INT)); $bug = $DB_sql->query_first(" SELECT bug.*, user.email, user.displayname, user.showemail FROM " . TABLE_PREFIX . "bug AS bug LEFT JOIN " . TABLE_PREFIX . "user AS user ON (bug.userid = user.userid) WHERE bug.bugid = $vars[bugid]" ); if (!$bug) { echo 'alert: bad bug'; exit; } if (!(((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')) AND can_perform('caneditinfo'))) { echo 'no permission'; exit; } // ################################################################### if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'edit'; } // ################################################################### /* #*# do these later once we have delete permissions figured out if ($_REQUEST['do'] == 'kill') { // run code to remove item in database } // ################################################################### if ($_REQUEST['do'] == 'delete') { // display delete confirmation message }*/ // ################################################################### if ($_POST['do'] == 'update') { sanitize(array( 'summary' => STR_NOHTML, 'priority' => INT, 'status' => INT, 'resolution' => INT, 'assignedto' => INT, 'changeproduct' => STR) ); $DB_sql->query(" UPDATE " . TABLE_PREFIX . "bug SET summary = '" . addslasheslike($vars['summary']) . "', priority = $vars[priority], status = $vars[status], resolution = $vars[resolution], assignedto = $vars[assignedto] WHERE bugid = $bug[bugid]" ); if ($vars['changeproduct']) { $_REQUEST['do'] = 'editproduct'; } else { echo "done with update bug"; } } // ################################################################### if ($_REQUEST['do'] == 'edit') { echo '