INT)); $comment = $db->query_first(" SELECT comment.*, user.email, user.showemail, user.displayname FROM " . TABLE_PREFIX . "comment AS comment LEFT JOIN " . TABLE_PREFIX . "user AS user ON (comment.userid = user.userid) WHERE comment.commentid = $vars[commentid]" ); if (!$comment) { echo 'alert: bad comment'; exit; } $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]"); if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers'))) { echo 'no permission'; exit; } // ################################################################### if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'edit'; } /* #*# do these later after we work out some kind of permission system // ################################################################### if ($_REQUEST['do'] == 'kill') { // run code to remove item in database } // ################################################################### if ($_REQUEST['do'] == 'delete') { // display delete confirmation message }*/ // ################################################################### if ($_POST['do'] == 'update') { sanitize(array('comment' => STR)); if (!$vars['comment']) { echo 'you need to enter some text'; exit; } $vars['comment_parsed'] = $vars['comment']; if (!$bugsys->options['allowhtml']) { $vars['comment_parsed'] = htmlspecialcharslike($vars['comment_parsed']); } $db->query(" UPDATE " . TABLE_PREFIX . "comment SET comment = '" . addslasheslike($vars['comment']) . "', comment_parsed = '" . addslasheslike(nl2br($vars['comment_parsed'])) . "' WHERE commentid = $vars[commentid]" ); echo "comment saved"; } // ################################################################### if ($_REQUEST['do'] == 'edit') { $comment['posttime'] = datelike('standard', $comment['dateline']); $comment['postby'] = construct_user_display($comment); $comment['comment'] = htmlspecialcharslike($comment['comment']); eval('$tpl->flush("' . $tpl->fetch('editcomment') . '");'); } /*=====================================================================*\ || ################################################################### || # $HeadURL$ || # $Id$ || ################################################################### \*=====================================================================*/ ?>