mirror of
https://github.com/WhatCD/Gazelle.git
synced 2025-01-22 14:11:36 +00:00
65 lines
1.7 KiB
PHP
65 lines
1.7 KiB
PHP
<?
|
|
authorize();
|
|
|
|
include(SERVER_ROOT.'/classes/text.class.php'); // Text formatting class
|
|
$Text = new TEXT;
|
|
|
|
// Quick SQL injection check
|
|
if (!$_POST['post'] || !is_number($_POST['post'])) {
|
|
error(404);
|
|
}
|
|
// End injection check
|
|
|
|
// Variables for database input
|
|
$UserID = $LoggedUser['ID'];
|
|
$Body = db_string(urldecode($_POST['body']));
|
|
$PostID = $_POST['post'];
|
|
|
|
// Mainly
|
|
$DB->query("
|
|
SELECT
|
|
cc.Body,
|
|
cc.UserID,
|
|
cc.CollageID,
|
|
(
|
|
SELECT COUNT(ID)
|
|
FROM collages_comments
|
|
WHERE ID <= $PostID
|
|
AND collages_comments.CollageID = cc.CollageID
|
|
)
|
|
FROM collages_comments AS cc
|
|
WHERE cc.ID='$PostID'");
|
|
list($OldBody, $AuthorID, $CollageID, $PostNum) = $DB->next_record();
|
|
|
|
// Make sure they aren't trying to edit posts they shouldn't
|
|
// We use die() here instead of error() because whatever we spit out is displayed to the user in the box where his forum post is
|
|
if ($UserID != $AuthorID && !check_perms('site_moderate_forums')) {
|
|
die('Permission denied');
|
|
}
|
|
if (!$DB->has_results()) {
|
|
die('Post not found!');
|
|
}
|
|
|
|
// Perform the update
|
|
$DB->query("
|
|
UPDATE collages_comments
|
|
SET
|
|
Body = '$Body'
|
|
WHERE ID='$PostID'");
|
|
|
|
$Cache->delete_value('collage_'.$CollageID);
|
|
|
|
|
|
$PageNum = ceil($PostNum / TORRENT_COMMENTS_PER_PAGE);
|
|
$CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE * $PageNum - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
|
|
$Cache->delete_value('collage_comments_'.$CollageID.'_catalogue_'.$CatalogueID);
|
|
|
|
$DB->query("
|
|
INSERT INTO comments_edits (Page, PostID, EditUser, EditTime, Body)
|
|
VALUES ('collages', $PostID, $UserID, '".sqltime()."', '".db_string($OldBody)."')");
|
|
|
|
// This gets sent to the browser, which echoes it in place of the old body
|
|
echo $Text->full_format($_POST['body']);
|
|
|
|
?>
|