Changeset 3299 for sandbox/blog/comment/delete/item.php

Timestamp:

05/21/07 01:56:13 (20 months ago)

Author:

inureyes

Message:

#408

• 팀블로그 소스 이식
  
• 차칸아이님 소스 기반으로 태터툴즈 코드 일관성 유지를 위하여 전체적으로 수정하였음.
  
  • 아직 멀었다.
    

Files:

• sandbox/blog/comment/delete/item.php (modified) (2 diffs)

sandbox/blog/comment/delete/item.php

@@ -16 +16 @@
 );
 require ROOT . '/lib/includeForBlog.php';
+list($replier)=getCommentAttributes($owner,$suri['id'],'replier');
+$ch_res = mysql_fetch_array(mysql_query("SELECT Posting FROM `{$database['prefix']}Teamblog` WHERE teams='$owner' and userid='$_SESSION[admin]'"));
+if(empty($ch_res['Posting']) && $owner != $_SESSION['admin']){
+    if(!empty($replier)){
+        if($owner != $_SESSION['admin']){
+            if($replier != $_SESSION['admin']){
+                echo _t('<script> alert("권한이 없습니다."); window.close(); </script>');
+                exit;   
+            }
+        }
+    }
+    else{
+        if($owner != $_SESSION['admin'] && !empty($_SESSION['admin'])){
+            echo _t('<script> alert("권한이 없습니다."); window.close(); </script>');
+            exit;   
+        }
+    }
+}
 if (false) {
     fetchConfigVal();
@@ -52 +70 @@
         try {
             obj = opener.document.getElementById("commentCount<?php echo $entryId;?>");
-            if (obj != null) obj.innerHTML = "<?php echo str_replace('"', '\"', $commentView);?>";
+            if (obj != null) obj.innerHTML = "<?php echo str_innerHTML($commentView);?>";
         } catch(e) { }      
         try {
             obj = opener.document.getElementById("commentCountOnRecentEntries<?php echo $entryId;?>");
-            if (obj != null) obj.innerHTML = "<?php echo ($commentCount > 0) ? '(' . $commentCount . ')' : '';?>";
+            if (obj != null) obj.innerHTML = "<?php echo str_innerHTML(($commentCount > 0) ? '(' . $commentCount . ')' : '');?>";
         } catch(e) { }      
         window.close();