mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-05 06:07:32 +02:00
Code Issues Releases Wiki Activity

Bugtracker #4304 - apostrophes got corrupted when uploading image

Browse Source
This commit is contained in:
e107steved
2008-06-15 20:20:28 +00:00
parent da48257f8a
commit 66ae8fee37
1 changed files with 79 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

133
e107_admin/newspost.php
View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_admin/newspost.php,v $ | $Source: /cvs_backup/e107_0.8/e107_admin/newspost.php,v $
| $Revision: 1.14 $ | $Revision: 1.15 $
| $Date: 2008-05-31 17:55:22 $ | $Date: 2008-06-15 20:20:14 $
| $Author: e107steved $ | $Author: e107steved $
+---------------------------------------------------------------+ +---------------------------------------------------------------+
@@ -75,16 +75,17 @@ $amount = 10;
if(isset($_POST['news_userclass'])) if(isset($_POST['news_userclass']))
{ {
$_POST['news_class'] = implode(",", array_keys($_POST['news_userclass'])); $_POST['news_class'] = implode(",", array_keys($_POST['news_userclass']));
} }
if(isset($_POST['delete'])) if(isset($_POST['delete']))
{ {
$tmp = array_keys($_POST['delete']); $tmp = array_keys($_POST['delete']);
list($delete, $del_id) = explode("_", $tmp[0]); list($delete, $del_id) = explode("_", $tmp[0]);
} }
if ($delete == "main" && $del_id) if ($delete == "main" && $del_id)
{ {
if ($sql->db_Count('news','(*)',"WHERE news_id = '{$del_id}'")) if ($sql->db_Count('news','(*)',"WHERE news_id = '{$del_id}'"))
@@ -103,6 +104,7 @@ if ($delete == "main" && $del_id)
unset($delete, $del); unset($delete, $del);
} }
if ($delete == "category" && $del_id) { if ($delete == "category" && $del_id) {
if ($sql->db_Delete("news_category", "category_id='$del_id' ")) { if ($sql->db_Delete("news_category", "category_id='$del_id' ")) {
$newspost->show_message(NWSLAN_33." #".$del_id." ".NWSLAN_32); $newspost->show_message(NWSLAN_33." #".$del_id." ".NWSLAN_32);
@@ -110,6 +112,7 @@ if ($delete == "category" && $del_id) {
} }
} }
if($delete == "sn" && $del_id) if($delete == "sn" && $del_id)
{ {
if ($sql->db_Delete("submitnews", "submitnews_id='$del_id' ")) if ($sql->db_Delete("submitnews", "submitnews_id='$del_id' "))
@@ -122,7 +125,9 @@ if($delete == "sn" && $del_id)
} }
} }
if (isset($_POST['submitupload'])) {
if (isset($_POST['submitupload']))
{
$pref['upload_storagetype'] = "1"; $pref['upload_storagetype'] = "1";
require_once(e_HANDLER."upload_handler.php"); require_once(e_HANDLER."upload_handler.php");
@@ -144,15 +149,18 @@ if (isset($_POST['submitupload'])) {
} }
} }
// required. // required.
if (isset($_POST['preview'])) { if (isset($_POST['preview']))
{
$_POST['news_title'] = $tp->toDB($_POST['news_title']); $_POST['news_title'] = $tp->toDB($_POST['news_title']);
$_POST['news_summary'] = $tp->toDB($_POST['news_summary']); $_POST['news_summary'] = $tp->toDB($_POST['news_summary']);
$newspost->preview_item($id); $newspost->preview_item($id);
} }
if (isset($_POST['submit_news'])) {
if (isset($_POST['submit_news']))
{
$newspost->submit_item($sub_action, $id); $newspost->submit_item($sub_action, $id);
$e107cache->clear("news.php"); $e107cache->clear("news.php");
$e107cache->clear("othernews"); $e107cache->clear("othernews");
@@ -191,9 +199,9 @@ if (isset($_POST['update_category'])) {
$e107cache->clear("othernews2"); $e107cache->clear("othernews2");
} }
if (isset($_POST['save_prefs'])) { if (isset($_POST['save_prefs']))
{
$pref['newsposts'] = $_POST['newsposts']; $pref['newsposts'] = $_POST['newsposts'];
$pref['newsposts_archive'] = $_POST['newsposts_archive']; $pref['newsposts_archive'] = $_POST['newsposts_archive'];
$pref['newsposts_archive_title'] = $tp->toDB($_POST['newsposts_archive_title']); $pref['newsposts_archive_title'] = $tp->toDB($_POST['newsposts_archive_title']);
$pref['news_cats'] = $_POST['news_cats']; $pref['news_cats'] = $_POST['news_cats'];
@@ -220,48 +228,59 @@ if (!e_QUERY || $action == "main")
$newspost->show_existing_items($action, $sub_action, $sort_order, $from, $amount); $newspost->show_existing_items($action, $sub_action, $sort_order, $from, $amount);
} }
if ($action == "create") { if ($action == "create")
$preset = $pst->read_preset("admin_newspost"); //only works here because $_POST is used. {
$preset = $pst->read_preset("admin_newspost"); //only works here because $_POST is used.
if ($sub_action == "edit" && !$_POST['preview'] && !$_POST['submit_news']) { if ($sub_action == "edit" && !$_POST['preview'] && !$_POST['submit_news'])
if ($sql->db_Select("news", "*", "news_id='$id' ")) {
{ if ($sql->db_Select("news", "*", "news_id='$id' "))
$row = $sql->db_Fetch(); {
extract($row); $row = $sql->db_Fetch();
$_POST['news_title'] = $news_title; extract($row);
$_POST['data'] = $news_body; $_POST['news_title'] = $news_title;
$_POST['news_author'] = $row['news_author']; $_POST['data'] = $news_body;
$_POST['news_extended'] = $news_extended; $_POST['news_author'] = $row['news_author'];
$_POST['news_allow_comments'] = $news_allow_comments; $_POST['news_extended'] = $news_extended;
$_POST['news_class'] = $news_class; $_POST['news_allow_comments'] = $news_allow_comments;
$_POST['news_summary'] = $news_summary; $_POST['news_class'] = $news_class;
$_POST['news_sticky'] = $news_sticky; $_POST['news_summary'] = $news_summary;
$_POST['news_datestamp'] = ($_POST['news_datestamp']) ? $_POST['news_datestamp'] : $news_datestamp; $_POST['news_sticky'] = $news_sticky;
$_POST['news_datestamp'] = ($_POST['news_datestamp']) ? $_POST['news_datestamp'] : $news_datestamp;
$_POST['cat_id'] = $news_category; $_POST['cat_id'] = $news_category;
$_POST['news_start'] = $news_start; $_POST['news_start'] = $news_start;
$_POST['news_end'] = $news_end; $_POST['news_end'] = $news_end;
$_POST['comment_total'] = $sql->db_Count("comments", "(*)", " WHERE comment_item_id='$news_id' AND comment_type='0' "); $_POST['comment_total'] = $sql->db_Count("comments", "(*)", " WHERE comment_item_id='$news_id' AND comment_type='0' ");
$_POST['news_rendertype'] = $news_render_type; $_POST['news_rendertype'] = $news_render_type;
$_POST['news_thumbnail'] = $news_thumbnail; $_POST['news_thumbnail'] = $news_thumbnail;
}
} }
$newspost->create_item($sub_action, $id); }
$newspost->create_item($sub_action, $id);
} }
if ($action == "cat") {
$newspost->show_categories($sub_action, $id);
if ($action == "cat")
{
$newspost->show_categories($sub_action, $id);
} }
if ($action == "sn") {
$newspost->submitted_news($sub_action, $id);
if ($action == "sn")
{
$newspost->submitted_news($sub_action, $id);
} }
if ($action == "pref") {
$newspost->show_news_prefs($sub_action, $id);
if ($action == "pref")
{
$newspost->show_news_prefs($sub_action, $id);
} }
echo " echo "
<script type=\"text/javascript\"> <script type=\"text/javascript\">
function fclear() { function fclear() {
@@ -273,6 +292,10 @@ function fclear() {
require_once("footer.php"); require_once("footer.php");
exit; exit;
class newspost class newspost
{ {
@@ -388,13 +411,14 @@ class newspost
function create_item($sub_action, $id) function create_item($sub_action, $id)
{ {
global $cal; global $cal;
// ##### Display creation form --------------------------------------------------------------------------------------------------------- // ##### Display creation form
/* 08-08-2004 - unknown - fixed `Insert Image' display to use $IMAGES_DIRECTORY */ global $sql, $rs, $ns, $pref, $tp, $pst, $e107;
global $sql, $rs, $ns, $pref, $tp, $pst, $e107;
if ($sub_action == "sn" && !$_POST['preview']) { if ($sub_action == "sn" && !$_POST['preview'])
if ($sql->db_Select("submitnews", "*", "submitnews_id=$id", TRUE)) { {
if ($sql->db_Select("submitnews", "*", "submitnews_id=$id", TRUE))
{
list($id, $submitnews_name, $submitnews_email, $_POST['news_title'], $submitnews_category, $_POST['data'], $submitnews_datestamp, $submitnews_ip, $submitnews_auth, $submitnews_file) = $sql->db_Fetch(); list($id, $submitnews_name, $submitnews_email, $_POST['news_title'], $submitnews_category, $_POST['data'], $submitnews_datestamp, $submitnews_ip, $submitnews_auth, $submitnews_file) = $sql->db_Fetch();
if (e_WYSIWYG) if (e_WYSIWYG)
@@ -411,9 +435,10 @@ class newspost
} }
$_POST['cat_id'] = $submitnews_category; $_POST['cat_id'] = $submitnews_category;
} }
} }
if ($sub_action == "upload" && !$_POST['preview']) { if ($sub_action == "upload" && !$_POST['preview'])
{
if ($sql->db_Select("upload", "*", "upload_id=$id")) { if ($sql->db_Select("upload", "*", "upload_id=$id")) {
$row = $sql->db_Fetch(); $row = $sql->db_Fetch();
extract($row); extract($row);
@@ -423,7 +448,7 @@ class newspost
$_POST['news_title'] = LAN_UPLOAD.": ".$upload_name; $_POST['news_title'] = LAN_UPLOAD.": ".$upload_name;
$_POST['data'] = $upload_description."\n[b]".NWSLAN_49." <a href='user.php?id.".$post_author_id."'>".$post_author_name."</a>[/b]\n\n[file=request.php?".$upload_file."]".$upload_name."[/file]\n"; $_POST['data'] = $upload_description."\n[b]".NWSLAN_49." <a href='user.php?id.".$post_author_id."'>".$post_author_name."</a>[/b]\n\n[file=request.php?".$upload_file."]".$upload_name."[/file]\n";
} }
} }
$text = "<div style='text-align:center'> $text = "<div style='text-align:center'>
<form method='post' action='".e_SELF."?".e_QUERY."' id='dataform' ".(FILE_UPLOADS ? "enctype='multipart/form-data'" : "")." > <form method='post' action='".e_SELF."?".e_QUERY."' id='dataform' ".(FILE_UPLOADS ? "enctype='multipart/form-data'" : "")." >
@@ -453,20 +478,19 @@ class newspost
<tr> <tr>
<td style='width:20%' class='forumheader3'>".NWSLAN_12.":</td> <td style='width:20%' class='forumheader3'>".NWSLAN_12.":</td>
<td style='width:80%' class='forumheader3'> <td style='width:80%' class='forumheader3'>
<input class='tbox' type='text' name='news_title' size='80' value='".$_POST['news_title']."' maxlength='200' style='width:95%'/> <input class='tbox' type='text' name='news_title' size='80' value='".$tp->post_toForm($_POST['news_title'])."' maxlength='200' style='width:95%'/>
</td> </td>
</tr> </tr>
<tr> <tr>
<td style='width:20%' class='forumheader3'>".LAN_NEWS_27.":</td> <td style='width:20%' class='forumheader3'>".LAN_NEWS_27.":</td>
<td style='width:80%' class='forumheader3'> <td style='width:80%' class='forumheader3'>
<input class='tbox' type='text' name='news_summary' size='80' value='".$tp->toForm($_POST['news_summary'])."' maxlength='250' style='width:95%'/> <input class='tbox' type='text' name='news_summary' size='80' value='".$tp->post_toForm($_POST['news_summary'])."' maxlength='250' style='width:95%'/>
</td> </td>
</tr>"; </tr>";
// -------- News Author --------------------- // -------- News Author ---------------------
$text .="<tr> $text .="<tr>
<td class='forumheader3'> <td class='forumheader3'>
".LAN_NEWS_50.": ".LAN_NEWS_50.":
@@ -520,6 +544,7 @@ class newspost
$text .= "</select> $text .= "</select>
"; ";
} }
$text .= " $text .= "
</td> </td>
</tr> </tr>