diff --git a/e107_plugins/newsletter/admin_config.php b/e107_plugins/newsletter/admin_config.php index 38569ae43..cbcd10026 100644 --- a/e107_plugins/newsletter/admin_config.php +++ b/e107_plugins/newsletter/admin_config.php @@ -11,15 +11,15 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_plugins/newsletter/admin_config.php,v $ -| $Revision: 1.6 $ -| $Date: 2008-09-22 20:38:26 $ +| $Revision: 1.7 $ +| $Date: 2008-12-18 21:10:10 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ -require_once("../../class2.php"); +require_once('../../class2.php'); if (!getperms("P")) { - header("location:".e_BASE."index.php"); + header('location:'.e_BASE.'index.php'); exit; } $e_sub_cat = 'newsletter'; @@ -46,22 +46,30 @@ if(!e_QUERY) } else { - if ($action == "vs") - { // View subscribers of a newsletter - $nl -> view_subscribers($id); - } - elseif ($action == "remove") - { // Remove subscriber - $nl -> remove_subscribers($id,$key); - } - else + switch ($action) { - $function = $action."Newsletter"; - $nl -> $function(); + case 'vs' : // View subscribers of a newsletter + $nl -> view_subscribers($id); + break; + case 'remove' : // Remove subscriber + $nl -> remove_subscribers($id,$key); + $nl -> view_subscribers($id); + break; + default: + $function = $action."Newsletter"; + if (method_exists($nl, $function)) + { + $nl -> $function(); + } + else + { + exit; + } } } + class newsletter { var $message; @@ -69,30 +77,31 @@ class newsletter function newsletter() { - global $ns; + global $ns, $tp; foreach($_POST as $key => $value) { + $key = $tp->toDB($key); if(strstr($key, "nlmailnow")) { - $this -> releaseIssue($key); + $this->releaseIssue($key); break; } } if(isset($_POST['delete'])) { - $this -> deleteNewsletter(); + $this->deleteNewsletter(); } if(isset($_POST['createNewsletter'])) { - $this -> createNewsletter(); + $this->createNewsletter(); } if(isset($_POST['createIssue'])) { - $this -> createIssue(); + $this->createIssue(); } if($this -> message) @@ -195,13 +204,14 @@ class newsletter function defineNewsletter($edit=FALSE) { global $ns, $tp; + // We've been passed a value from DB, so should be reasonably sanitised. if($edit) { - extract($edit); - $newsletter_title = $tp -> toFORM($newsletter_title); - $newsletter_text = $tp -> toFORM($newsletter_text); - $newsletter_footer = $tp -> toFORM($newsletter_footer); + $newsletter_title = $tp -> toFORM($edit['newsletter_title']); + $newsletter_text = $tp -> toFORM($edit['newsletter_text']); + $newsletter_footer = $tp -> toFORM($edit['newsletter_footer']); + $newsletter_header = $tp -> toFORM($edit['newsletter_header']); // Looks as if this was missed } $text .= "
@@ -209,24 +219,24 @@ class newsletter - + - + - + - + @@ -246,19 +256,20 @@ class newsletter { global $sql, $tp; - $newsletter_title = $tp -> toDB($_POST['newsletter_title']); - $newsletter_text = $tp -> toDB($_POST['newsletter_text']); - $newsletter_header = $tp -> toDB($_POST['newsletter_header']); - $newsletter_footer = $tp -> toDB($_POST['newsletter_footer']); + $letter['newsletter_title'] = $tp -> toDB($_POST['newsletter_title']); + $letter['newsletter_text'] = $tp -> toDB($_POST['newsletter_text']); + $letter['newsletter_header'] = $tp -> toDB($_POST['newsletter_header']); + $letter['newsletter_footer'] = $tp -> toDB($_POST['newsletter_footer']); if(isset($_POST['editid'])) { - $sql -> db_Update("newsletter", "newsletter_title='$newsletter_title', newsletter_text='$newsletter_text', newsletter_header='$newsletter_header', newsletter_footer='$newsletter_footer' WHERE newsletter_id='".$_POST['editid']."' "); + $sql -> db_Update("newsletter", "newsletter_title='{$letter['newsletter_title']}', newsletter_text='{$letter['newsletter_text']}', newsletter_header='{$letter['newsletter_header']}', newsletter_footer='{$letter['newsletter_footer']}' WHERE newsletter_id=".intval($_POST['editid'])); $this -> message = NLLAN_27; } else { - $sql -> db_Insert("newsletter", "0, '".time()."', '$newsletter_title', '$newsletter_text', '$newsletter_header', '$newsletter_footer', '', '0', '0', '0' "); + $letter['newsletter_datestamp'] = time(); + $sql -> db_Insert('newsletter', $letter); $this -> message = NLLAN_28; } } @@ -269,11 +280,11 @@ class newsletter { global $sql, $ns, $tp; + // Passed data is from DB if($edit) { - extract($edit); - $newsletter_title = $tp -> toFORM($newsletter_title); - $newsletter_text = $tp -> toFORM($newsletter_text); + $newsletter_title = $tp -> toFORM($edit['newsletter_title']); + $newsletter_text = $tp -> toFORM($edit['newsletter_text']); } if(!$sql -> db_Select("newsletter", "*", "newsletter_parent='0' ")) @@ -304,20 +315,20 @@ class newsletter - + - + - +
".NLLAN_21."
".NLLAN_22."
".NLLAN_23."
".NLLAN_24."
". - ($edit ? "\n" : "")." + ($edit ? "\n" : "")."
".NLLAN_31."
".NLLAN_32."
".NLLAN_33."
". - ($edit ? "\n" : "")." + ($edit ? "\n" : "")."
@@ -335,17 +346,20 @@ class newsletter function createIssue() { global $sql, $tp; - $newsletter_title = $tp -> toDB($_POST['newsletter_title']); - $newsletter_text = $tp -> toDB($_POST['newsletter_text']); + $letter['newsletter_title'] = $tp -> toDB($_POST['newsletter_title']); + $letter['newsletter_text'] = $tp -> toDB($_POST['newsletter_text']); + $letter['newsletter_parent'] = intval($_POST['newsletter_parent']); + $letter['newsletter_issue'] = $tp->toDB($_POST['newsletter_issue']); - if(isset($_POST['editid'])) + if (isset($_POST['editid'])) { - $sql -> db_Update("newsletter", "newsletter_title='$newsletter_title', newsletter_text='$newsletter_text', newsletter_parent='".$_POST['newsletter_parent']."', newsletter_issue='".$_POST['newsletter_issue']."' WHERE newsletter_id='".$_POST['editid']."' "); + $sql -> db_Update('newsletter', "newsletter_title='{$letter['newsletter_title']}', newsletter_text='{$letter['newsletter_text']}', newsletter_parent='".$letter['newsletter_parent']."', newsletter_issue='".$letter['newsletter_issue']."' WHERE newsletter_id=".intval($_POST['editid'])); $this -> message = NLLAN_38; } else { - $sql -> db_Insert("newsletter", "0, '".time()."', '$newsletter_title', '$newsletter_text', '', '', '', '".$_POST['newsletter_parent']."', '0', '".$_POST['newsletter_issue']."' "); + $letter['newsletter_datestamp'] = time(); + $sql -> db_Insert('newsletter', $letter); $this -> message = NLLAN_39; } } @@ -358,7 +372,7 @@ class newsletter $issue = str_replace("nlmailnow_", "", $issue); - if(!$sql -> db_Select("newsletter", "*", "newsletter_id='$issue' ")) + if(!$sql -> db_Select("newsletter", "*", "newsletter_id='{$issue}' ")) { return FALSE; } @@ -456,7 +470,7 @@ class newsletter { global $id, $sql; - if($sql -> db_Select("newsletter", "*", "newsletter_id='$id' ")) + if($sql -> db_Select("newsletter", "*", "newsletter_id='{$id}' ")) { $foo = $sql -> db_Fetch(); if(!$foo['newsletter_parent']) @@ -479,13 +493,13 @@ class newsletter if(strstr($tmp['key'], "newsletter")) { $id = str_replace("newsletter_", "", $tmp['key']); - $sql -> db_Delete("newsletter", "newsletter_id='$id' "); + $sql -> db_Delete("newsletter", "newsletter_id='{$id}' "); $this -> message = NLLAN_42; } else { $id = str_replace("issue_", "", $tmp['key']); - $sql -> db_Delete("newsletter", "newsletter_id='$id' "); + $sql -> db_Delete("newsletter", "newsletter_id='{$id}' "); $this -> message = NLLAN_43; } } @@ -521,17 +535,18 @@ class newsletter global $ns; $nl_sql = new db; - if(!$nl_sql -> db_Select("newsletter", "*", "newsletter_id=".$p_id)) + if(!$nl_sql -> db_Select('newsletter', '*', 'newsletter_id='.$p_id)) { // Check if newsletter id is available $vs_text .= "

".NLLAN_56."

-
"; + "; $ns -> tablerender(NLLAN_58, $vs_text); return; } else { $vs_text .= " +
@@ -540,10 +555,9 @@ class newsletter "; - $nl_sql -> db_Select("newsletter", "*", "newsletter_id='".$p_id."'"); +// $nl_sql -> db_Select("newsletter", "*", "newsletter_id=".$p_id); Already done if($nl_row = $nl_sql-> db_Fetch()) { -// $subscribers_total_count = substr_count($nl_row['newsletter_subscribers'], chr(1)); $subscribers_list = explode(chr(1), trim($nl_row['newsletter_subscribers'])); $subscribers_total_count = count($subscribers_list) - 1; // Get a null entry as well } @@ -562,13 +576,13 @@ class newsletter if($nl_row = $nl_sql-> db_Fetch()) { $vs_text .= " - - "; @@ -579,29 +593,27 @@ class newsletter $vs_text .= " - + - -
".NLLAN_55."".NLLAN_61."
{$val} + {$val} ".$nl_row['user_name']." ".$nl_row['user_email']." ".ADMIN_DELETE_ICON." + ".ADMIN_DELETE_ICON." ".(($nl_row['user_ban'] > 0) ? NLLAN_62 : "")."
".NLLAN_63.": ".$subscribers_total_count."".NLLAN_63.": ".$subscribers_total_count."

+
+
"; $ns -> tablerender(NLLAN_65.' '.$p_id, $vs_text); } - function remove_subscribers($p_id, $p_key) - { - global $sql; - $sql -> db_Select("newsletter", "*", "newsletter_id=".$p_id); - if($nl_row = $sql-> db_Fetch()) + function remove_subscribers($p_id, $p_key) { - $subscribers_list = explode(chr(1), $nl_row['newsletter_subscribers']); - unset($subscribers_list[$p_key]); - $new_subscriber_list = implode(chr(1), $subscribers_list); - $sql -> db_Update("newsletter", "newsletter_subscribers='{$new_subscriber_list}' WHERE newsletter_id=".$p_id); - header("location:".e_SELF."?vs.{$p_id}"); - exit; - } - } + global $sql; + $sql -> db_Select("newsletter", "*", "newsletter_id=".$p_id); + if($nl_row = $sql-> db_Fetch()) + { + $subscribers_list = array_flip(explode(chr(1), $nl_row['newsletter_subscribers'])); + unset($subscribers_list[$p_key]); + $new_subscriber_list = implode(chr(1), array_keys($subscribers_list)); + $sql -> db_Update("newsletter", "newsletter_subscribers='{$new_subscriber_list}' WHERE newsletter_id=".$p_id); + } + } }