Gazelle/sections/collages/takeedit_comment.php

<?
authorize();

include(SERVER_ROOT.'/classes/text.class.php'); // Text formatting class
$Text = new TEXT;

// Quick SQL injection check
if (!$_POST['post'] || !is_number($_POST['post'])) {
	error(404);
}
// End injection check

// Variables for database input
$UserID = $LoggedUser['ID'];
$Body = db_string(urldecode($_POST['body']));
$PostID = $_POST['post'];

// Mainly
$DB->query("
	SELECT
		cc.Body,
		cc.UserID,
		cc.CollageID,
		(
			SELECT COUNT(ID)
			FROM collages_comments
			WHERE ID <= $PostID
				AND collages_comments.CollageID = cc.CollageID
		)
	FROM collages_comments AS cc
	WHERE cc.ID='$PostID'");
list($OldBody, $AuthorID, $CollageID, $PostNum) = $DB->next_record();

// Make sure they aren't trying to edit posts they shouldn't
// We use die() here instead of error() because whatever we spit out is displayed to the user in the box where his forum post is
if ($UserID != $AuthorID && !check_perms('site_moderate_forums')) {
	die('Permission denied');
}
if ($DB->record_count() == 0) {
	die('Post not found!');
}

// Perform the update
$DB->query("
	UPDATE collages_comments
	SET
		Body = '$Body'
		WHERE ID='$PostID'");

$Cache->delete_value('collage_'.$CollageID);


$PageNum = ceil($PostNum / TORRENT_COMMENTS_PER_PAGE);
$CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE * $PageNum - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
$Cache->delete_value('collage_comments_'.$CollageID.'_catalogue_'.$CatalogueID);

$DB->query("
	INSERT INTO comments_edits (Page, PostID, EditUser, EditTime, Body)
	VALUES ('collages', $PostID, $UserID, '".sqltime()."', '".db_string($OldBody)."')");

// This gets sent to the browser, which echoes it in place of the old body
echo $Text->full_format($_POST['body']);

?>