INT, 'comment' => STR)); $vars['comment_parsed'] = $vars['comment']; if (!$bugsys->options['allowhtml']) { $vars['comment_parsed'] = htmlspecialcharslike($vars['comment_parsed']); } $time = time(); $db->query(" INSERT INTO " . TABLE_PREFIX . "comment (bugid, userid, dateline, comment, comment_parsed) VALUES ($vars[bugid], " . $bugsys->userinfo['userid'] . ", $time, '" . addslasheslike($vars['comment']) . "', '" . addslasheslike(nl2br($vars['comment_parsed'])) . "' )" ); $db->query("UPDATE " . TABLE_PREFIX . "bug SET lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $vars[bugid]"); echo "comment inserted"; } // ################################################################### if ($_REQUEST['do'] == 'add') { sanitize(array('bugid' => INT)); $bug = $db->query_first("SELECT bug.*, comment.comment FROM " . TABLE_PREFIX . "bug LEFT JOIN " . TABLE_PREFIX . "comment AS comment ON (bug.bugid = comment.bugid) WHERE bug.bugid = $vars[bugid]"); if (!$bug) { echo 'alert: bad bug'; exit; } eval('$tpl->flush("' . $tpl->fetch('newcomment') . '");'); } /*=====================================================================*\ || ################################################################### || # $HeadURL$ || # $Id$ || ################################################################### \*=====================================================================*/ ?>