diff options
Diffstat (limited to 'includes/pages/user_news.php')
| -rw-r--r-- | includes/pages/user_news.php | 40 |
1 files changed, 23 insertions, 17 deletions
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 3cf11a6b..b51b0a4c 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -35,8 +35,8 @@ function user_meetings() $html = '<div class="col-md-12"><h1>' . meetings_title() . '</h1>' . msg(); $request = request(); - if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) { - $page = $request->input('page'); + if (preg_match('/^\d{1,}$/', $request->input('page', 0))) { + $page = $request->input('page', 0); } else { $page = 0; } @@ -57,14 +57,14 @@ function user_meetings() $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news); $html .= '<div class="text-center">' . '<ul class="pagination">'; for ($i = 0; $i < $dis_rows; $i++) { - if ($request->has('page') && $i == $request->input('page')) { + if ($request->has('page') && $i == $request->input('page', 0)) { $html .= '<li class="active">'; } elseif (!$request->has('page') && $i == 0) { $html .= '<li class="active">'; } else { $html .= '<li>'; } - $html .= '<a href="' . page_link_to('user_meetings') . '&page=' . $i . '">' . ($i + 1) . '</a></li>'; + $html .= '<a href="' . page_link_to('user_meetings', ['page' => $i]) . '">' . ($i + 1) . '</a></li>'; } $html .= '</ul></div></div>'; @@ -89,7 +89,7 @@ function display_news($news) $html .= '<div class="panel-footer text-muted">'; if (in_array('admin_news', $privileges)) { $html .= '<div class="pull-right">' - . button_glyph(page_link_to('admin_news') . '&action=edit&id=' . $news['ID'], 'edit', 'btn-xs') + . button_glyph(page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]), 'edit', 'btn-xs') . '</div>'; } $html .= '<span class="glyphicon glyphicon-time"></span> ' . date('Y-m-d H:i', $news['Datum']) . ' '; @@ -98,7 +98,7 @@ function display_news($news) $html .= User_Nick_render($user_source); if ($page != 'news_comments') { - $html .= ' <a href="' . page_link_to('news_comments') . '&nid=' . $news['ID'] . '">' + $html .= ' <a href="' . page_link_to('news_comments', ['nid' => $news['ID']]) . '">' . '<span class="glyphicon glyphicon-comment"></span> ' . _('Comments') . ' »</a> ' . '<span class="badge">' @@ -154,7 +154,7 @@ function user_news_comments() $user_source = User($comment['UID']); $html .= '<div class="panel panel-default">'; - $html .= '<div class="panel-body">' . nl2br($comment['Text']) . '</div>'; + $html .= '<div class="panel-body">' . nl2br(htmlspecialchars($comment['Text'])) . '</div>'; $html .= '<div class="panel-footer text-muted">'; $html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . ' '; $html .= User_Nick_render($user_source); @@ -166,7 +166,7 @@ function user_news_comments() $html .= form([ form_textarea('text', _('Message'), ''), form_submit('submit', _('Save')) - ], page_link_to('news_comments') . '&nid=' . $news['ID']); + ], page_link_to('news_comments', ['nid' => $news['ID']])); } else { $html .= _('Invalid request.'); } @@ -185,30 +185,36 @@ function user_news() $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg(); - $isMeeting = $request->post('treffen'); + $isMeeting = $request->postData('treffen'); if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) { - if (!$request->has('treffen') || !in_array('admin_news', $privileges)) { + if (!$request->has('treffen')) { $isMeeting = 0; } + + $text = $request->postData('text'); + if (!in_array('admin_news_html', $privileges)) { + $text = strip_tags($text); + } + DB::insert(' INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) VALUES (?, ?, ?, ?, ?) ', [ time(), - $request->post('betreff'), - $request->post('text'), + strip_tags($request->postData('betreff')), + $text, $user['UID'], $isMeeting, ] ); - engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $isMeeting); + engelsystem_log('Created news: ' . $request->postData('betreff') . ', treffen: ' . $isMeeting); success(_('Entry saved.')); redirect(page_link_to('news')); } - if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) { - $page = $request->input('page'); + if (preg_match('/^\d{1,}$/', $request->input('page', 0))) { + $page = $request->input('page', 0); } else { $page = 0; } @@ -229,14 +235,14 @@ function user_news() $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news); $html .= '<div class="text-center">' . '<ul class="pagination">'; for ($i = 0; $i < $dis_rows; $i++) { - if ($request->has('page') && $i == $request->input('page')) { + if ($request->has('page') && $i == $request->input('page', 0)) { $html .= '<li class="active">'; } elseif (!$request->has('page') && $i == 0) { $html .= '<li class="active">'; } else { $html .= '<li>'; } - $html .= '<a href="' . page_link_to('news') . '&page=' . $i . '">' . ($i + 1) . '</a></li>'; + $html .= '<a href="' . page_link_to('news', ['page' => $i]) . '">' . ($i + 1) . '</a></li>'; } $html .= '</ul></div>'; |