summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorDaniel Friesel <derf@finalrewind.org>2011-06-03 11:09:25 +0200
committerDaniel Friesel <derf@finalrewind.org>2011-06-03 11:09:25 +0200
commit5113776a42d0bc7ff8ed2db8619045d3ffb164a9 (patch)
tree1c8249b86887b66891af217ed2d93e2924a58cf9 /includes
parentbad34a0b263a60f024102df21a5613f9b0e72cc9 (diff)
include/pages/admin_faq cleanup
Diffstat (limited to 'includes')
-rw-r--r--includes/pages/admin_faq.php46
-rw-r--r--includes/sys_page.php8
2 files changed, 41 insertions, 13 deletions
diff --git a/includes/pages/admin_faq.php b/includes/pages/admin_faq.php
index 5b9a338f..b8ba1a64 100644
--- a/includes/pages/admin_faq.php
+++ b/includes/pages/admin_faq.php
@@ -4,8 +4,14 @@ function admin_faq() {
$faqs_html = "";
$faqs = sql_select("SELECT * FROM `FAQ`");
foreach ($faqs as $faq) {
- $faqs_html .= '<tr><td><dl><dt>' . $faq['Frage_de'] . '</dt><dd>' . $faq['Antwort_de'] . '</dd></dl></td><td><dl><dt>' . $faq['Frage_en'] . '</dt><dd>' . $faq['Antwort_en'] . '</dd></dl></td>';
- $faqs_html .= '<td><a href="' . page_link_to("admin_faq") . '&action=edit&id=' . $faq['FID'] . '">Edit</a></td></tr>';
+ $faqs_html .= sprintf(
+ '<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
+ . '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
+ . '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>',
+ $faq['Frage_de'], $faq['Antwort_de'],
+ $faq['Frage_en'], $faq['Antwort_en'],
+ page_link_to('admin_faq'), $faq['FID']
+ );
}
return template_render('../templates/admin_faq.html', array (
'link' => page_link_to("admin_faq"),
@@ -14,11 +20,18 @@ function admin_faq() {
} else {
switch ($_REQUEST['action']) {
case 'create' :
- $frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage']));
- $antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort']));
- $question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']));
- $answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']));
- sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'");
+ $frage = strip_request_item_nl('frage');
+ $antwort = strip_request_item_nl('antwort');
+ $question = strip_request_item_nl('question');
+ $answer = strip_request_item_nl('answer');
+
+ sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage)
+ . "', `Frage_en`='" . sql_escape($question)
+ . "', `Antwort_de`='" . sql_escape($antwort)
+ . "', `Antwort_en`='" . sql_escape($answer)
+ . "'"
+ );
+
header("Location: " . page_link_to("admin_faq"));
break;
@@ -32,11 +45,18 @@ function admin_faq() {
if (count($faq) > 0) {
list ($faq) = $faq;
- $frage = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['frage']));
- $antwort = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['antwort']));
- $question = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']));
- $answer = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']));
- sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+ $frage = strip_request_item_nl('frage');
+ $antwort = strip_request_item_nl('antwort');
+ $question = strip_request_item_nl('question');
+ $answer = strip_request_item_nl('answer');
+
+ sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage)
+ . "', `Frage_en`='" . sql_escape($question)
+ . "', `Antwort_de`='" . sql_escape($antwort)
+ . "', `Antwort_en`='" . sql_escape($answer)
+ . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"
+ );
+
header("Location: " . page_link_to("admin_faq"));
} else
return error("No FAQ found.");
@@ -82,4 +102,4 @@ function admin_faq() {
}
}
}
-?> \ No newline at end of file
+?>
diff --git a/includes/sys_page.php b/includes/sys_page.php
index 2af5f729..e499cd57 100644
--- a/includes/sys_page.php
+++ b/includes/sys_page.php
@@ -8,6 +8,14 @@ function strip_request_item($name) {
);
}
+function strip_request_item_nl($name) {
+ return preg_replace(
+ "/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui",
+ '',
+ strip_tags($_REQUEST[$name])
+ );
+}
+
function error($msg) {
return '<p class="error">' . $msg . '</p>';
}