From 1c0fab30c9050cfe515afe0776a30bc697c1f0af Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 22 Aug 2005 03:10:34 +0000
Subject: [PATCH] r367: Only allow quick comment insert if we don't have
 permission to edit; hackish... will change with API's :-D

---
 editreport.php | 54 +++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/editreport.php b/editreport.php
index 1f09778..530221c 100644
--- a/editreport.php
+++ b/editreport.php
@@ -52,7 +52,7 @@ if ($_POST['do'] == 'update')
 {
 	// -------------------------------------------------------------------
 	// process comment stuff
-	if (can_perform('canpostcomments'))
+	if (!(((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')) AND can_perform('caneditinfo')))
 	{
 		$hascomment = (!empty($bugsys->in['comment'])) ? true : false;
 		
@@ -260,7 +260,59 @@ if ($_POST['do'] == 'update')
 	}
 	
 	$log->allowempty = false;
+	
+	$hascomment = (!empty($bugsys->in['comment'])) ? true : false;
+	
+	if ($hascomment OR $autoaction['comment'])
+	{
+		if ($hascomment AND $autoaction['comment'])
+		{
+			$bugsys->in['comment'] .= "\n\n--------------- AUTOMATIC RESPONSE ---------------\n" . $autoaction['comment'];
+		}
+		else if (!$hascomment AND $autoaction['comment'])
+		{
+			$bugsys->in['comment'] = $autoaction['comment'];
+		}
+		
+		$bugsys->in['comment_parsed'] = $bugsys->in['comment'];
+		
+		if (!$bugsys->options['allowhtml'])
+		{
+			$bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
+		}
+		
+		$time = TIMENOW;
+		
+		$db->query("
+			INSERT INTO " . TABLE_PREFIX . "comment
+				(bugid, userid, dateline, comment, comment_parsed)
+			VALUES
+				(" . intval($bugsys->in['bugid']) . ", " . $bugsys->userinfo['userid'] . ",
+				$time, '" . $bugsys->in['comment'] . "',
+				'" . nl2br($bugsys->in['comment_parsed']) . "'
+			)"
+		);
+		
+		$commentid = $db->insert_id();
+		
+		$db->query("
+			UPDATE " . TABLE_PREFIX . "bug
+			SET lastposttime = $time,
+				lastpostby = " . $bugsys->userinfo['userid'] . ",
+				hiddenlastposttime = $time,
+				hiddenlastpostby = " . $bugsys->userinfo['userid'] . "
+			WHERE bugid = " . intval($bugsys->in['bugid'])
+		);
+		
+		if ($hascomment)
+		{
+			$log->language = 'log_new_comment';
+			$log->arguments = array($commentid);
+			$log->log();
+		}
+	}
 
+	
 	$message->redirect('done with update bug', "showreport.php?bugid=$bug[bugid]");
 }
 
-- 
2.22.5