summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/pages/admin_groups.php12
-rw-r--r--includes/pages/admin_language.php18
-rw-r--r--includes/pages/admin_questions.php31
-rw-r--r--templates/admin_question_answered.html9
-rw-r--r--templates/admin_question_unanswered.html14
-rw-r--r--templates/admin_questions.html6
6 files changed, 71 insertions, 19 deletions
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 842640d8..770f09b4 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -44,7 +44,17 @@ function admin_groups() {
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
$privileges_html = "";
foreach ($privileges as $priv)
- $privileges_html .= '<tr><td><input type="checkbox" name="privileges[]" value="' . $priv['id'] . '"' . ($priv['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $priv['name'] . '</td><td>' . $priv['desc'] . '</td></tr>';
+ $privileges_html .= sprintf(
+ '<tr><td><input type="checkbox" '
+ . 'name="privileges[]" value="%s" %s />'
+ . '</td> <td>%s</td> <td>%s</td></tr>',
+ $priv['id'],
+ ($priv['group_id'] != ""
+ ? 'checked="checked"'
+ : ''),
+ $priv['name'],
+ $priv['desc']
+ );
$html .= template_render('../templates/admin_groups_edit_form.html', array (
'link' => page_link_to("admin_groups"),
diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php
index a866528e..749cd643 100644
--- a/includes/pages/admin_language.php
+++ b/includes/pages/admin_language.php
@@ -72,19 +72,29 @@ function admin_language() {
foreach ($_POST as $k => $v) {
if ($k != "TextID") {
$sql_test = "SELECT * FROM `Sprache` " .
- "WHERE `TextID`='" . $_POST["TextID"] . "' AND `Sprache`='$k'";
+ "WHERE `TextID`='" . sql_escape($_POST["TextID"])
+ . "' AND `Sprache`='"
+ . sql_escape($k) . "'";
+
$erg_test = sql_query($sql_test);
if (mysql_num_rows($erg_test) == 0) {
$sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " .
- "VALUES ('" . $_POST["TextID"] . "', '$k', '$v')";
+ "VALUES ('" . sql_escape($_POST["TextID"]) . "', '"
+ . sql_escape($k) . "', '"
+ . sql_escape($v) . "')";
+
$html .= $sql_save . "<br />";
$Erg = sql_query($sql_save);
$html .= success("$k Save: OK<br />\n");
} else
if (mysql_result($erg_test, 0, "Text") != $v) {
- $sql_save = "UPDATE `Sprache` SET `Text`='$v' " .
- "WHERE `TextID`='" . $_POST["TextID"] . "' AND `Sprache`='$k' ";
+ $sql_save = "UPDATE `Sprache` SET `Text`='"
+ . sql_escape($v) . "' " .
+ "WHERE `TextID`='"
+ . sql_escape($_POST["TextID"])
+ . "' AND `Sprache`='" . sql_escape($k) . "' ";
+
$html .= $sql_save . "<br />";
$Erg = sql_query($sql_save);
$html .= success(" $k Update: OK<br />\n");
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index 5355dd86..0e4469d5 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -18,19 +18,28 @@ function admin_questions() {
if (!isset ($_REQUEST['action'])) {
$open_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
- foreach ($questions as $question) {
- $open_questions .= '<tr><td>' . UID2Nick($question['UID']) . '</td><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>';
- $open_questions .= '<td><form action="' . page_link_to("admin_questions") . '&action=answer" method="post"><textarea name="answer"></textarea><input type="hidden" name="id" value="' . $question['QID'] . '" /><br /><input type="submit" name="submit" value="Send" /></form></td>';
- $open_questions .= '<td><a href="' . page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>';
- }
+ foreach ($questions as $question)
+ $open_questions .= template_render(
+ '../templates/admin_question_unanswered.html', array (
+ 'question_nick' => UID2Nick($question['UID']),
+ 'question_id' => $question['QID'],
+ 'link' => page_link_to("admin_questions"),
+ 'question' => str_replace("\n", '<br />', $question['Question'])
+ ));
$answered_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
- foreach ($questions as $question) {
- $answered_questions .= '<tr><td>' . UID2Nick($question['UID']) . '</td><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>';
- $answered_questions .= '<td>' . UID2Nick($question['AID']) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>';
- $answered_questions .= '<td><a href="' . page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>';
- }
+
+ foreach ($questions as $question)
+ $answered_questions .= template_render(
+ '../templates/admin_question_answered.html', array (
+ 'question_id' => $question['QID'],
+ 'question_nick' => UID2Nick($question['UID']),
+ 'question' => str_replace("\n", "<br />", $question['Question']),
+ 'answer_nick' => UID2Nick($question['AID']),
+ 'answer' => str_replace("\n", "<br />", $question['Answer']),
+ 'link' => page_link_to("admin_questions"),
+ ));
return template_render('../templates/admin_questions.html', array (
'link' => page_link_to("admin_questions"),
@@ -73,4 +82,4 @@ function admin_questions() {
}
}
}
-?> \ No newline at end of file
+?>
diff --git a/templates/admin_question_answered.html b/templates/admin_question_answered.html
new file mode 100644
index 00000000..e4f07932
--- /dev/null
+++ b/templates/admin_question_answered.html
@@ -0,0 +1,9 @@
+<tr>
+ <td> %question_nick% </td>
+ <td> %question% </td>
+ <td> %answer_nick% </td>
+ <td> %answer% </td>
+ <td>
+ <a href="%link%&action=delete&id=%question_id%">Delete</a>
+ </td>
+</tr>
diff --git a/templates/admin_question_unanswered.html b/templates/admin_question_unanswered.html
new file mode 100644
index 00000000..fc3db78a
--- /dev/null
+++ b/templates/admin_question_unanswered.html
@@ -0,0 +1,14 @@
+<tr>
+ <td> %question_nick% </td>
+ <td> %question% </td>
+ <td>
+ <form action="%link%&action=answer" method="post">
+ <textarea name="answer"></textarea>
+ <input type="hidden" name="id" value="%question_id%" />
+ <input type="submit" name="submit" value="Send" />
+ </form>
+ </td>
+ <td>
+ <a href="%link%&action=delete&id=%question_id%">Delete</a>
+ </td>
+</tr>
diff --git a/templates/admin_questions.html b/templates/admin_questions.html
index ad8d6572..171f10b5 100644
--- a/templates/admin_questions.html
+++ b/templates/admin_questions.html
@@ -25,6 +25,9 @@ Not yet answered questions:
<thead>
<tr>
<th>
+ From
+ </th>
+ <th>
Question
</th>
<th>
@@ -34,9 +37,6 @@ Not yet answered questions:
Answer
</th>
<th>
- From
- </th>
- <th>
&nbsp;
</th>
</tr>