login/post: require user to access

[minimedit.git] / widget / reply.php

diff --git a/widget/reply.php b/widget/reply.php
index 43b773bead82752eef7f727a9afb5708b7645430..9e1c7e33757337ebb4d63858cf833e0f22565d10 100644 (file)
--- a/widget/reply.php
+++ b/widget/reply.php
@@ -7,12 +7,11 @@ $journalcol = [
 ];
 
 if ($_POST) {
+       require_once 'upload.inc.php';
        try {
-               $html = nl2br(htmlspecialchars($_POST['reply']));
-               $html = empty($html) ? NULL : "<p>$html</p>";
                $query = $Db->set('comments', [
                        'page'    => $Page,
-                       'message' => $html,
+                       'message' => messagehtml($_POST['reply']),
                        'author'  => $User->login,
                ]);
                if (!$query->rowCount()) {
@@ -47,6 +46,7 @@ if ($_POST) {
                                                'value'      => $updated->$col,
                                        ]);
                                }
+                               $Issue = $updated;
                        }
                }
                $_POST['reply'] = NULL;
@@ -67,7 +67,7 @@ while ($row = $query->fetch()) {
        printf('<strong>%s</strong> <small class=date>%s</small>',
                $rowuser->html, showdate(preg_split('/\D/', $row->created))
        );
-       printf("<blockquote>%s</blockquote>\n", $row->message);
+       printf("<blockquote>\n%s</blockquote>\n", $row->message);
        if ($changes = json_decode($row->journal)) {
                print '<ul>';
                foreach ($changes as $change) {