Gazelle/sections/artist/takeedit.php

<?
/*********************************************************************\
The page that handles the backend of the 'edit artist' function.
\*********************************************************************/

authorize();

if (!$_REQUEST['artistid'] || !is_number($_REQUEST['artistid'])) {
	error(404);
}

if (!check_perms('site_edit_wiki')) {
	error(403);
}

// Variables for database input
$UserID = $LoggedUser['ID'];
$ArtistID = $_REQUEST['artistid'];
if (check_perms('artist_edit_vanityhouse')) {
	$VanityHouse = isset($_POST['vanity_house']) ? 1 : 0 ;
}


if ($_GET['action'] === 'revert') { // if we're reverting to a previous revision
	authorize();
	$RevisionID = $_GET['revisionid'];
	if (!is_number($RevisionID)) {
		error(0);
	}
} else { // with edit, the variables are passed with POST
	$Body = db_string($_POST['body']);
	$Summary = db_string($_POST['summary']);
	$Image = db_string($_POST['image']);
	ImageTools::blacklisted($Image);
	// Trickery
	if (!preg_match("/^".IMAGE_REGEX."$/i", $Image)) {
		$Image = '';
	}
}

// Insert revision
if (!$RevisionID) { // edit
	$DB->query("
		INSERT INTO wiki_artists
			(PageID, Body, Image, UserID, Summary, Time)
		VALUES
			('$ArtistID', '$Body', '$Image', '$UserID', '$Summary', '".sqltime()."')");
} else { // revert
	$DB->query("
		INSERT INTO wiki_artists (PageID, Body, Image, UserID, Summary, Time)
		SELECT '$ArtistID', Body, Image, '$UserID', 'Reverted to revision $RevisionID', '".sqltime()."'
		FROM wiki_artists
		WHERE RevisionID = '$RevisionID'");
}

$RevisionID = $DB->inserted_id();

// Update artists table (technically, we don't need the RevisionID column, but we can use it for a join which is nice and fast)
$DB->query("
	UPDATE artists_group
	SET
		". (isset($VanityHouse) ? "VanityHouse = '$VanityHouse'," : '') ."
		RevisionID = '$RevisionID'
	WHERE ArtistID = '$ArtistID'");

// There we go, all done!
$Cache->delete_value("artist_$ArtistID"); // Delete artist cache
header("Location: artist.php?id=$ArtistID");
?>