diff options
| author | msquare <msquare@notrademark.de> | 2016-09-29 10:53:17 +0200 |
|---|---|---|
| committer | msquare <msquare@notrademark.de> | 2016-09-29 10:53:17 +0200 |
| commit | 91dafb19ec171e747d9976cf738606759bde3aae (patch) | |
| tree | 51e7c846146b253c811c6a0e85c0f1f3881cb50b /includes/pages/user_news.php | |
| parent | 1ec19b46f3311a0235c7d3e119e035559c9b4d14 (diff) | |
prohibit inline control structures on pages
Diffstat (limited to 'includes/pages/user_news.php')
| -rw-r--r-- | includes/pages/user_news.php | 104 |
1 files changed, 57 insertions, 47 deletions
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 78d63d61..e035e656 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -1,4 +1,5 @@ <?php + function user_news_comments_title() { return _("News comments"); } @@ -13,57 +14,62 @@ function meetings_title() { function user_meetings() { global $DISPLAY_NEWS; - + $html = '<div class="col-md-12"><h1>' . meetings_title() . '</h1>' . msg(); - - if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) + + if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) { $page = $_REQUEST['page']; - else + } else { $page = 0; - + } + $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); - foreach ($news as $entry) + foreach ($news as $entry) { $html .= display_news($entry); - + } + $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS); $html .= '<div class="text-center">' . '<ul class="pagination">'; for ($i = 0; $i < $dis_rows; $i ++) { - if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) + if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) { $html .= '<li class="active">'; - elseif (! isset($_REQUEST['page']) && $i == 0) + } elseif (! isset($_REQUEST['page']) && $i == 0) { $html .= '<li class="active">'; - else + } else { $html .= '<li>'; + } $html .= '<a href="' . page_link_to("user_meetings") . '&page=' . $i . '">' . ($i + 1) . '</a></li>'; } $html .= '</ul></div></div>'; - + return $html; } function display_news($news) { global $privileges, $p; - + $html = ''; $html .= '<div class="panel' . ($news['Treffen'] == 1 ? ' panel-info' : ' panel-default') . '">'; $html .= '<div class="panel-heading">'; $html .= '<h3 class="panel-title">' . ($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '</h3>'; $html .= '</div>'; $html .= '<div class="panel-body">' . ReplaceSmilies(nl2br($news['Text'])) . '</div>'; - + $html .= '<div class="panel-footer text-muted">'; - if (in_array("admin_news", $privileges)) + if (in_array("admin_news", $privileges)) { $html .= '<div class="pull-right">' . button_glyph(page_link_to("admin_news") . '&action=edit&id=' . $news['ID'], 'edit', 'btn-xs') . '</div>'; - + } $html .= '<span class="glyphicon glyphicon-time"></span> ' . date("Y-m-d H:i", $news['Datum']) . ' '; - + $user_source = User($news['UID']); - if ($user_source === false) + if ($user_source === false) { engelsystem_error(_("Unable to load user.")); - + } + $html .= User_Nick_render($user_source); - if ($p != "news_comments") + if ($p != "news_comments") { $html .= ' <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '"><span class="glyphicon glyphicon-comment"></span> ' . _("Comments") . ' »</a> <span class="badge">' . sql_num_query("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . '</span>'; + } $html .= '</div>'; $html .= '</div>'; return $html; @@ -71,7 +77,7 @@ function display_news($news) { function user_news_comments() { global $user; - + $html = '<div class="col-md-12"><h1>' . user_news_comments_title() . '</h1>'; if (isset($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0) { $nid = $_REQUEST["nid"]; @@ -82,15 +88,16 @@ function user_news_comments() { engelsystem_log("Created news_comment: " . $text); $html .= success(_("Entry saved."), true); } - + $html .= display_news($news); - + $comments = sql_select("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'"); foreach ($comments as $comment) { $user_source = User($comment['UID']); - if ($user_source === false) + if ($user_source === false) { engelsystem_error(_("Unable to load user.")); - + } + $html .= '<div class="panel panel-default">'; $html .= '<div class="panel-body">' . nl2br($comment['Text']) . '</div>'; $html .= '<div class="panel-footer text-muted">'; @@ -99,66 +106,69 @@ function user_news_comments() { $html .= '</div>'; $html .= '</div>'; } - + $html .= '<hr /><h2>' . _("New Comment:") . '</h2>'; - $html .= form(array( + $html .= form([ form_textarea('text', _("Message"), ''), - form_submit('submit', _("Save")) - ), page_link_to('news_comments') . '&nid=' . $news['ID']); - + form_submit('submit', _("Save")) + ], page_link_to('news_comments') . '&nid=' . $news['ID']); } else { $html .= _("Invalid request."); } - + return $html . '</div>'; } function user_news() { global $DISPLAY_NEWS, $privileges, $user; - + $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg(); - + if (isset($_POST["text"]) && isset($_POST["betreff"]) && in_array("admin_news", $privileges)) { - if (! isset($_POST["treffen"]) || ! in_array("admin_news", $privileges)) + if (! isset($_POST["treffen"]) || ! in_array("admin_news", $privileges)) { $_POST["treffen"] = 0; + } sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "', '" . sql_escape($_POST["treffen"]) . "');"); engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]); success(_("Entry saved.")); redirect(page_link_to('news')); } - - if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) + + if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) { $page = $_REQUEST['page']; - else + } else { $page = 0; - + } + $news = sql_select("SELECT * FROM `News` ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); - foreach ($news as $entry) + foreach ($news as $entry) { $html .= display_news($entry); - + } + $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS); $html .= '<div class="text-center">' . '<ul class="pagination">'; for ($i = 0; $i < $dis_rows; $i ++) { - if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) + if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) { $html .= '<li class="active">'; - elseif (! isset($_REQUEST['page']) && $i == 0) + } elseif (! isset($_REQUEST['page']) && $i == 0) { $html .= '<li class="active">'; - else + } else { $html .= '<li>'; + } $html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i + 1) . '</a></li>'; } $html .= '</ul></div>'; - + if (in_array("admin_news", $privileges)) { $html .= '<hr />'; $html .= '<h2>' . _("Create news:") . '</h2>'; - - $html .= form(array( + + $html .= form([ form_text('betreff', _("Subject"), ''), form_textarea('text', _("Message"), ''), form_checkbox('treffen', _("Meeting"), false, 1), - form_submit('submit', _("Save")) - )); + form_submit('submit', _("Save")) + ]); } return $html . '</div>'; } |