if ($_POST) {
try {
$newcomment = createcomment($_POST, $Issue);
- $target = "/{$Page->link}/$newcomment#$newcomment";
+ $target = "/{$Page->link}?last=$newcomment#$newcomment";
abort($target, ($Page->api ? 200 : 303) . ' reply success');
$_POST['reply'] = NULL;
}
if ($Page->api) {
abort(ucfirst($e->getMessage()), '500 reply error');
}
- print "<p class=warn>Antwoord niet opgeslagen: {$e->getMessage()}.</p>\n\n";
+ printf("<p class=warn>Antwoord niet opgeslagen: %s.</p>\n\n",
+ nl2br(htmlspecialchars($e->getMessage()))
+ );
}
}
-$cols = '*, (SELECT json_agg(journal.*) FROM journal WHERE comment_id = comments.id) AS journal';
+$cols = "*, (SELECT json_agg(journal.*) FROM journal WHERE comment_id = comments.id AND property = 'attr') AS journal";
$query = $Db->query("SELECT $cols FROM comments WHERE page = ? ORDER BY created", [$Page->link]);
if ($row = $query->fetch()) {
print '<li>';
print '<form method="post" action="" enctype="multipart/form-data">';
if (isset($Issue) and $User->admin("edit {$Page->link}")) {
+ print "<aside>\n";
+ print '<p>';
+ printf(
+ '<label for="%s">%s:</label> '
+ . '<input id="%1$s" name="%1$s" value="%s" />'."\n",
+ 'subject',
+ $journalcol['subject'],
+ htmlspecialchars($Issue->subject ?? '')
+ );
+ print "</p>\n";
+
print '<p>';
printf(
'<label for="%s">%s:</label> '
'Gesloten'
);
print "</p>\n";
+ print "</aside>\n";
}
{
print '<p>';