2011-03-28 14:21:28 +00:00
|
|
|
<?
|
|
|
|
|
//TODO: make this use the cache version of the thread, save the db query
|
|
|
|
|
/*********************************************************************\
|
|
|
|
|
//--------------Get Post--------------------------------------------//
|
|
|
|
|
|
2013-02-22 08:00:24 +00:00
|
|
|
This gets the raw BBCode of a post. It's used for editing and
|
|
|
|
|
quoting posts.
|
2011-03-28 14:21:28 +00:00
|
|
|
|
2013-02-22 08:00:24 +00:00
|
|
|
It gets called if $_GET['action'] == 'get_post'. It requires
|
2011-03-28 14:21:28 +00:00
|
|
|
$_GET['post'], which is the ID of the post.
|
|
|
|
|
|
|
|
|
|
\*********************************************************************/
|
|
|
|
|
|
|
|
|
|
// Quick SQL injection check
|
2013-05-04 08:00:48 +00:00
|
|
|
if (!$_GET['post'] || !is_number($_GET['post'])) {
|
2011-03-28 14:21:28 +00:00
|
|
|
error(0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Variables for database input
|
|
|
|
|
$PostID = $_GET['post'];
|
|
|
|
|
|
2013-02-22 08:00:24 +00:00
|
|
|
// Mainly
|
2013-05-04 08:00:48 +00:00
|
|
|
$DB->query("
|
|
|
|
|
SELECT
|
|
|
|
|
p.Body,
|
|
|
|
|
t.ForumID
|
2013-11-17 08:00:47 +00:00
|
|
|
FROM forums_posts AS p
|
|
|
|
|
JOIN forums_topics AS t ON p.TopicID = t.ID
|
2013-05-04 08:00:48 +00:00
|
|
|
WHERE p.ID='$PostID'");
|
2011-05-26 08:00:10 +00:00
|
|
|
list($Body, $ForumID) = $DB->next_record(MYSQLI_NUM);
|
|
|
|
|
|
|
|
|
|
// Is the user allowed to view the post?
|
2013-08-28 23:08:41 +00:00
|
|
|
if (!Forums::check_forumperm($ForumID)) {
|
2011-05-26 08:00:10 +00:00
|
|
|
error(0);
|
|
|
|
|
}
|
2011-03-28 14:21:28 +00:00
|
|
|
|
2013-02-22 08:00:24 +00:00
|
|
|
// This gets sent to the browser, which echoes it wherever
|
2011-03-28 14:21:28 +00:00
|
|
|
|
|
|
|
|
echo trim($Body);
|
|
|
|
|
|
2013-05-04 08:00:48 +00:00
|
|
|
?>
|
