editcomment.php

   1 <?php
   2 /*=====================================================================*\
   3 || ################################################################### ||
   4 || # BugStrike [#]version[#]
   5 || # --------------------------------------------------------------- # ||
   6 || # Copyright ©2002-[#]year[#] by Iris Studios, Inc. All Rights Reserved. # ||
   7 || # This file may not be reproduced in any way without permission.  # ||
   8 || # --------------------------------------------------------------- # ||
   9 || # User License Agreement at http://www.iris-studios.com/license/  # ||
  10 || ################################################################### ||
  11 \*=====================================================================*/
  12
  13 $fetchtemplates = array(
  14         'editcomment'
  15 );
  16
  17 require_once('./global.php');
  18
  19 $comment = $db->query_first("
  20         SELECT comment.*, user.email, user.showemail, user.displayname
  21         FROM " . TABLE_PREFIX . "comment AS comment
  22         LEFT JOIN " . TABLE_PREFIX . "user AS user
  23                 ON (comment.userid = user.userid)
  24         WHERE comment.commentid = " . intval($bugsys->in['commentid'])
  25 );
  26
  27 if (!$comment)
  28 {
  29         $message->error('alert: bad comment');
  30 }
  31
  32 $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");
  33
  34 if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')))
  35 {
  36         $message->error_permission();
  37 }
  38
  39 if ($bug['hidden'] AND !can_perform('canviewhidden'))
  40 {
  41         $message->error_permissison();
  42 }
  43
  44 // ###################################################################
  45
  46 if (empty($_REQUEST['do']))
  47 {
  48         $_REQUEST['do'] = 'edit';
  49 }
  50
  51 // ###################################################################
  52
  53 if ($_POST['do'] == 'update')
  54 {
  55         if (!$bugsys->in['comment'])
  56         {
  57                 $message->error('you need to enter some text');
  58         }
  59
  60         $bugsys->in['comment_parsed'] = $bugsys->in['comment'];
  61
  62         if (!$bugsys->options['allowhtml'])
  63         {
  64                 $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
  65         }
  66
  67         $db->query("
  68                 UPDATE " . TABLE_PREFIX . "comment
  69                 SET comment = '" . $bugsys->in['comment'] . "',
  70                         comment_parsed = '" . nl2br($bugsys->in['comment_parsed']) . "',
  71                         hidden = " . intval($bugsys->in['hidden']) . "
  72                 WHERE commentid = $comment[commentid]"
  73         );
  74
  75         // setup logging
  76         require_once('./includes/class_history.php');
  77         $log = new History();
  78         $log->bugid = $bug['bugid'];
  79         $log->language = 'log_update_comment';
  80         $log->arguments = array($comment['commentid']);
  81         $log->log();
  82         $log->log($log->diff('hidden', $comment['hidden'], intval($bugsys->in['hidden'])));
  83
  84         $lastgood = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "comment WHERE bugid = $bug[bugid] AND !hidden ORDER BY dateline DESC");
  85         $db->query("
  86                 UPDATE " . TABLE_PREFIX . "bug
  87                 SET hiddenlastposttime = $lastgood[dateline],
  88                         hiddenlastpostby = $lastgood[userid]
  89                 WHERE bugid = $bug[bugid]"
  90         );
  91
  92         $message->redirect('comment saved', "showreport.php?bugid=$bug[bugid]");
  93 }
  94
  95 // ###################################################################
  96
  97 if ($_REQUEST['do'] == 'edit')
  98 {
  99         $comment['posttime'] = $datef->format($bugsys->options['dateformat'], $comment['dateline']);
 100         $comment['postby'] = construct_user_display($comment);
 101         $comment['comment'] = $bugsys->sanitize($comment['comment']);
 102         eval('$template->flush("' . $template->fetch('editcomment') . '");');
 103 }
 104
 105 /*=====================================================================*\
 106 || ###################################################################
 107 || # $HeadURL$
 108 || # $Id$
 109 || ###################################################################
 110 \*=====================================================================*/
 111 ?>