From f87449f95ed05f80ffee7a6a95ab0a9f06fb2a76 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Mon, 6 Apr 2020 02:17:24 -0400 Subject: [PATCH] Fix SQL error when saving comment edits. --- editcomment.php | 77 +++++++++++++++++++++---------------------------- 1 file changed, 33 insertions(+), 44 deletions(-) diff --git a/editcomment.php b/editcomment.php index cf550e8..abef5e4 100644 --- a/editcomment.php +++ b/editcomment.php @@ -46,6 +46,36 @@ if (!check_bug_permissions($bug)) $message->errorPermission(); } +function update_lastpost_time($bug) { + global $bugsys; + $lastgoodpublic = $bugsys->db->query_first(" + SELECT comment.dateline, comment.userid, user.displayname AS username + FROM " . TABLE_PREFIX . "comment AS comment + LEFT JOIN " . TABLE_PREFIX . "user AS user + ON (user.userid = comment.userid) + WHERE bugid = $bug[bugid] + AND !hidden ORDER BY dateline DESC + "); + $lastgoodprivate = $bugsys->db->query_first(" + SELECT comment.dateline, comment.userid, user.displayname AS username + FROM " . TABLE_PREFIX . "comment AS comment + LEFT JOIN " . TABLE_PREFIX . "user AS user + ON (user.userid = comment.userid) + WHERE bugid = $bug[bugid] + ORDER BY dateline DESC + "); + $bugsys->db->query(" + UPDATE " . TABLE_PREFIX . "bug + SET hiddenlastposttime = $lastgoodpublic[dateline], + hiddenlastpostby = $lastgoodpublic[userid], + hiddenlastpostbyname = '" . $bugsys->db->escape_string($lastgoodpublic['username']) . "', + lastposttime = $lastgoodprivate[dateline], + lastpostby = $lastgoodprivate[userid], + lastpostbyname = '" . $bugsys->db->escape_string($lastgoodprivate['username']) . "' + WHERE bugid = $bug[bugid]" + ); +} + // ################################################################### if (empty($_REQUEST['do'])) @@ -70,32 +100,7 @@ if ($_POST['do'] == 'kill') // check to see if we need to rebuild the lastpost information if ($lastpost['commentid'] == $comment['commentid']) { - $lastgoodpublic = $db->query_first(" - SELECT comment.* AS comment, user.displayname AS username - FROM " . TABLE_PREFIX . "comment AS comment - LEFT JOIN " . TABLE_PREFIX . "user AS user - ON (user.userid = comment.userid) - WHERE bugid = $bug[bugid] - AND !hidden ORDER BY dateline DESC - "); - $lastgoodprivate = $db->query_first(" - SELECT comment.* AS comment, user.displayname AS username - FROM " . TABLE_PREFIX . "comment AS comment - LEFT JOIN " . TABLE_PREFIX . "user AS user - ON (user.userid = comment.userid) - WHERE bugid = $bug[bugid] - ORDER BY dateline DESC - "); - $db->query(" - UPDATE " . TABLE_PREFIX . "bug - SET hiddenlastposttime = $lastgoodpublic[dateline], - hiddenlastpostby = $lastgoodpublic[userid], - hiddenlastpostbyname = '" . $db->escape_string($lastgoodpublic['username']) . "', - lastposttime = $lastgoodprivate[dateline], - lastpostby = $lastgoodprivate[userid], - lastpostbyname = '" . $db->escape_string($lastgoodprivate['username']) . "' - WHERE bugid = $bug[bugid]" - ); + update_lastpost_time($bug); } $message->redirect(T('The comment has been deleted. You will be redirected back to the bug.'), 'showreport.php?bugid=' . $bug['bugid']); @@ -148,25 +153,9 @@ if ($_POST['do'] == 'update') $log->add_data(true, $commentapi->objdata, array('comment', 'hidden'), false, 'comment'); $log->add_data(false, $commentapi->values, array('comment', 'hidden'), false, 'comment'); - - $lastgood = $db->query_first(" - SELECT comment.* AS comment, user.displayname AS username - FROM " . TABLE_PREFIX . "comment AS comment - LEFT JOIN " . TABLE_PREFIX . "user AS user - ON (user.userid = comment.userid) - WHERE bugid = $bug[bugid] - AND !hidden ORDER BY dateline DESC - "); - $db->query(" - UPDATE " . TABLE_PREFIX . "bug - SET hiddenlastposttime = $lastgood[dateline], - hiddenlastpostby = $lastgood[userid], - hiddenlastpostbyname = '" . $db->escape_string($lastgood['username']) . "' - WHERE bugid = $bug[bugid]" - ); - + + update_lastpost_time($bug); $log->update_history(); - $message->redirect(T('The comment was modified successfully.'), "showreport.php?bugid=$bug[bugid]"); } else -- 2.22.5