[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] news_admin/inc class.uinews.inc.php, 1.31 class.sonew
From: |
skwashd |
Subject: |
[Phpgroupware-cvs] news_admin/inc class.uinews.inc.php, 1.31 class.sonews.inc.php, 1.7 class.bonews.inc.php, 1.7 |
Date: |
Mon, 29 Aug 2005 14:57:00 +0200 |
Update of news_admin/inc
Modified Files:
Branch: MAIN
class.uinews.inc.php lines: +23 -25
class.sonews.inc.php lines: +3 -3
class.bonews.inc.php lines: +4 -4
Log Message:
fix bug #s 11621, 14105, 14107 and some other fixes along the way
====================================================
Index: news_admin/inc/class.uinews.inc.php
diff -u news_admin/inc/class.uinews.inc.php:1.30
news_admin/inc/class.uinews.inc.php:1.31
--- news_admin/inc/class.uinews.inc.php:1.30 Thu Aug 11 12:36:35 2005
+++ news_admin/inc/class.uinews.inc.php Mon Aug 29 12:57:40 2005
@@ -103,7 +103,7 @@
array
(
'cat_id' => (int) $cat['id'],
-
'cat_name' => htmlentities($cat['name']),
+
'cat_name' => htmlspecialchars($cat['name']),
'selected' => ($this->bo->cat_id == $cat['id']
? 'selected="selected"'
: '')
@@ -176,11 +176,11 @@
$newsitem = &$news[$news_id];
//echo '<pre>' . print_r($newsitem, True) .
'</pre>';
$var = array(
- 'subject' => $newsitem['subject'],
+ 'subject' =>
htmlspecialchars($newsitem['subject']),
'submission' => lang('submitted by
%1 on %2',
$GLOBALS['phpgw']->accounts->id2name($newsitem['submittedby']),
$GLOBALS['phpgw']->common->show_date($newsitem['date']) ),
- 'content' =>
($newsitem['is_html'] ? $newsitem['content'] : nl2br($newsitem['content'])),
+ 'content' =>
($newsitem['is_html'] ? htmlspecialchars($newsitem['content']) :
nl2br(htmlspecialchars($newsitem['content']))),
);
$this->template->set_var($var);
@@ -191,11 +191,11 @@
foreach($news as $newsitem)
{
$var = array(
- 'subject' =>
$newsitem['subject'],
+ 'subject' =>
htmlspecialchars($newsitem['subject']),
'submission' =>
lang('submitted by %1 on %2',
$GLOBALS['phpgw']->accounts->id2name($newsitem['submittedby']),
$GLOBALS['phpgw']->common->show_date($newsitem['date']) ),
- 'summary' =>
$newsitem['teaser'],
+ 'summary' =>
htmlspecialchars($newsitem['teaser']),
'lang_read' => lang('read
full story'),
'href_read' =>
$GLOBALS['phpgw']->link('/index.php',
array
@@ -281,7 +281,7 @@
foreach($newslist as $newsitem)
{
$portalbox->data[] = array(
- 'text' => $newsitem['subject']
. ' - ' . lang('Submitted by') . ' ' .
$GLOBALS['phpgw']->accounts->id2name($newsitem['submittedby']) . ' ' .
lang('on') . ' ' . $GLOBALS['phpgw']->common->show_date($newsitem['date']),
+ 'text' =>
htmlspecialchars($newsitem['subject']) . ' - ' . lang('Submitted by') . ' ' .
$GLOBALS['phpgw']->accounts->id2name($newsitem['submittedby']) . ' ' .
lang('on') . ' ' . $GLOBALS['phpgw']->common->show_date($newsitem['date']),
'link' =>
$GLOBALS['phpgw']->link('/index.php',
array('menuaction' => 'news_admin.uinews.show_news',
'news_id' => $newsitem['id'],
@@ -596,7 +596,7 @@
'lang_subject'
=> lang('subject'),
'lang_title'
=> lang('title'),
'messages'
=> $msgs,
- 'nl_content'
=> htmlentities($content),
+ 'nl_content'
=> htmlspecialchars($content),
)
);
@@ -634,6 +634,12 @@
$var['lang_write'] = lang('Write');
$var['readable'] = $this->_selectlist('read');
$var['cat_name'] = $this->cat_id ?
$this->bo->catbo->id2name($this->cat_id) : lang('Global news');
+ $var['cat_url'] = $GLOBALS['phpgw']->link('/index.php',
+ array
+ (
+ 'menuaction' =>
'news_admin.uinews.write_news',
+ 'start' => 0
+ ) );
$this->template->set_var($var);
$this->template->parse('_category','category');
@@ -667,14 +673,14 @@
$this->template->set_var('row_date',$GLOBALS['phpgw']->common->show_date($item['date']));
if (strlen($item['news_subject']) > 40)
{
- $subject =
$GLOBALS['phpgw']->strip_html(substr($item['subject'],40,strlen($item['subject'])));
+ $subject =
substr($item['subject'],40,strlen($item['subject'])) . ' ...';
}
else
{
- $subject =
$GLOBALS['phpgw']->strip_html($item['subject']);
+ $subject = $item['subject'];
}
-
$this->template->set_var('row_subject',$subject);
-
$this->template->set_var('row_status',$this->bo->get_visibility($item));
+ $this->template->set_var('row_subject',
htmlspecialchars($subject) );
+ $this->template->set_var('row_status',
$this->bo->get_visibility($item));
$this->template->set_var('row_view','<a href="'
.
$GLOBALS['phpgw']->link('/index.php','menuaction=news_admin.uinews.read_news&news_id='
. $item['id']) . '">' . lang('view') . '</a>');
$this->template->set_var('row_edit','<a href="'
.
$GLOBALS['phpgw']->link('/index.php','menuaction=news_admin.uinews.edit&news_id='
. $item['id']) . '">' . lang('edit') . '</a>');
@@ -854,10 +860,10 @@
'value_id'
=> $this->news_id,
'lang_cancel'
=> lang('cancel'),
'label_subject'
=> lang('subject'),
- 'value_subject'
=> htmlentities($this->news_data['subject']),
+ 'value_subject'
=> htmlspecialchars($this->news_data['subject']),
'label_teaser'
=> lang('summary'),
- 'value_teaser'
=> htmlentities($this->news_data['teaser']),
- 'value_content'
=> htmlentities($this->news_data['content']),
+ 'value_teaser'
=> htmlspecialchars($this->news_data['teaser']),
+ 'value_content'
=> htmlspecialchars($this->news_data['content']),
'label_category'=> lang('category'),
'value_category'=> $this->_selectlist('write',
intval($this->news_data['category'])),
'label_visible'
=> lang('visible'),
@@ -874,8 +880,6 @@
//with $default, we are called from the news form
function _selectlist($type, $default=false)
{
- $link_data['menuaction'] = ($type == 'read') ?
'news_admin.uinews.read_news' : 'news_admin.uinews.write_news';
- $link_data['start'] = 0;
$right = ($type == 'read') ? PHPGW_ACL_READ :
PHPGW_ACL_ADD;
$selectlist = ($default === false) ? ('<option>' .
lang($type . ' news') . '</option>') : '';
$cats = is_array($this->bo->cats) ? $this->bo->cats :
array();
@@ -883,20 +887,14 @@
{
if($this->bo->acl->is_permitted($cat['id'],$right))
{
- $cat_id = (int) $cat['id'];
- $link_data['cat_id'] = $cat_id;
- $selectlist .= '<option value="';
- $selectlist .= $default !== False ?
$cat_id : $GLOBALS['phpgw']->link('/index.php',$link_data);
- $selectlist .= '"';
+ $selectlist .= "<option
value=\"{$cat['id']}\"";
$selectlist .= ($default === $cat_id) ?
' selected="selected"' : '';
$selectlist .= '>' . $cat['name'] .
'</option>' . "\n";
}
}
if (!$default)
{
- $link_data['cat_id'] = 'all';
- $selectlist .= '<option
style="font-weight:bold" value="' .
$GLOBALS['phpgw']->link('/index.php',$link_data)
- . '">' . lang('All news') . '</option>'
. "\n";
+ $selectlist .= '<option
style="font-weight:bold" value="all">' . lang('All news') . '</option>' . "\n";
}
return $selectlist;
}
====================================================
Index: news_admin/inc/class.sonews.inc.php
diff -u news_admin/inc/class.sonews.inc.php:1.6
news_admin/inc/class.sonews.inc.php:1.7
--- news_admin/inc/class.sonews.inc.php:1.6 Thu Aug 4 03:54:31 2005
+++ news_admin/inc/class.sonews.inc.php Mon Aug 29 12:57:40 2005
@@ -61,13 +61,13 @@
while ($this->db->next_record())
{
$news[$this->db->f('news_id')] = array(
- 'subject' =>
htmlentities($this->db->f('news_subject', True)),
+ 'subject' =>
$this->db->f('news_subject', True),
'submittedby' =>
$this->db->f('news_submittedby'),
'date' =>
$this->db->f('news_date'),
'id' =>
$this->db->f('news_id'),
'begin' =>
$this->db->f('news_begin'),
'end' =>
$this->db->f('news_end'),
- 'teaser' =>
htmlentities($this->db->f('news_teaser', True)),
+ 'teaser' =>
$this->db->f('news_teaser', True),
'content' =>
$this->db->f('news_content',True),
'is_html' =>
($this->db->f('is_html') ? True : False),
);
====================================================
Index: news_admin/inc/class.bonews.inc.php
diff -u news_admin/inc/class.bonews.inc.php:1.6
news_admin/inc/class.bonews.inc.php:1.7
--- news_admin/inc/class.bonews.inc.php:1.6 Thu Aug 4 03:54:31 2005
+++ news_admin/inc/class.bonews.inc.php Mon Aug 29 12:57:40 2005
@@ -105,7 +105,7 @@
$news = $this->sonews->get_newslist($cats,
$start,$order,$sort,$limit,$activeonly,$this->total);
foreach($news as $id => $item)
{
- $news[$id]['content'] =
($item['is_html'] ? $item['content'] : nl2br(htmlentities($item['content'])));
+ $news[$id]['content'] =
$item['content'];
}
return $news;
}
@@ -120,7 +120,7 @@
$news = $this->sonews->get_all_public_news($limit);
foreach($news as $id => $item)
{
- $news[$id]['content'] = ($item['is_html'] ?
$item['content'] : nl2br(htmlentities($item['content'])));
+ $news[$id]['content'] = $item['content'];
}
return $news;
}
@@ -213,7 +213,7 @@
if ($this->acl->is_readable($news['category']))
{
$this->total = 1;
- $news['content'] = ($news['is_html'] ?
$news['content']: htmlentities($news['content']));
+ $news['content'] = $news['content'];
//echo '<br />BO2:<br />'; print_r($news); echo
'</pre>';
return $news;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] news_admin/inc class.uinews.inc.php, 1.31 class.sonews.inc.php, 1.7 class.bonews.inc.php, 1.7,
skwashd <=