} $post = null; $comment = null; if (isset($_GET['id'])) { $comment = $db->selectObject('weblog_comment', 'id=' . $_GET['id']); $post = $db->selectObject('weblog_post', 'id=' . $comment->parent_id); } else { if (isset($_GET['parent_id'])) { $post = $db->selectObject('weblog_post', 'id=' . $_GET['parent_id']); } } if ($post && $post->is_draft == 0) { $loc = unserialize($post->location_data); $iloc = pathos_core_makeLocation($loc->mod, $loc->src, $post->id); if (!$comment && pathos_permissions_check('comment', $loc) || !$comment && pathos_permissions_check('comment', $iloc) || $comment && pathos_permissions_check('edit_comments', $loc) || $comment && pathos_permissions_check('edit_comments', $iloc)) { $form = weblog_comment::form($comment); $form->location($loc); $form->meta('action', 'comment_save'); if (isset($_GET['parent_id'])) { $form->meta('parent_id', $_GET['parent_id']); } $template = new template('weblogmodule', '_form_commentEdit', $loc); $template->assign('form_html', $form->toHTML()); $template->assign('is_edit', isset($_GET['id'])); $template->output(); } else { echo SITE_403_HTML; } } else { echo SITE_404_HTML; }
$post = $db->selectObject('weblog_post', 'id=' . $_POST['parent_id']); } else { if (isset($_POST['id'])) { $comment = $db->selectObject('weblog_comment', 'id=' . $_POST['id']); $post = $db->selectObject('weblog_post', 'id=' . $comment->parent_id); } } if ($post && $post->is_draft == 0) { $loc = unserialize($post->location_data); $iloc = pathos_core_makeLocation($loc->mod, $loc->src, $post->id); if (!$comment && pathos_permissions_check('comment', $loc) || !$comment && pathos_permissions_check('comment', $iloc) || $comment && pathos_permissions_check('edit_comments', $loc) || $comment && pathos_permissions_check('edit_comments', $iloc)) { $comment = null; if (isset($_POST['id'])) { $comment = $db->selectObject('weblog_comment', 'id=' . $_POST['id']); } $comment = weblog_comment::update($_POST, $comment); if (isset($comment->id)) { $comment->editor = $user->id; $comment->edited = time(); $db->updateObject($comment, 'weblog_comment'); } else { $comment->posted = time(); $comment->poster = $user->id; $comment->parent_id = $_POST['parent_id']; $db->insertObject($comment, 'weblog_comment'); } pathos_flow_redirect(); } else { echo SITE_403_HTML; } } else {