[ticket/12038] Do not rely on stale order value to move items.

This makes it possible to move the items more than once with AJAX. PHPBB3-12038
author: Cesar G <prototech91@gmail.com> 2013-12-06 12:50:16 -0800
committer: Cesar G <prototech91@gmail.com> 2013-12-06 13:02:11 -0800
commit: 3ccc8add10b4a6d915d3edbb3075351301277aab (patch)
tree: ac3f37f20ad27e3143046e2242ef680e5154325f /phpBB/includes/acp/acp_reasons.php
parent: 823d2b697a9bcec96f4ef841a77bfe900ce530f4 (diff)
download: forums-3ccc8add10b4a6d915d3edbb3075351301277aab.tar
forums-3ccc8add10b4a6d915d3edbb3075351301277aab.tar.gz
forums-3ccc8add10b4a6d915d3edbb3075351301277aab.tar.bz2
forums-3ccc8add10b4a6d915d3edbb3075351301277aab.tar.xz
forums-3ccc8add10b4a6d915d3edbb3075351301277aab.zip
1 files changed, 13 insertions, 3 deletions
diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php
index 26599571d2..26ff5aa0a4 100644
--- a/phpBB/includes/acp/acp_reasons.php
+++ b/phpBB/includes/acp/acp_reasons.php
@@ -281,7 +281,17 @@ class acp_reasons
 			case 'move_up':
 			case 'move_down':
 
-				$order = request_var('order', 0);
+				$sql = 'SELECT reason_order
+					FROM ' . REPORTS_REASONS_TABLE . "
+					WHERE reason_id = $reason_id";
+				$result = $db->sql_query($sql);
+				$order = $db->sql_fetchfield('reason_order');
+
+				if ($order === false || ($order == 0 && $action == 'move_up'))
+				{
+					break;
+				}
+				$order = (int) $order;
 				$order_total = $order * 2 + (($action == 'move_up') ? -1 : 1);
 
 				$sql = 'UPDATE ' . REPORTS_REASONS_TABLE . '
@@ -371,8 +381,8 @@ class acp_reasons
 
 				'U_EDIT'		=> $this->u_action . '&amp;action=edit&amp;id=' . $row['reason_id'],
 				'U_DELETE'		=> (!$other_reason) ? $this->u_action . '&amp;action=delete&amp;id=' . $row['reason_id'] : '',
-				'U_MOVE_UP'		=> $this->u_action . '&amp;action=move_up&amp;order=' . $row['reason_order'],
-				'U_MOVE_DOWN'	=> $this->u_action . '&amp;action=move_down&amp;order=' . $row['reason_order'])
+				'U_MOVE_UP'		=> $this->u_action . '&amp;action=move_up&amp;id=' . $row['reason_id'],
+				'U_MOVE_DOWN'	=> $this->u_action . '&amp;action=move_down&amp;id=' . $row['reason_id'])
 			);
 		}
 		$db->sql_freeresult($result);
author	Cesar G <prototech91@gmail.com>	2013-12-06 12:50:16 -0800
committer	Cesar G <prototech91@gmail.com>	2013-12-06 13:02:11 -0800
commit	3ccc8add10b4a6d915d3edbb3075351301277aab (patch)
tree	ac3f37f20ad27e3143046e2242ef680e5154325f /phpBB/includes/acp/acp_reasons.php
parent	823d2b697a9bcec96f4ef841a77bfe900ce530f4 (diff)
download	forums-3ccc8add10b4a6d915d3edbb3075351301277aab.tar forums-3ccc8add10b4a6d915d3edbb3075351301277aab.tar.gz forums-3ccc8add10b4a6d915d3edbb3075351301277aab.tar.bz2 forums-3ccc8add10b4a6d915d3edbb3075351301277aab.tar.xz forums-3ccc8add10b4a6d915d3edbb3075351301277aab.zip