INT));
$comment = $DB_sql->query_first("
SELECT comment.*, user.email, user.showemail, user.displayname
FROM " . TABLE_PREFIX . "comment AS comment
LEFT JOIN " . TABLE_PREFIX . "user AS user
ON (comment.userid = user.userid)
WHERE comment.commentid = $vars[commentid]"
);
if (!$comment)
{
echo 'alert: bad comment';
exit;
}
$bug = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");
if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')))
{
echo 'no permission';
exit;
}
// ###################################################################
if (empty($_REQUEST['do']))
{
$_REQUEST['do'] = 'edit';
}
/*
#*# do these later after we work out some kind of permission system
// ###################################################################
if ($_REQUEST['do'] == 'kill')
{
// run code to remove item in database
}
// ###################################################################
if ($_REQUEST['do'] == 'delete')
{
// display delete confirmation message
}*/
// ###################################################################
if ($_POST['do'] == 'update')
{
sanitize(array('comment' => STR));
if (!$vars['comment'])
{
echo 'you need to enter some text';
exit;
}
$vars['comment_parsed'] = $vars['comment'];
if (!$bugsys->options['allowhtml'])
{
$vars['comment_parsed'] = htmlspecialcharslike($vars['comment_parsed']);
}
$DB_sql->query("
UPDATE " . TABLE_PREFIX . "comment
SET comment = '" . addslasheslike($vars['comment']) . "',
comment_parsed = '" . addslasheslike(nl2br($vars['comment_parsed'])) . "'
WHERE commentid = $vars[commentid]"
);
echo "comment saved";
}
// ###################################################################
if ($_REQUEST['do'] == 'edit')
{
echo "Bug: $bug[summary]
";
echo "Comment posted on: " . datelike('standard', $comment['dateline']) . "
";
echo "Comment posted by: " . construct_user_display($comment) . "
";
echo '';
}
/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
|| # $Id$
|| ###################################################################
\*=====================================================================*/
?>