Gazelle/sections/reportsv2/ajax_update_comment.php

<?
// perform the back end of updating a report comment

authorize();

if (!check_perms('admin_reports')) {
	error(403);
}

if (empty($_POST['reportid']) || !is_number($_POST['reportid'])) {
	echo 'HAX ATTEMPT!'.$_GET['reportid'];
	die();
}

$ReportID = $_POST['reportid'];

$Message = db_string($_POST['comment']);
//Message can be blank!

$DB->query("SELECT ModComment FROM reportsv2 WHERE ID=".$ReportID);
list($ModComment) = $DB->next_record();
if (isset($ModComment)) {
	$DB->query("Update reportsv2 SET ModComment='".$Message."' WHERE ID=".$ReportID);
}
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`<?`
			`// perform the back end of updating a report comment`

			`authorize();`

Empty commit 2013-05-04 08:00:48 +00:00			`if (!check_perms('admin_reports')) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`error(403);`
			`}`

Empty commit 2013-05-04 08:00:48 +00:00			`if (empty($_POST['reportid']) \|\| !is_number($_POST['reportid'])) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`echo 'HAX ATTEMPT!'.$_GET['reportid'];`
			`die();`
			`}`

			`$ReportID = $_POST['reportid'];`

			`$Message = db_string($_POST['comment']);`
			`//Message can be blank!`

			`$DB->query("SELECT ModComment FROM reportsv2 WHERE ID=".$ReportID);`
			`list($ModComment) = $DB->next_record();`
Empty commit 2013-05-04 08:00:48 +00:00			`if (isset($ModComment)) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$DB->query("Update reportsv2 SET ModComment='".$Message."' WHERE ID=".$ReportID);`
			`}`