # Copyright ©2002-[#]year[#] by Iris Studios, Inc. All Rights Reserved. # ||
|| # This file may not be reproduced in any way without permission.  # ||
|| # --------------------------------------------------------------- # ||
|| # User License Agreement at http://www.iris-studios.com/license/  # ||
|| ################################################################### ||
\*=====================================================================*/

$fetchtemplates = array(
        'editcomment'
);

require_once('./global.php');

$comment = $db->query_first("
        SELECT comment.*, user.email, user.showemail, user.displayname
        FROM " . TABLE_PREFIX . "comment AS comment
        LEFT JOIN " . TABLE_PREFIX . "user AS user
                ON (comment.userid = user.userid)
        WHERE comment.commentid = " . intval($bugsys->in['commentid'])
);

if (!$comment)
{
        $message->error('alert: bad comment');
}

$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");

if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')))
{
        $message->error_permission();
}

if ($bug['hidden'] AND !can_perform('canviewhiddenbugs'))
{
        $message->error_permissison();
}

// ###################################################################

if (empty($_REQUEST['do']))
{
        $_REQUEST['do'] = 'edit';
}
/*
#*# do these later after we work out some kind of permission system
// ###################################################################

if ($_REQUEST['do'] == 'kill')
{
        // run code to remove item in database
}

// ###################################################################

if ($_REQUEST['do'] == 'delete')
{
        // display delete confirmation message
}*/

// ###################################################################

if ($_POST['do'] == 'update')
{
        if (!$bugsys->in['comment'])
        {
                $message->error('you need to enter some text');
        }
        
        $bugsys->in['comment_parsed'] = $bugsys->in['comment'];
        
        if (!$bugsys->options['allowhtml'])
        {
                $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
        }
        
        $db->query("
                UPDATE " . TABLE_PREFIX . "comment
                SET comment = '" . $bugsys->in['comment'] . "',
                        comment_parsed = '" . nl2br($bugsys->in['comment_parsed']) . "'
                WHERE commentid = $comment[commentid]"
        );
        
        // setup logging
        require_once('./includes/class_history.php');
        $log = new History();
        $log->bugid = $bug['bugid'];
        $log->language = 'log_update_comment';
        $log->arguments = array($comment['commentid']);
        $log->log();
        
        $message->redirect('comment saved', "showreport.php?bugid=$bug[bugid]");
}

// ###################################################################

if ($_REQUEST['do'] == 'edit')
{
        $comment['posttime'] = datelike('standard', $comment['dateline']);
        $comment['postby'] = construct_user_display($comment);
        $comment['comment'] = $bugsys->sanitize($comment['comment']);
        eval('$template->flush("' . $template->fetch('editcomment') . '");');
}

/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
|| # $Id$
|| ###################################################################
\*=====================================================================*/
?>