summaryrefslogtreecommitdiff
path: root/lib/blog/edcom.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/blog/edcom.php')
-rw-r--r--lib/blog/edcom.php35
1 files changed, 35 insertions, 0 deletions
diff --git a/lib/blog/edcom.php b/lib/blog/edcom.php
new file mode 100644
index 0000000..2b96ff9
--- /dev/null
+++ b/lib/blog/edcom.php
@@ -0,0 +1,35 @@
+<?php
+
+require("lib/markdown.php");
+
+assert_redir(count($args) == 3, 'blog');
+$comid = intval($args[2]);
+
+$com = mysql_fetch_assoc(sql(
+ "SELECT blog_comments.owner AS owner, blog_comments.text AS text, blog_comments.post AS post ".
+ "FROM blog_comments WHERE id = $comid"
+ ));
+assert_error($com && $com['owner'] == $user['id'],
+ "This comment does not exist, or you are not allowed to edit it.");
+
+$com_text = $com['text'];
+if (isset($_POST['text'])) {
+ $com_text = esca($_POST['text']);
+ $com_text_html = Markdown($com_text);
+ if (trim($com_text) == "") {
+ $error = "You cannot enter an empty comment. If you want your comment to be deleted, please edit your comment so that it says so, and an administrator will delete it.";
+ } else {
+ sql("UPDATE blog_comments SET text = '" . escs($com_text) . "', text_html = '" . escs($com_text_html) . "' ".
+ "WHERE id = $comid");;
+ header("Location: view-blog-" . $com['post']);
+ die();
+ }
+}
+
+$title = "Edit comment";
+$fields = array(
+ array("label" => "Comment : ", "name" => "text", "value" => $com_text, "type" => "textarea"),
+ );
+$validate = "Edit comment";
+
+require("tpl/general/form.php");