Gazelle/sections/collages/takeedit_comment.php

65 lines
1.7 KiB
PHP
Raw Normal View History

2011-03-28 14:21:28 +00:00
<?
authorize();
include(SERVER_ROOT.'/classes/class_text.php'); // Text formatting class
$Text = new TEXT;
// Quick SQL injection check
2013-05-05 08:00:31 +00:00
if (!$_POST['post'] || !is_number($_POST['post'])) {
2011-03-28 14:21:28 +00:00
error(404);
}
// End injection check
// Variables for database input
$UserID = $LoggedUser['ID'];
$Body = db_string(urldecode($_POST['body']));
$PostID = $_POST['post'];
2013-02-22 08:00:24 +00:00
// Mainly
2013-05-05 08:00:31 +00:00
$DB->query("
SELECT
cc.Body,
cc.UserID,
cc.CollageID,
(
SELECT COUNT(ID)
FROM collages_comments
WHERE ID <= $PostID
AND collages_comments.CollageID = cc.CollageID
)
FROM collages_comments AS cc
WHERE cc.ID='$PostID'");
2011-03-28 14:21:28 +00:00
list($OldBody, $AuthorID, $CollageID, $PostNum) = $DB->next_record();
// Make sure they aren't trying to edit posts they shouldn't
// We use die() here instead of error() because whatever we spit out is displayed to the user in the box where his forum post is
2013-05-05 08:00:31 +00:00
if ($UserID != $AuthorID && !check_perms('site_moderate_forums')) {
2011-03-28 14:21:28 +00:00
die('Permission denied');
}
2013-05-05 08:00:31 +00:00
if ($DB->record_count() == 0) {
2011-03-28 14:21:28 +00:00
die('Post not found!');
}
// Perform the update
2013-05-05 08:00:31 +00:00
$DB->query("
UPDATE collages_comments
SET
2011-03-28 14:21:28 +00:00
Body = '$Body'
WHERE ID='$PostID'");
$Cache->delete_value('collage_'.$CollageID);
$PageNum = ceil($PostNum / TORRENT_COMMENTS_PER_PAGE);
2013-05-05 08:00:31 +00:00
$CatalogueID = floor((POSTS_PER_PAGE * $PageNum - POSTS_PER_PAGE) / THREAD_CATALOGUE);
2011-03-28 14:21:28 +00:00
$Cache->delete_value('collage_'.$CollageID.'_catalogue_'.$CatalogueID);
2013-05-05 08:00:31 +00:00
$DB->query("
INSERT INTO comments_edits (Page, PostID, EditUser, EditTime, Body)
VALUES ('collages', $PostID, $UserID, '".sqltime()."', '".db_string($OldBody)."')");
2011-03-28 14:21:28 +00:00
// This gets sent to the browser, which echoes it in place of the old body
echo $Text->full_format($_POST['body']);
?>