From 66ae8fee37a31c60364de1527747ecfce1eab287 Mon Sep 17 00:00:00 2001
From: e107steved <steved@e107.org>
Date: Sun, 15 Jun 2008 20:20:28 +0000
Subject: [PATCH] Bugtracker #4304 - apostrophes got corrupted when uploading
 image

---
 e107_admin/newspost.php | 133 ++++++++++++++++++++++++----------------
 1 file changed, 79 insertions(+), 54 deletions(-)

diff --git a/e107_admin/newspost.php b/e107_admin/newspost.php
index c8f587d9c..0d0b98ee8 100644
--- a/e107_admin/newspost.php
+++ b/e107_admin/newspost.php
@@ -11,8 +11,8 @@
 |        GNU General Public License (http://gnu.org).
 |
 |   $Source: /cvs_backup/e107_0.8/e107_admin/newspost.php,v $
-|   $Revision: 1.14 $
-|   $Date: 2008-05-31 17:55:22 $
+|   $Revision: 1.15 $
+|   $Date: 2008-06-15 20:20:14 $
 |   $Author: e107steved $
 +---------------------------------------------------------------+
 
@@ -75,16 +75,17 @@ $amount = 10;
 
 if(isset($_POST['news_userclass']))
 {
-	$_POST['news_class'] = implode(",", array_keys($_POST['news_userclass']));
+  $_POST['news_class'] = implode(",", array_keys($_POST['news_userclass']));
 }
 
 
 if(isset($_POST['delete']))
 {
-	$tmp = array_keys($_POST['delete']);
-	list($delete, $del_id) = explode("_", $tmp[0]);
+  $tmp = array_keys($_POST['delete']);
+  list($delete, $del_id) = explode("_", $tmp[0]);
 }
 
+
 if ($delete == "main" && $del_id)
 {
 	if ($sql->db_Count('news','(*)',"WHERE news_id = '{$del_id}'"))
@@ -103,6 +104,7 @@ if ($delete == "main" && $del_id)
 	unset($delete, $del);
 }
 
+
 if ($delete == "category" && $del_id) {
 	if ($sql->db_Delete("news_category", "category_id='$del_id' ")) {
 		$newspost->show_message(NWSLAN_33." #".$del_id." ".NWSLAN_32);
@@ -110,6 +112,7 @@ if ($delete == "category" && $del_id) {
 	}
 }
 
+
 if($delete == "sn" && $del_id)
 {
 	if ($sql->db_Delete("submitnews", "submitnews_id='$del_id' "))
@@ -122,7 +125,9 @@ if($delete == "sn" && $del_id)
 	}
 }
 
-if (isset($_POST['submitupload'])) {
+
+if (isset($_POST['submitupload'])) 
+{
 	$pref['upload_storagetype'] = "1";
 	require_once(e_HANDLER."upload_handler.php");
 
@@ -144,15 +149,18 @@ if (isset($_POST['submitupload'])) {
 	}
 }
 
+
 // required.
-if (isset($_POST['preview'])) {
+if (isset($_POST['preview'])) 
+{
 	$_POST['news_title'] = $tp->toDB($_POST['news_title']);
 	$_POST['news_summary'] = $tp->toDB($_POST['news_summary']);
 	$newspost->preview_item($id);
 }
 
-if (isset($_POST['submit_news'])) {
 
+if (isset($_POST['submit_news'])) 
+{
 	$newspost->submit_item($sub_action, $id);
 	$e107cache->clear("news.php");
 	$e107cache->clear("othernews");
@@ -191,9 +199,9 @@ if (isset($_POST['update_category'])) {
 	$e107cache->clear("othernews2");
 }
 
-if (isset($_POST['save_prefs'])) {
+if (isset($_POST['save_prefs'])) 
+{
 	$pref['newsposts'] = $_POST['newsposts'];
-
    	$pref['newsposts_archive'] 		= $_POST['newsposts_archive'];
 	$pref['newsposts_archive_title'] = $tp->toDB($_POST['newsposts_archive_title']);
 	$pref['news_cats'] 				= $_POST['news_cats'];
@@ -220,48 +228,59 @@ if (!e_QUERY || $action == "main")
   $newspost->show_existing_items($action, $sub_action, $sort_order, $from, $amount);
 }
 
-if ($action == "create") {
-	$preset = $pst->read_preset("admin_newspost");  //only works here because $_POST is used.
+if ($action == "create") 
+{
+  $preset = $pst->read_preset("admin_newspost");  //only works here because $_POST is used.
 
-	if ($sub_action == "edit" && !$_POST['preview'] && !$_POST['submit_news']) {
-		if ($sql->db_Select("news", "*", "news_id='$id' "))
-		{
-			$row = $sql->db_Fetch();
-			extract($row);
-			$_POST['news_title'] = $news_title;
-			$_POST['data'] = $news_body;
-			$_POST['news_author'] = $row['news_author'];
-			$_POST['news_extended'] = $news_extended;
-			$_POST['news_allow_comments'] = $news_allow_comments;
-			$_POST['news_class'] = $news_class;
-			$_POST['news_summary'] = $news_summary;
-			$_POST['news_sticky'] = $news_sticky;
-			$_POST['news_datestamp'] = ($_POST['news_datestamp']) ? $_POST['news_datestamp'] : $news_datestamp;
+  if ($sub_action == "edit" && !$_POST['preview'] && !$_POST['submit_news']) 
+  {
+	if ($sql->db_Select("news", "*", "news_id='$id' "))
+	{
+		$row = $sql->db_Fetch();
+		extract($row);
+		$_POST['news_title'] = $news_title;
+		$_POST['data'] = $news_body;
+		$_POST['news_author'] = $row['news_author'];
+		$_POST['news_extended'] = $news_extended;
+		$_POST['news_allow_comments'] = $news_allow_comments;
+		$_POST['news_class'] = $news_class;
+		$_POST['news_summary'] = $news_summary;
+		$_POST['news_sticky'] = $news_sticky;
+		$_POST['news_datestamp'] = ($_POST['news_datestamp']) ? $_POST['news_datestamp'] : $news_datestamp;
 
-			$_POST['cat_id'] = $news_category;
-			$_POST['news_start'] = $news_start;
-			$_POST['news_end'] = $news_end;
-			$_POST['comment_total'] = $sql->db_Count("comments", "(*)", " WHERE comment_item_id='$news_id' AND comment_type='0' ");
-			$_POST['news_rendertype'] = $news_render_type;
-			$_POST['news_thumbnail'] = $news_thumbnail;
-
-		}
+		$_POST['cat_id'] = $news_category;
+		$_POST['news_start'] = $news_start;
+		$_POST['news_end'] = $news_end;
+		$_POST['comment_total'] = $sql->db_Count("comments", "(*)", " WHERE comment_item_id='$news_id' AND comment_type='0' ");
+		$_POST['news_rendertype'] = $news_render_type;
+		$_POST['news_thumbnail'] = $news_thumbnail;
 	}
-	$newspost->create_item($sub_action, $id);
+  }
+  $newspost->create_item($sub_action, $id);
 }
 
-if ($action == "cat") {
-	$newspost->show_categories($sub_action, $id);
+
+
+if ($action == "cat") 
+{
+  $newspost->show_categories($sub_action, $id);
 }
 
-if ($action == "sn") {
-	$newspost->submitted_news($sub_action, $id);
+
+
+if ($action == "sn") 
+{
+  $newspost->submitted_news($sub_action, $id);
 }
 
-if ($action == "pref") {
-	$newspost->show_news_prefs($sub_action, $id);
+
+
+if ($action == "pref") 
+{
+  $newspost->show_news_prefs($sub_action, $id);
 }
 
+
 echo "
 <script type=\"text/javascript\">
 function fclear() {
@@ -273,6 +292,10 @@ function fclear() {
 require_once("footer.php");
 exit;
 
+
+
+
+
 class newspost 
 {
 
@@ -388,13 +411,14 @@ class newspost
 
 	function create_item($sub_action, $id)
 	{
-		global $cal;
-		// ##### Display creation form ---------------------------------------------------------------------------------------------------------
-		/* 08-08-2004 - unknown - fixed `Insert Image' display to use $IMAGES_DIRECTORY */
-		global $sql, $rs, $ns, $pref, $tp, $pst, $e107;
+	  global $cal;
+	  // ##### Display creation form 
+	  global $sql, $rs, $ns, $pref, $tp, $pst, $e107;
 
-		if ($sub_action == "sn" && !$_POST['preview']) {
-			if ($sql->db_Select("submitnews", "*", "submitnews_id=$id", TRUE)) {
+	  if ($sub_action == "sn" && !$_POST['preview']) 
+	  {
+		if ($sql->db_Select("submitnews", "*", "submitnews_id=$id", TRUE)) 
+		{
 				list($id, $submitnews_name, $submitnews_email, $_POST['news_title'], $submitnews_category, $_POST['data'], $submitnews_datestamp, $submitnews_ip, $submitnews_auth, $submitnews_file) = $sql->db_Fetch();
 
 				if (e_WYSIWYG)
@@ -411,9 +435,10 @@ class newspost
 				}
 				$_POST['cat_id'] = $submitnews_category;
 			}
-		}
+	  }
 
-		if ($sub_action == "upload" && !$_POST['preview']) {
+	  if ($sub_action == "upload" && !$_POST['preview']) 
+	  {
 			if ($sql->db_Select("upload", "*", "upload_id=$id")) {
 				$row = $sql->db_Fetch();
 				extract($row);
@@ -423,7 +448,7 @@ class newspost
 				$_POST['news_title'] = LAN_UPLOAD.": ".$upload_name;
 				$_POST['data'] = $upload_description."\n[b]".NWSLAN_49." <a href='user.php?id.".$post_author_id."'>".$post_author_name."</a>[/b]\n\n[file=request.php?".$upload_file."]".$upload_name."[/file]\n";
 			}
-		}
+	  }
 
 		$text = "<div style='text-align:center'>
 		<form method='post' action='".e_SELF."?".e_QUERY."' id='dataform' ".(FILE_UPLOADS ? "enctype='multipart/form-data'" : "")." >
@@ -453,20 +478,19 @@ class newspost
 		<tr>
 		<td style='width:20%' class='forumheader3'>".NWSLAN_12.":</td>
 		<td style='width:80%' class='forumheader3'>
-		<input class='tbox' type='text' name='news_title' size='80' value='".$_POST['news_title']."' maxlength='200' style='width:95%'/>
+		<input class='tbox' type='text' name='news_title' size='80' value='".$tp->post_toForm($_POST['news_title'])."' maxlength='200' style='width:95%'/>
 		</td>
 		</tr>
 
 		<tr>
 		<td style='width:20%' class='forumheader3'>".LAN_NEWS_27.":</td>
 		<td style='width:80%' class='forumheader3'>
-		<input class='tbox' type='text' name='news_summary' size='80' value='".$tp->toForm($_POST['news_summary'])."' maxlength='250' style='width:95%'/>
+		<input class='tbox' type='text' name='news_summary' size='80' value='".$tp->post_toForm($_POST['news_summary'])."' maxlength='250' style='width:95%'/>
 		</td>
 		</tr>";
 
+
 		// -------- News Author ---------------------
-
-
         $text .="<tr>
 		<td class='forumheader3'>
 		".LAN_NEWS_50.":
@@ -520,6 +544,7 @@ class newspost
 			$text .= "</select>
 			";
 		}
+
 		$text .= "
 		</td>
 		</tr>