<?php authorize(); if (!isset($_POST['postid']) || !is_number($_POST['postid']) || !isset($_POST['body']) || trim($_POST['body']) === '') { error(0); } if ($LoggedUser['DisablePosting']) { error('Your posting privileges have been removed.'); } $SendPM = isset($_POST['pm']) && $_POST['pm']; Comments::edit((int) $_POST['postid'], $_POST['body'], $SendPM); // This gets sent to the browser, which echoes it in place of the old body echo Text::full_format($_POST['body']);
/* * Comment component */ Route::get('comments/paginate/{foreignType}/{foreignId}', function ($foreignType, $foreignId) { return Comments::paginate($foreignType, $foreignId)->setPath(Request::url()); }); Route::post('comments/store', ['as' => 'comments.store', 'middleware' => 'csrf', 'uses' => function () { $foreignType = Input::get('foreigntype'); $foreignId = Input::get('foreignid'); return Comments::store($foreignType, $foreignId); }]); Route::get('comments/{id}', function ($id) { return Comments::get($id); }); Route::get('comments/{id}/edit', ['as' => 'comments.edit', 'uses' => function ($id) { return Comments::edit($id); }]); Route::put('comments/{id}/update', ['as' => 'comments.update', 'middleware' => 'csrf', 'uses' => function ($id) { return Comments::update($id); }]); Route::delete('comments/{id}/delete', ['as' => 'comments.delete', 'middleware' => 'csrf', 'uses' => function ($id) { return Comments::delete($id); }]); /* * Ratings */ Route::post('ratings/store', ['as' => 'ratings.store', 'middleware' => 'csrf', 'uses' => function () { $foreignType = Input::get('foreigntype'); $foreignId = Input::get('foreignid'); return Ratings::store($foreignType, $foreignId); }]);
$PrivateMessage = $_POST['privatemessage']; $Body = $_POST['body']; $Length = $_POST['length']; $PostID = (int) $_POST['postid']; $DB->query("\n\tSELECT AuthorID\n\tFROM comments\n\tWHERE ID = {$PostID}"); if (!$DB->has_results()) { error(404); } list($AuthorID) = $DB->next_record(); $UserInfo = Users::user_info($AuthorID); if ($UserInfo['Class'] > $LoggedUser['Class']) { error(403); } $URL = site_url() . Comments::get_url_query($PostID); if ($Length !== 'verbal') { $Time = (int) $Length * (7 * 24 * 60 * 60); Tools::warn_user($AuthorID, $Time, "{$URL} - {$Reason}"); $Subject = 'You have received a warning'; $PrivateMessage = "You have received a {$Length} week warning for [url={$URL}]this comment[/url].\n\n[quote]{$PrivateMessage}[/quote]"; $WarnTime = time_plus($Time); $AdminComment = date('Y-m-d') . " - Warned until {$WarnTime} by " . $LoggedUser['Username'] . "\nReason: {$URL} - {$Reason}\n\n"; } else { $Subject = 'You have received a verbal warning'; $PrivateMessage = "You have received a verbal warning for [url={$URL}]this comment[/url].\n\n[quote]{$PrivateMessage}[/quote]"; $AdminComment = date('Y-m-d') . ' - Verbally warned by ' . $LoggedUser['Username'] . " for {$URL}\nReason: {$Reason}\n\n"; Tools::update_user_notes($AuthorID, $AdminComment); } $DB->query("\n\tINSERT INTO users_warnings_forums\n\t\t(UserID, Comment)\n\tVALUES\n\t\t('{$AuthorID}', '" . db_string($AdminComment) . "')\n\tON DUPLICATE KEY UPDATE\n\t\tComment = CONCAT('" . db_string($AdminComment) . "', Comment)"); Misc::send_pm($AuthorID, $LoggedUser['ID'], $Subject, $PrivateMessage); Comments::edit($PostID, $Body); header("Location: {$URL}");