From e21288c20121183bf1fea3747279242ebbee4f52 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Sat, 14 May 2005 21:13:46 +0000
Subject: [PATCH] r134: - Fixed a problem where the bug fetcher would fetch the
 wrong bug because of a wrong ID passed from the $attachment[] array - Added
 edit/update attachment methods

---
 attachment.php                   | 29 ++++++++++++++++++++++++-----
 templates/default/editattach.tpl | 16 ++++++++++++++++
 2 files changed, 40 insertions(+), 5 deletions(-)
 create mode 100644 templates/default/editattach.tpl

diff --git a/attachment.php b/attachment.php
index bbeb0b2..61e915b 100755
--- a/attachment.php
+++ b/attachment.php
@@ -12,7 +12,7 @@
 
 $fetchtemplates = array(
 	'newattach',
-	//'editattach'
+	'editattach'
 );
 
 require_once('./global.php');
@@ -27,7 +27,7 @@ if (isset($bugsys->in['attachmentid']))
 	}
 }
 
-$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid']));
+$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . (($attachment['attachmentid']) ? $attachment['bugid'] : intval($bugsys->in['bugid'])));
 if (!$bug)
 {
 	echo 'alert: bad bug';
@@ -79,7 +79,7 @@ if ($_POST['do'] == 'insert')
 		exit;
 	}
 	
-	// put some MIME-type validation here
+	// #*# put some MIME-type validation here
 	
 	if (!$bugsys->in['description'])
 	{
@@ -166,14 +166,33 @@ if ($_REQUEST['do'] == 'add')
 
 if ($_POST['do'] == 'update')
 {
-	// run code to update item in database
+	if (!(can_perform('caneditattach') OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach'))))
+	{
+		echo 'alert: no permssion';
+		exit;
+	}
+	
+	$db->query("
+		UPDATE " . TABLE_PREFIX . "attachment
+		SET description = '" . $bugsys->in['description'] . "',
+			obsolete = " . intval($bugsys->in['obsolete']) . "
+		WHERE attachmentid = " . intval($bugsys->in['attachmentid'])
+	);
+	
+	echo "<a href=\"showreport.php?bugid=$bug[bugid]\">attachment updated</a>";
 }
 
 // ###################################################################
 
 if ($_REQUEST['do'] == 'edit')
 {
-	// display form to edit item
+	if (!(can_perform('caneditattach') OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach'))))
+	{
+		echo 'alert: no permssion';
+		exit;
+	}
+	
+	eval('$template->flush("' . $template->fetch('editattach') . '");');
 }
 
 /*=====================================================================*\
diff --git a/templates/default/editattach.tpl b/templates/default/editattach.tpl
new file mode 100644
index 0000000..e185c18
--- /dev/null
+++ b/templates/default/editattach.tpl
@@ -0,0 +1,16 @@
+<form action="attachment.php" method="post" name="editattach">
+	<input name="do" type="hidden" value="update" />
+	<input name="attachmentid" type="hidden" value="$attachment[attachmentid]" />
+	
+	<div><strong>Attachment:</strong> <a href="viewattachment.php?attachmentid=$attachment[attachmentid]">View</a> [$attachment[filename]]</div>
+	
+	<div><strong>Bug:</strong> $bug[summary] (bugid: $bug[bugid])</div>
+	
+	<div><strong>Description:</strong> <input name="description" type="text" size="35" value="$attachment[description]" /></div>
+	
+	<div><strong>Obsolete:</strong> <input name="obsolete" type="checkbox" value="1"<if condition="$attachment['obsolete']"> checked="checked"</if> /></div>
+	
+<input name="submit" type="submit" value="  Submit  " accesskey="s" />
+<input name="reset" type="reset" value="  Reset  " accesskey="r" />
+
+</form>
\ No newline at end of file
-- 
2.22.5