From 358423c61a16d001b7ba0db04f2a1dd82f2a967b Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Thu, 23 Dec 2004 22:34:59 +0000 Subject: [PATCH] r20: Changed newreport.php, newreport.php, and showreport.php to use commment.comment_parsed which has a nl2br() and a htmlspecialcharslike() (if necessary) version of the comment; leaving comment.comment straight input. Also added edit report and comment links to showreport.php. Created construct_user_display() in includes/functions.php that assembles a user bit in this format: DISPLAY_NAME (userid: USERID). --- includes/functions.php | 8 ++++++++ newcomment.php | 9 ++++++--- newreport.php | 9 ++++++--- showreport.php | 18 ++++++++++++++---- 4 files changed, 34 insertions(+), 10 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index bb576bd..ae0d7c5 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -251,6 +251,14 @@ function datelike($format, $timestamp) return date($format, ($timestamp + (60 * $bugsys->userinfo['timezone']))); } +// ################### Start construct_user_display ################## +// $userinfo needs userid, email, displayname, and showemail +function construct_user_display($userinfo) +{ + fetch_user_display_name($userinfo); + return "$userinfo[displayname]" . iff($userinfo['showemail'], " <$userinfo[email]>") . " (userid: $userinfo[userid])"; +} + /*=====================================================================*\ || ################################################################### || # $HeadURL$ diff --git a/newcomment.php b/newcomment.php index d163bdd..2eb2ba6 100644 --- a/newcomment.php +++ b/newcomment.php @@ -31,17 +31,20 @@ if ($_POST['do'] == 'insert') { sanitize(array('bugid' => INT, 'comment' => STR)); + $vars['comment_parsed'] = $vars['comment']; + if (!$bugsys->options['allowhtml']) { - $vars['comment'] = htmlspecialcharslike($vars['comment']); + $vars['comment_parsed'] = htmlspecialcharslike($vars['comment_parsed']); } $DB_sql->query(" INSERT INTO " . TABLE_PREFIX . "comment - (bugid, userid, dateline, comment) + (bugid, userid, dateline, comment, comment_parsed) VALUES ($vars[bugid], " . $bugsys->userinfo['userid'] . ", - " . time() . ", '" . addslasheslike($vars['comment']) . "' + " . time() . ", '" . addslasheslike($vars['comment']) . "', + '" . addslasheslike(nl2br($vars['comment_parsed'])) . "' )" ); diff --git a/newreport.php b/newreport.php index 52418e0..cb89ae0 100755 --- a/newreport.php +++ b/newreport.php @@ -135,9 +135,11 @@ if ($_POST['do'] == 'insert') } } + $vars['comment_parsed'] = $vars['comment']; + if (!$bugsys->options['allowhtml']) { - $vars['comment'] = htmlspecialcharslike($vars['comment']); + $vars['comment_parsed'] = htmlspecialcharslike($vars['comment_parsed']); } // create the bug report @@ -155,11 +157,12 @@ if ($_POST['do'] == 'insert') // insert the comment to the database $DB_sql->query(" INSERT INTO " . TABLE_PREFIX . "comment - (bugid, userid, dateline, comment ## comment_parsed -- not using, ATM ### + (bugid, userid, dateline, comment, comment_parsed ) VALUES ($bugid, " . $bugsys->userinfo['userid'] . ", - " . time() . ", '" . addslasheslike($vars['comment']) . "' + " . time() . ", '" . addslasheslike($vars['comment']) . "', + '" . addslasheslike(nl2br($vars['comment_parsed'])) . "' )" ); diff --git a/showreport.php b/showreport.php index 4780273..f478228 100644 --- a/showreport.php +++ b/showreport.php @@ -52,14 +52,19 @@ if ($_REQUEST['do'] == 'modify') } echo "
Bug ID: $bug[bugid]
"; - echo "
Reported by: $bug[displayname]" . iff($bug['showemail'], " <$bug[email]>") . " (userid: $bug[userid])
"; + echo "
Reported by: " . construct_user_display($bug) . "
"; echo "
Product: " . $bugsys->datastore['product']["$bug[productid]"]['title'] . iff($bug['componentid'], ' / Component:' . $bugsys->datastore['product']["$bug[componentid]"]['title'] . '') . ' / Version: ' . $bugsys->datastore['version']["$bug[versionid]"]['version'] . "
"; echo "
Title / summary: $bug[summary]
"; echo "
Status: " . $bugsys->datastore['status']["$bug[status]"]['status'] . " / Resolution: " . $bugsys->datastore['resolution']["$bug[resolution]"]['resolution'] . "
"; echo "
Severity: " . $bugsys->datastore['severity']["$bug[severity]"]['severity'] . "
"; echo "
Priority: " . $bugsys->datastore['priority']["$bug[priority]"]['priority'] . "
"; $assigninfo = $bugsys->datastore['assignto']["$bug[assignedto]"]; - echo iff(is_array($assigninfo), "
Assigned to: " . $assigninfo['displayname'] . iff($assigninfo['showemail'], " <$assigninfo[email]>") . " (userid: $assigninfo[userid])
"); + echo iff(is_array($assigninfo), "
Assigned to: " . construct_user_display($assigninfo) . "
"); + + if ($bugsys->userinfo['permissions'] & CANEDITINFO) + { + echo '
[Edit Bug Report]
'; + } echo '
'; @@ -73,8 +78,13 @@ if ($_REQUEST['do'] == 'modify') ); while ($comment = $DB_sql->fetch_array($comments)) { - echo '"; - echo "
' . datelike('standard', $comment['dateline']) . '' . $comment['displayname'] . iff($comment['showemail'], " <$comment[email]>") . " (userid: $comment[userid])
" . nl2br($comment['comment']) . "
"; + echo '"; + echo ""; + if (($bugsys->userinfo['permissions'] & CANEDITOWN AND $bugsys->userinfo['userid'] == $comment['userid']) OR $bugsys->userinfo['permissions'] & CANEDITOTHERS) + { + echo ""; + } + echo "
' . datelike('standard', $comment['dateline']) . '' . construct_user_display($comment) . "
" . $comment['comment_parsed'] . "
[Edit Comment]
"; } if ($bugsys->userinfo['permissions'] & CANPOSTCOMMENTS) -- 2.22.5