newcomment.php

   1 <?php
   2 /*=====================================================================*\
   3 || ################################################################### ||
   4 || # Renapsus [#]version[#]
   5 || # --------------------------------------------------------------- # ||
   6 || # All parts of this file are ©2003-[#]year[#] Iris Studios, Inc. No     # ||
   7 || # part of this file may be reproduced in any way: part or whole.  # ||
   8 || # --------------------------------------------------------------- # ||
   9 || # ©2003 - [#]year[#] Iris Studios, Inc. | http://www.iris-studios.com   # ||
  10 || ################################################################### ||
  11 \*=====================================================================*/
  12
  13 require_once('./global.php');
  14
  15 if (!can_perform('canpostcomments'))
  16 {
  17         echo 'no permission';
  18         exit;
  19 }
  20
  21 // ###################################################################
  22
  23 if (empty($_REQUEST['do']))
  24 {
  25         $_REQUEST['do'] = 'add';
  26 }
  27
  28 // ###################################################################
  29
  30 if ($_POST['do'] == 'insert')
  31 {
  32         sanitize(array('bugid' => INT, 'comment' => STR));
  33
  34         $vars['comment_parsed'] = $vars['comment'];
  35
  36         if (!$bugsys->options['allowhtml'])
  37         {
  38                 $vars['comment_parsed'] = htmlspecialcharslike($vars['comment_parsed']);
  39         }
  40
  41         $time = time();
  42
  43         $DB_sql->query("
  44                 INSERT INTO " . TABLE_PREFIX . "comment
  45                         (bugid, userid, dateline, comment, comment_parsed)
  46                 VALUES
  47                         ($vars[bugid], " . $bugsys->userinfo['userid'] . ",
  48                         $time, '" . addslasheslike($vars['comment']) . "',
  49                         '" . addslasheslike(nl2br($vars['comment_parsed'])) . "'
  50                 )"
  51         );
  52
  53         $DB_sql->query("UPDATE " . TABLE_PREFIX . "bug SET lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $vars[bugid]");
  54
  55         echo "<a href=\"showreport.php?bugid=$vars[bugid]\">comment inserted</a>";
  56 }
  57
  58 // ###################################################################
  59
  60 if ($_REQUEST['do'] == 'add')
  61 {
  62         sanitize(array('bugid' => INT));
  63
  64         $bug = $DB_sql->query_first("SELECT bug.*, comment.comment FROM " . TABLE_PREFIX . "bug LEFT JOIN " . TABLE_PREFIX . "comment AS comment ON (bug.bugid = comment.bugid) WHERE bug.bugid = $vars[bugid]");
  65         if (!$bug)
  66         {
  67                 echo 'alert: bad bug';
  68                 exit;
  69         }
  70
  71         echo "<div><strong>New comment for:</strong> <em>$bug[summary]</em></div>";
  72         echo '<form name="newcomment" method="post" action="newcomment.php"><input type="hidden" name="do" value="insert" /><input type="hidden" name="bugid" value="' . $bug['bugid'] . '" />';
  73         echo '<div><strong>Comment:</strong></div><textarea name="comment" cols="100" rows="35"></textarea>';
  74         echo '<div><input type="submit" name="submit" value="Add Comment" /></form>';
  75
  76         echo '<br /><br /><table border="1" cellspacing="2" cellpadding="4" width="100%"><tr style="background-color:#EEEEEE"><td><strong>Summary Report:</strong> ' . $bug['summary'] . '</td></tr>';
  77         echo '<tr><td>' . $bug['comment'] . '</td></tr></table>';
  78 }
  79
  80 /*=====================================================================*\
  81 || ###################################################################
  82 || # $HeadURL$
  83 || # $Id$
  84 || ###################################################################
  85 \*=====================================================================*/
  86 ?>