diff options
author | Cesar G <prototech91@gmail.com> | 2013-12-06 12:50:16 -0800 |
---|---|---|
committer | Cesar G <prototech91@gmail.com> | 2013-12-06 13:02:11 -0800 |
commit | 3ccc8add10b4a6d915d3edbb3075351301277aab (patch) | |
tree | ac3f37f20ad27e3143046e2242ef680e5154325f /phpBB/includes/acp/acp_reasons.php | |
parent | 823d2b697a9bcec96f4ef841a77bfe900ce530f4 (diff) | |
download | forums-3ccc8add10b4a6d915d3edbb3075351301277aab.tar forums-3ccc8add10b4a6d915d3edbb3075351301277aab.tar.gz forums-3ccc8add10b4a6d915d3edbb3075351301277aab.tar.bz2 forums-3ccc8add10b4a6d915d3edbb3075351301277aab.tar.xz forums-3ccc8add10b4a6d915d3edbb3075351301277aab.zip |
[ticket/12038] Do not rely on stale order value to move items.
This makes it possible to move the items more than once with AJAX.
PHPBB3-12038
Diffstat (limited to 'phpBB/includes/acp/acp_reasons.php')
-rw-r--r-- | phpBB/includes/acp/acp_reasons.php | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php index 26599571d2..26ff5aa0a4 100644 --- a/phpBB/includes/acp/acp_reasons.php +++ b/phpBB/includes/acp/acp_reasons.php @@ -281,7 +281,17 @@ class acp_reasons case 'move_up': case 'move_down': - $order = request_var('order', 0); + $sql = 'SELECT reason_order + FROM ' . REPORTS_REASONS_TABLE . " + WHERE reason_id = $reason_id"; + $result = $db->sql_query($sql); + $order = $db->sql_fetchfield('reason_order'); + + if ($order === false || ($order == 0 && $action == 'move_up')) + { + break; + } + $order = (int) $order; $order_total = $order * 2 + (($action == 'move_up') ? -1 : 1); $sql = 'UPDATE ' . REPORTS_REASONS_TABLE . ' @@ -371,8 +381,8 @@ class acp_reasons 'U_EDIT' => $this->u_action . '&action=edit&id=' . $row['reason_id'], 'U_DELETE' => (!$other_reason) ? $this->u_action . '&action=delete&id=' . $row['reason_id'] : '', - 'U_MOVE_UP' => $this->u_action . '&action=move_up&order=' . $row['reason_order'], - 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&order=' . $row['reason_order']) + 'U_MOVE_UP' => $this->u_action . '&action=move_up&id=' . $row['reason_id'], + 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&id=' . $row['reason_id']) ); } $db->sql_freeresult($result); |