summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/autoload.php9
-rw-r--r--includes/controller/angeltypes_controller.php26
-rw-r--r--includes/controller/rooms_controller.php5
-rw-r--r--includes/controller/shift_entries_controller.php2
-rw-r--r--includes/controller/shifts_controller.php36
-rw-r--r--includes/controller/shifttypes_controller.php4
-rw-r--r--includes/controller/user_angeltypes_controller.php17
-rw-r--r--includes/controller/user_driver_licenses_controller.php2
-rw-r--r--includes/controller/users_controller.php18
-rw-r--r--includes/engelsystem_provider.php168
-rw-r--r--includes/helper/internationalization_helper.php14
-rw-r--r--includes/pages/admin_active.php52
-rw-r--r--includes/pages/admin_arrive.php10
-rw-r--r--includes/pages/admin_free.php2
-rw-r--r--includes/pages/admin_groups.php13
-rw-r--r--includes/pages/admin_news.php37
-rw-r--r--includes/pages/admin_questions.php6
-rw-r--r--includes/pages/admin_rooms.php21
-rw-r--r--includes/pages/admin_shifts.php10
-rw-r--r--includes/pages/admin_user.php70
-rw-r--r--includes/pages/guest_login.php17
-rw-r--r--includes/pages/user_atom.php19
-rw-r--r--includes/pages/user_messages.php6
-rw-r--r--includes/pages/user_myshifts.php8
-rw-r--r--includes/pages/user_news.php40
-rw-r--r--includes/pages/user_questions.php6
-rw-r--r--includes/pages/user_settings.php10
-rw-r--r--includes/pages/user_shifts.php8
-rw-r--r--includes/sys_auth.php2
-rw-r--r--includes/sys_form.php24
-rw-r--r--includes/sys_menu.php26
-rw-r--r--includes/sys_page.php14
-rw-r--r--includes/view/AngelTypes_view.php71
-rw-r--r--includes/view/Questions_view.php12
-rw-r--r--includes/view/ShiftCalendarShiftRenderer.php14
-rw-r--r--includes/view/ShiftTypes_view.php34
-rw-r--r--includes/view/Shifts_view.php9
-rw-r--r--includes/view/UserAngelTypes_view.php73
-rw-r--r--includes/view/User_view.php46
39 files changed, 588 insertions, 373 deletions
diff --git a/includes/autoload.php b/includes/autoload.php
new file mode 100644
index 00000000..f51f89e4
--- /dev/null
+++ b/includes/autoload.php
@@ -0,0 +1,9 @@
+<?php
+
+// Check for autoloader
+if (!is_readable(__DIR__ . '/../vendor/autoload.php')) {
+ die('Please run composer.phar install');
+}
+
+// Include composer autoloader
+require_once __DIR__ . '/../vendor/autoload.php';
diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php
index 58fadd5c..8c1cbe5d 100644
--- a/includes/controller/angeltypes_controller.php
+++ b/includes/controller/angeltypes_controller.php
@@ -42,7 +42,7 @@ function angeltypes_controller()
*/
function angeltype_link($angeltype_id)
{
- return page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype_id;
+ return page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype_id]);
}
/**
@@ -127,7 +127,7 @@ function angeltype_edit_controller()
if (!$supporter_mode) {
if ($request->has('name')) {
- $result = AngelType_validate_name($request->input('name'), $angeltype);
+ $result = AngelType_validate_name($request->postData('name'), $angeltype);
$angeltype['name'] = $result->getValue();
if (!$result->isValid()) {
$valid = false;
@@ -211,17 +211,21 @@ function angeltypes_list_controller()
foreach ($angeltypes as &$angeltype) {
$actions = [
- button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('view'), 'btn-xs')
+ button(
+ page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
+ _('view'),
+ 'btn-xs'
+ )
];
if (in_array('admin_angel_types', $privileges)) {
$actions[] = button(
- page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'],
+ page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]),
_('edit'),
'btn-xs'
);
$actions[] = button(
- page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'],
+ page_link_to('angeltypes', ['action' => 'delete', 'angeltype_id' => $angeltype['id']]),
_('delete'),
'btn-xs'
);
@@ -230,13 +234,15 @@ function angeltypes_list_controller()
$angeltype['membership'] = AngelType_render_membership($angeltype);
if ($angeltype['user_angeltype_id'] != null) {
$actions[] = button(
- page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $angeltype['user_angeltype_id'],
+ page_link_to('user_angeltypes',
+ ['action' => 'delete', 'user_angeltype_id' => $angeltype['user_angeltype_id']]
+ ),
_('leave'),
'btn-xs'
);
} else {
$actions[] = button(
- page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'],
+ page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]),
_('join'),
'btn-xs'
);
@@ -245,7 +251,11 @@ function angeltypes_list_controller()
$angeltype['restricted'] = $angeltype['restricted'] ? glyph('lock') : '';
$angeltype['no_self_signup'] = $angeltype['no_self_signup'] ? '' : glyph('share');
- $angeltype['name'] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'] . '">' . $angeltype['name'] . '</a>';
+ $angeltype['name'] = '<a href="'
+ . page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']])
+ . '">'
+ . $angeltype['name']
+ . '</a>';
$angeltype['actions'] = table_buttons($actions);
}
diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php
index 6d0864ae..d6da9709 100644
--- a/includes/controller/rooms_controller.php
+++ b/includes/controller/rooms_controller.php
@@ -1,4 +1,5 @@
<?php
+
use Engelsystem\ShiftsFilter;
use Engelsystem\ShiftsFilterRenderer;
@@ -88,7 +89,7 @@ function rooms_controller()
*/
function room_link($room)
{
- return page_link_to('rooms') . '&action=view&room_id=' . $room['RID'];
+ return page_link_to('rooms', ['action' => 'view', 'room_id' => $room['RID']]);
}
/**
@@ -97,7 +98,7 @@ function room_link($room)
*/
function room_edit_link($room)
{
- return page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'];
+ return page_link_to('admin_rooms', ['show' => 'edit', 'id' => $room['RID']]);
}
/**
diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php
index 72189869..148b19fb 100644
--- a/includes/controller/shift_entries_controller.php
+++ b/includes/controller/shift_entries_controller.php
@@ -27,10 +27,10 @@ function shift_entry_add_controller()
}
$shift = Shift($shift_id);
- $shift['Name'] = $room_array[$shift['RID']];
if ($shift == null) {
redirect(page_link_to('user_shifts'));
}
+ $shift['Name'] = $room_array[$shift['RID']];
$type_id = 0;
if ($request->has('type_id') && preg_match('/^\d*$/', $request->input('type_id'))) {
diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php
index 96f12baa..c359850f 100644
--- a/includes/controller/shifts_controller.php
+++ b/includes/controller/shifts_controller.php
@@ -1,4 +1,5 @@
<?php
+
use Engelsystem\ShiftSignupState;
/**
@@ -7,7 +8,7 @@ use Engelsystem\ShiftSignupState;
*/
function shift_link($shift)
{
- $link = page_link_to('shifts') . '&action=view';
+ $link = page_link_to('shifts', ['action' => 'view']);
if (isset($shift['SID'])) {
$link .= '&shift_id=' . $shift['SID'];
}
@@ -20,7 +21,7 @@ function shift_link($shift)
*/
function shift_delete_link($shift)
{
- return page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'];
+ return page_link_to('user_shifts', ['delete_shift' => $shift['SID']]);
}
/**
@@ -29,7 +30,7 @@ function shift_delete_link($shift)
*/
function shift_edit_link($shift)
{
- return page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'];
+ return page_link_to('user_shifts', ['edit_shift' => $shift['SID']]);
}
/**
@@ -61,7 +62,7 @@ function shift_edit_controller()
$angeltypes = select_array(AngelTypes(), 'id', 'name');
$shifttypes = select_array(ShiftTypes(), 'id', 'name');
- $needed_angel_types = select_array(NeededAngelTypes_by_shift($shift_id), 'id', 'count');
+ $needed_angel_types = select_array(NeededAngelTypes_by_shift($shift_id), 'angel_type_id', 'count');
foreach (array_keys($angeltypes) as $angeltype_id) {
if (!isset($needed_angel_types[$angeltype_id])) {
$needed_angel_types[$angeltype_id] = 0;
@@ -116,15 +117,20 @@ function shift_edit_controller()
$msg .= error(_('The ending time has to be after the starting time.'), true);
}
- foreach ($needed_angel_types as $needed_angeltype_id => $needed_angeltype_name) {
- if ($request->has('type_' . $needed_angeltype_id) && test_request_int('type_' . $needed_angeltype_id)) {
- $needed_angel_types[$needed_angeltype_id] = trim($request->input('type_' . $needed_angeltype_id));
- } else {
- $valid = false;
- $msg .= error(sprintf(
- _('Please check your input for needed angels of type %s.'),
- $needed_angeltype_name
- ), true);
+ foreach ($needed_angel_types as $needed_angeltype_id => $count) {
+ $needed_angel_types[$needed_angeltype_id] = 0;
+
+ $queryKey = 'type_' . $needed_angeltype_id;
+ if ($request->has($queryKey)) {
+ if (test_request_int($queryKey)) {
+ $needed_angel_types[$needed_angeltype_id] = trim($request->input($queryKey));
+ } else {
+ $valid = false;
+ $msg .= error(sprintf(
+ _('Please check your input for needed angels of type %s.'),
+ $angeltypes[$needed_angeltype_id]
+ ), true);
+ }
}
}
@@ -225,7 +231,9 @@ function shift_delete_controller()
date('Y-m-d H:i', $shift['start']),
date('H:i', $shift['end'])
), true),
- '<a class="button" href="?p=user_shifts&delete_shift=' . $shift_id . '&delete">' . _('delete') . '</a>'
+ '<a class="button" href="'
+ . page_link_to('user_shifts', ['delete_shift' => $shift_id, 'delete' => 1]) .
+ '">' . _('delete') . '</a>'
]);
}
diff --git a/includes/controller/shifttypes_controller.php b/includes/controller/shifttypes_controller.php
index 9cf292ee..4e7cd92c 100644
--- a/includes/controller/shifttypes_controller.php
+++ b/includes/controller/shifttypes_controller.php
@@ -6,7 +6,7 @@
*/
function shifttype_link($shifttype)
{
- return page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype['id'];
+ return page_link_to('shifttypes', ['action' => 'view', 'shifttype_id' => $shifttype['id']]);
}
/**
@@ -100,7 +100,7 @@ function shifttype_edit_controller()
engelsystem_log('Created shifttype ' . $name);
success(_('Created shifttype.'));
}
- redirect(page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype_id);
+ redirect(page_link_to('shifttypes', ['action' => 'view', 'shifttype_id' => $shifttype_id]));
}
}
diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php
index f212716d..fa4f5777 100644
--- a/includes/controller/user_angeltypes_controller.php
+++ b/includes/controller/user_angeltypes_controller.php
@@ -17,8 +17,7 @@ function user_angeltypes_unconfirmed_hint()
$unconfirmed_links = [];
foreach ($unconfirmed_user_angeltypes as $user_angeltype) {
$unconfirmed_links[] = '<a href="'
- . page_link_to('angeltypes')
- . '&action=view&angeltype_id=' . $user_angeltype['angeltype_id']
+ . page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $user_angeltype['angeltype_id']])
. '">' . $user_angeltype['name']
. ' (+' . $user_angeltype['count'] . ')'
. '</a>';
@@ -61,7 +60,7 @@ function user_angeltypes_delete_all_controller()
engelsystem_log(sprintf('Denied all users for angeltype %s', AngelType_name_render($angeltype)));
success(sprintf(_('Denied all users for angeltype %s.'), AngelType_name_render($angeltype)));
- redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
+ redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
return [
@@ -107,7 +106,7 @@ function user_angeltypes_confirm_all_controller()
engelsystem_log(sprintf('Confirmed all users for angeltype %s', AngelType_name_render($angeltype)));
success(sprintf(_('Confirmed all users for angeltype %s.'), AngelType_name_render($angeltype)));
- redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
+ redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
return [
@@ -167,7 +166,7 @@ function user_angeltype_confirm_controller()
User_Nick_render($user_source),
AngelType_name_render($angeltype)
));
- redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
+ redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
return [
@@ -221,7 +220,7 @@ function user_angeltype_delete_controller()
engelsystem_log($success_message);
success($success_message);
- redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
+ redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
return [
@@ -287,7 +286,7 @@ function user_angeltype_update_controller()
engelsystem_log($success_message);
success($success_message);
- redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
+ redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
return [
@@ -341,7 +340,7 @@ function user_angeltype_add_controller()
AngelType_name_render($angeltype)
));
- redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
+ redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
}
@@ -383,7 +382,7 @@ function user_angeltype_join_controller($angeltype)
));
}
- redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']);
+ redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
}
return [
diff --git a/includes/controller/user_driver_licenses_controller.php b/includes/controller/user_driver_licenses_controller.php
index fef278dd..3db31eff 100644
--- a/includes/controller/user_driver_licenses_controller.php
+++ b/includes/controller/user_driver_licenses_controller.php
@@ -63,7 +63,7 @@ function user_driver_license_edit_link($user = null)
if ($user == null) {
return page_link_to('user_driver_licenses');
}
- return page_link_to('user_driver_licenses') . '&user_id=' . $user['UID'];
+ return page_link_to('user_driver_licenses', ['user_id' => $user['UID']]);
}
/**
diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php
index 832d93f0..e8cb1b27 100644
--- a/includes/controller/users_controller.php
+++ b/includes/controller/users_controller.php
@@ -47,7 +47,7 @@ function user_delete_controller()
$request = request();
if ($request->has('user_id')) {
- $user_source = User($request->get('user_id'));
+ $user_source = User($request->query->get('user_id'));
} else {
$user_source = $user;
}
@@ -68,7 +68,7 @@ function user_delete_controller()
if (
!(
$request->has('password')
- && verify_password($request->post('password'), $user['Passwort'], $user['UID'])
+ && verify_password($request->postData('password'), $user['Passwort'], $user['UID'])
)
) {
$valid = false;
@@ -106,7 +106,7 @@ function users_link()
*/
function user_edit_link($user)
{
- return page_link_to('admin_user') . '&user_id=' . $user['UID'];
+ return page_link_to('admin_user', ['user_id' => $user['UID']]);
}
/**
@@ -115,7 +115,7 @@ function user_edit_link($user)
*/
function user_delete_link($user)
{
- return page_link_to('users') . '&action=delete&user_id=' . $user['UID'];
+ return page_link_to('users', ['action' => 'delete', 'user_id' => $user['UID']]);
}
/**
@@ -124,7 +124,7 @@ function user_delete_link($user)
*/
function user_link($user)
{
- return page_link_to('users') . '&action=view&user_id=' . $user['UID'];
+ return page_link_to('users', ['action' => 'view', 'user_id' => $user['UID']]);
}
/**
@@ -297,9 +297,9 @@ function user_password_recovery_set_new_controller()
if (
$request->has('password')
- && strlen($request->post('password')) >= config('min_password_length')
+ && strlen($request->postData('password')) >= config('min_password_length')
) {
- if ($request->post('password') != $request->post('password2')) {
+ if ($request->postData('password') != $request->postData('password2')) {
$valid = false;
error(_('Your passwords don\'t match.'));
}
@@ -309,7 +309,7 @@ function user_password_recovery_set_new_controller()
}
if ($valid) {
- set_password($user_source['UID'], $request->post('password'));
+ set_password($user_source['UID'], $request->postData('password'));
success(_('Password saved.'));
redirect(page_link_to('login'));
}
@@ -353,7 +353,7 @@ function user_password_recovery_start_controller()
_('Password recovery'),
sprintf(
_('Please visit %s to recover your password.'),
- page_link_to_absolute('user_password_recovery') . '&token=' . $token
+ page_link_to('user_password_recovery', ['token' => $token])
)
);
success(_('We sent an email containing your password recovery link.'));
diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php
index ff682871..65a319e9 100644
--- a/includes/engelsystem_provider.php
+++ b/includes/engelsystem_provider.php
@@ -11,11 +11,7 @@ use Engelsystem\Renderer\Renderer;
* This file includes all needed functions, connects to the db etc.
*/
-if (!is_readable(__DIR__ . '/../vendor/autoload.php')) {
- die('Please run composer.phar install');
-}
-require __DIR__ . '/../vendor/autoload.php';
-
+require_once __DIR__ . '/autoload.php';
/**
* Load configuration
@@ -36,9 +32,10 @@ date_default_timezone_set($config->get('timezone'));
/**
* Initialize Request
+ *
+ * @var Request $request
*/
-$request = new Request();
-$request->create();
+$request = Request::createFromGlobals();
$request::setInstance($request);
/**
@@ -86,82 +83,87 @@ Db::getPdo()->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
/**
* Include legacy code
*/
-require_once realpath(__DIR__ . '/../includes/sys_auth.php');
-require_once realpath(__DIR__ . '/../includes/sys_form.php');
-require_once realpath(__DIR__ . '/../includes/sys_log.php');
-require_once realpath(__DIR__ . '/../includes/sys_menu.php');
-require_once realpath(__DIR__ . '/../includes/sys_page.php');
-require_once realpath(__DIR__ . '/../includes/sys_template.php');
-
-require_once realpath(__DIR__ . '/../includes/model/AngelType_model.php');
-require_once realpath(__DIR__ . '/../includes/model/EventConfig_model.php');
-require_once realpath(__DIR__ . '/../includes/model/LogEntries_model.php');
-require_once realpath(__DIR__ . '/../includes/model/Message_model.php');
-require_once realpath(__DIR__ . '/../includes/model/NeededAngelTypes_model.php');
-require_once realpath(__DIR__ . '/../includes/model/Room_model.php');
-require_once realpath(__DIR__ . '/../includes/model/ShiftEntry_model.php');
-require_once realpath(__DIR__ . '/../includes/model/Shifts_model.php');
-require_once realpath(__DIR__ . '/../includes/model/ShiftsFilter.php');
-require_once realpath(__DIR__ . '/../includes/model/ShiftSignupState.php');
-require_once realpath(__DIR__ . '/../includes/model/ShiftTypes_model.php');
-require_once realpath(__DIR__ . '/../includes/model/UserAngelTypes_model.php');
-require_once realpath(__DIR__ . '/../includes/model/UserDriverLicenses_model.php');
-require_once realpath(__DIR__ . '/../includes/model/UserGroups_model.php');
-require_once realpath(__DIR__ . '/../includes/model/User_model.php');
-require_once realpath(__DIR__ . '/../includes/model/ValidationResult.php');
-
-require_once realpath(__DIR__ . '/../includes/view/AngelTypes_view.php');
-require_once realpath(__DIR__ . '/../includes/view/EventConfig_view.php');
-require_once realpath(__DIR__ . '/../includes/view/Questions_view.php');
-require_once realpath(__DIR__ . '/../includes/view/Rooms_view.php');
-require_once realpath(__DIR__ . '/../includes/view/ShiftCalendarLane.php');
-require_once realpath(__DIR__ . '/../includes/view/ShiftCalendarRenderer.php');
-require_once realpath(__DIR__ . '/../includes/view/ShiftCalendarShiftRenderer.php');
-require_once realpath(__DIR__ . '/../includes/view/ShiftsFilterRenderer.php');
-require_once realpath(__DIR__ . '/../includes/view/Shifts_view.php');
-require_once realpath(__DIR__ . '/../includes/view/ShiftEntry_view.php');
-require_once realpath(__DIR__ . '/../includes/view/ShiftTypes_view.php');
-require_once realpath(__DIR__ . '/../includes/view/UserAngelTypes_view.php');
-require_once realpath(__DIR__ . '/../includes/view/UserDriverLicenses_view.php');
-require_once realpath(__DIR__ . '/../includes/view/UserHintsRenderer.php');
-require_once realpath(__DIR__ . '/../includes/view/User_view.php');
-
-require_once realpath(__DIR__ . '/../includes/controller/angeltypes_controller.php');
-require_once realpath(__DIR__ . '/../includes/controller/event_config_controller.php');
-require_once realpath(__DIR__ . '/../includes/controller/rooms_controller.php');
-require_once realpath(__DIR__ . '/../includes/controller/shift_entries_controller.php');
-require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php');
-require_once realpath(__DIR__ . '/../includes/controller/shifttypes_controller.php');
-require_once realpath(__DIR__ . '/../includes/controller/users_controller.php');
-require_once realpath(__DIR__ . '/../includes/controller/user_angeltypes_controller.php');
-require_once realpath(__DIR__ . '/../includes/controller/user_driver_licenses_controller.php');
-
-require_once realpath(__DIR__ . '/../includes/helper/graph_helper.php');
-require_once realpath(__DIR__ . '/../includes/helper/internationalization_helper.php');
-require_once realpath(__DIR__ . '/../includes/helper/message_helper.php');
-require_once realpath(__DIR__ . '/../includes/helper/error_helper.php');
-require_once realpath(__DIR__ . '/../includes/helper/email_helper.php');
-
-require_once realpath(__DIR__ . '/../includes/mailer/shifts_mailer.php');
-require_once realpath(__DIR__ . '/../includes/mailer/users_mailer.php');
-
-require_once realpath(__DIR__ . '/../includes/pages/admin_active.php');
-require_once realpath(__DIR__ . '/../includes/pages/admin_arrive.php');
-require_once realpath(__DIR__ . '/../includes/pages/admin_free.php');
-require_once realpath(__DIR__ . '/../includes/pages/admin_groups.php');
-require_once realpath(__DIR__ . '/../includes/pages/admin_import.php');
-require_once realpath(__DIR__ . '/../includes/pages/admin_log.php');
-require_once realpath(__DIR__ . '/../includes/pages/admin_questions.php');
-require_once realpath(__DIR__ . '/../includes/pages/admin_rooms.php');
-require_once realpath(__DIR__ . '/../includes/pages/admin_shifts.php');
-require_once realpath(__DIR__ . '/../includes/pages/admin_user.php');
-require_once realpath(__DIR__ . '/../includes/pages/guest_login.php');
-require_once realpath(__DIR__ . '/../includes/pages/user_messages.php');
-require_once realpath(__DIR__ . '/../includes/pages/user_myshifts.php');
-require_once realpath(__DIR__ . '/../includes/pages/user_news.php');
-require_once realpath(__DIR__ . '/../includes/pages/user_questions.php');
-require_once realpath(__DIR__ . '/../includes/pages/user_settings.php');
-require_once realpath(__DIR__ . '/../includes/pages/user_shifts.php');
+$includeFiles = [
+ __DIR__ . '/../includes/sys_auth.php',
+ __DIR__ . '/../includes/sys_form.php',
+ __DIR__ . '/../includes/sys_log.php',
+ __DIR__ . '/../includes/sys_menu.php',
+ __DIR__ . '/../includes/sys_page.php',
+ __DIR__ . '/../includes/sys_template.php',
+
+ __DIR__ . '/../includes/model/AngelType_model.php',
+ __DIR__ . '/../includes/model/EventConfig_model.php',
+ __DIR__ . '/../includes/model/LogEntries_model.php',
+ __DIR__ . '/../includes/model/Message_model.php',
+ __DIR__ . '/../includes/model/NeededAngelTypes_model.php',
+ __DIR__ . '/../includes/model/Room_model.php',
+ __DIR__ . '/../includes/model/ShiftEntry_model.php',
+ __DIR__ . '/../includes/model/Shifts_model.php',
+ __DIR__ . '/../includes/model/ShiftsFilter.php',
+ __DIR__ . '/../includes/model/ShiftSignupState.php',
+ __DIR__ . '/../includes/model/ShiftTypes_model.php',
+ __DIR__ . '/../includes/model/UserAngelTypes_model.php',
+ __DIR__ . '/../includes/model/UserDriverLicenses_model.php',
+ __DIR__ . '/../includes/model/UserGroups_model.php',
+ __DIR__ . '/../includes/model/User_model.php',
+ __DIR__ . '/../includes/model/ValidationResult.php',
+
+ __DIR__ . '/../includes/view/AngelTypes_view.php',
+ __DIR__ . '/../includes/view/EventConfig_view.php',
+ __DIR__ . '/../includes/view/Questions_view.php',
+ __DIR__ . '/../includes/view/Rooms_view.php',
+ __DIR__ . '/../includes/view/ShiftCalendarLane.php',
+ __DIR__ . '/../includes/view/ShiftCalendarRenderer.php',
+ __DIR__ . '/../includes/view/ShiftCalendarShiftRenderer.php',
+ __DIR__ . '/../includes/view/ShiftsFilterRenderer.php',
+ __DIR__ . '/../includes/view/Shifts_view.php',
+ __DIR__ . '/../includes/view/ShiftEntry_view.php',
+ __DIR__ . '/../includes/view/ShiftTypes_view.php',
+ __DIR__ . '/../includes/view/UserAngelTypes_view.php',
+ __DIR__ . '/../includes/view/UserDriverLicenses_view.php',
+ __DIR__ . '/../includes/view/UserHintsRenderer.php',
+ __DIR__ . '/../includes/view/User_view.php',
+
+ __DIR__ . '/../includes/controller/angeltypes_controller.php',
+ __DIR__ . '/../includes/controller/event_config_controller.php',
+ __DIR__ . '/../includes/controller/rooms_controller.php',
+ __DIR__ . '/../includes/controller/shift_entries_controller.php',
+ __DIR__ . '/../includes/controller/shifts_controller.php',
+ __DIR__ . '/../includes/controller/shifttypes_controller.php',
+ __DIR__ . '/../includes/controller/users_controller.php',
+ __DIR__ . '/../includes/controller/user_angeltypes_controller.php',
+ __DIR__ . '/../includes/controller/user_driver_licenses_controller.php',
+
+ __DIR__ . '/../includes/helper/graph_helper.php',
+ __DIR__ . '/../includes/helper/internationalization_helper.php',
+ __DIR__ . '/../includes/helper/message_helper.php',
+ __DIR__ . '/../includes/helper/error_helper.php',
+ __DIR__ . '/../includes/helper/email_helper.php',
+
+ __DIR__ . '/../includes/mailer/shifts_mailer.php',
+ __DIR__ . '/../includes/mailer/users_mailer.php',
+
+ __DIR__ . '/../includes/pages/admin_active.php',
+ __DIR__ . '/../includes/pages/admin_arrive.php',
+ __DIR__ . '/../includes/pages/admin_free.php',
+ __DIR__ . '/../includes/pages/admin_groups.php',
+ __DIR__ . '/../includes/pages/admin_import.php',
+ __DIR__ . '/../includes/pages/admin_log.php',
+ __DIR__ . '/../includes/pages/admin_questions.php',
+ __DIR__ . '/../includes/pages/admin_rooms.php',
+ __DIR__ . '/../includes/pages/admin_shifts.php',
+ __DIR__ . '/../includes/pages/admin_user.php',
+ __DIR__ . '/../includes/pages/guest_login.php',
+ __DIR__ . '/../includes/pages/user_messages.php',
+ __DIR__ . '/../includes/pages/user_myshifts.php',
+ __DIR__ . '/../includes/pages/user_news.php',
+ __DIR__ . '/../includes/pages/user_questions.php',
+ __DIR__ . '/../includes/pages/user_settings.php',
+ __DIR__ . '/../includes/pages/user_shifts.php',
+];
+foreach ($includeFiles as $file) {
+ require_once realpath($file);
+}
/**
diff --git a/includes/helper/internationalization_helper.php b/includes/helper/internationalization_helper.php
index d2dbcdbd..83faabb0 100644
--- a/includes/helper/internationalization_helper.php
+++ b/includes/helper/internationalization_helper.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Http\Request;
+
/**
* Return currently active locale
*
@@ -62,14 +64,20 @@ function gettext_locale($locale = null)
*/
function make_langselect()
{
- $url = $_SERVER['REQUEST_URI'] . (strpos($_SERVER['REQUEST_URI'], '?') > 0 ? '&' : '?') . 'set_locale=';
+ $request = Request::getInstance();
$items = [];
foreach (config('locales') as $locale => $name) {
+ $url = url($request->getPathInfo(), ['set_locale' => $locale]);
+
$items[] = toolbar_item_link(
- htmlspecialchars($url) . $locale,
+ htmlspecialchars($url),
'',
- '<img src="pic/flag/' . $locale . '.png" alt="' . $name . '" title="' . $name . '"> ' . $name
+ sprintf(
+ '<img src="%s" alt="%s" title="%2$s"> %2$s',
+ url('pic/flag/' . $locale . '.png'),
+ $name
+ )
);
}
return $items;
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php
index be1217ff..d67af681 100644
--- a/includes/pages/admin_active.php
+++ b/includes/pages/admin_active.php
@@ -82,9 +82,13 @@ function admin_active()
$limit = '';
$msg = success(_('Marked angels.'), true);
} else {
- $set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; '
- . _('back') . '</a> | <a href="'
- . page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">'
+ $set_active = '<a href="' . page_link_to('admin_active', ['search' => $search]) . '">&laquo; '
+ . _('back')
+ . '</a> | <a href="'
+ . page_link_to(
+ 'admin_active',
+ ['search' => $search, 'count' => $count, 'set_active' => 1, 'ack' => 1]
+ ) . '">'
. _('apply')
. '</a>';
}
@@ -176,28 +180,46 @@ function admin_active()
$actions = [];
if ($usr['Aktiv'] == 0) {
- $actions[] = '<a href="'
- . page_link_to('admin_active') . '&amp;active=' . $usr['UID']
- . ($show_all_shifts ? '&amp;show_all_shifts=' : '') . '&amp;search=' . $search . '">'
+ $parameters = [
+ 'active' => $usr['UID'],
+ 'search' => $search,
+ ];
+ if ($show_all_shifts) {
+ $parameters['show_all_shifts'] = 1;
+ }
+ $actions[] = '<a href="' . page_link_to('admin_active', $parameters) . '">'
. _('set active')
. '</a>';
}
if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
- $actions[] = '<a href="'
- . page_link_to('admin_active') . '&amp;not_active=' . $usr['UID']
- . ($show_all_shifts ? '&amp;show_all_shifts=' : '') . '&amp;search=' . $search . '">'
+ $parametersRemove = [
+ 'not_active' => $usr['UID'],
+ 'search' => $search,
+ ];
+ $parametersShirt = [
+ 'tshirt' => $usr['UID'],
+ 'search' => $search,
+ ];
+ if ($show_all_shifts) {
+ $parametersRemove['show_all_shifts'] = 1;
+ $parametersShirt['show_all_shifts'] = 1;
+ }
+ $actions[] = '<a href="' . page_link_to('admin_active', $parametersRemove) . '">'
. _('remove active')
. '</a>';
- $actions[] = '<a href="'
- . page_link_to('admin_active') . '&amp;tshirt=' . $usr['UID']
- . ($show_all_shifts ? '&amp;show_all_shifts=' : '') . '&amp;search=' . $search . '">'
+ $actions[] = '<a href="' . page_link_to('admin_active', $parametersShirt) . '">'
. _('got t-shirt')
. '</a>';
}
if ($usr['Tshirt'] == 1) {
- $actions[] = '<a href="'
- . page_link_to('admin_active') . '&amp;not_tshirt=' . $usr['UID']
- . ($show_all_shifts ? '&amp;show_all_shifts=' : '') . '&amp;search=' . $search . '">'
+ $parameters = [
+ 'not_tshirt' => $usr['UID'],
+ 'search' => $search,
+ ];
+ if ($show_all_shifts) {
+ $parameters['show_all_shifts'] = 1;
+ }
+ $actions[] = '<a href="' . page_link_to('admin_active', $parameters) . '">'
. _('remove t-shirt')
. '</a>';
}
diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php
index ebeccb8c..2f312b1f 100644
--- a/includes/pages/admin_arrive.php
+++ b/includes/pages/admin_arrive.php
@@ -92,8 +92,14 @@ function admin_arrive()
$usr['rendered_arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : '-';
$usr['arrived'] = $usr['Gekommen'] == 1 ? _('yes') : '';
$usr['actions'] = $usr['Gekommen'] == 1
- ? '<a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">' . _('reset') . '</a>'
- : '<a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">' . _('arrived') . '</a>';
+ ? '<a href="' . page_link_to(
+ 'admin_arrive',
+ ['reset' => $usr['UID'], 'search' => $search]
+ ) . '">' . _('reset') . '</a>'
+ : '<a href="' . page_link_to(
+ 'admin_arrive',
+ ['arrived' => $usr['UID'], 'search' => $search]
+ ) . '">' . _('arrived') . '</a>';
if ($usr['arrival_date'] > 0) {
$day = date('Y-m-d', $usr['arrival_date']);
diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php
index ebf227a4..a3c0d17f 100644
--- a/includes/pages/admin_free.php
+++ b/includes/pages/admin_free.php
@@ -94,7 +94,7 @@ function admin_free()
'email' => $usr['email_by_human_allowed'] ? $usr['email'] : glyph('eye-close'),
'actions' =>
in_array('admin_user', $privileges)
- ? button(page_link_to('admin_user') . '&amp;id=' . $usr['UID'], _('edit'), 'btn-xs')
+ ? button(page_link_to('admin_user', ['id' => $usr['UID']]), _('edit'), 'btn-xs')
: ''
];
}
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index ea0d4dbc..e0260320 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -38,7 +38,8 @@ function admin_groups()
'name' => $group['Name'],
'privileges' => join(', ', $privileges_html),
'actions' => button(
- page_link_to('admin_groups') . '&action=edit&id=' . $group['UID'],
+ page_link_to('admin_groups',
+ ['action' => 'edit', 'id' => $group['UID']]),
_('edit'),
'btn-xs'
)
@@ -80,7 +81,8 @@ function admin_groups()
'privileges[]',
$privilege['desc'] . ' (' . $privilege['name'] . ')',
$privilege['group_id'] != '',
- $privilege['id']
+ $privilege['id'],
+ 'privilege-' . $privilege['name']
);
$privileges_html .= sprintf(
'<tr><td><input type="checkbox" name="privileges[]" value="%s" %s /></td> <td>%s</td> <td>%s</td></tr>',
@@ -93,7 +95,10 @@ function admin_groups()
$privileges_form[] = form_submit('submit', _('Save'));
$html .= page_with_title(_('Edit group'), [
- form($privileges_form, page_link_to('admin_groups') . '&action=save&id=' . $group_id)
+ form(
+ $privileges_form,
+ page_link_to('admin_groups', ['action' => 'save', 'id' => $group_id])
+ )
]);
} else {
return error('No Group found.', true);
@@ -108,7 +113,7 @@ function admin_groups()
}
$group = DB::selectOne('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]);
- $privileges = $request->get('privileges');
+ $privileges = $request->postData('privileges');
if (!is_array($privileges)) {
$privileges = [];
}
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index 4eafd3e2..eb3a250e 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -7,7 +7,7 @@ use Engelsystem\Database\DB;
*/
function admin_news()
{
- global $user;
+ global $user, $privileges;
$request = request();
if (!$request->has('action')) {
@@ -30,21 +30,31 @@ function admin_news()
case 'edit':
$user_source = User($news['UID']);
- $html .= form([
- form_info(_('Date'), date('Y-m-d H:i', $news['Datum'])),
- form_info(_('Author'), User_Nick_render($user_source)),
- form_text('eBetreff', _('Subject'), $news['Betreff']),
- form_textarea('eText', _('Message'), $news['Text']),
- form_checkbox('eTreffen', _('Meeting'), $news['Treffen'] == 1, 1),
- form_submit('submit', _('Save'))
- ], page_link_to('admin_news&action=save&id=' . $news_id));
+ $html .= form(
+ [
+ form_info(_('Date'), date('Y-m-d H:i', $news['Datum'])),
+ form_info(_('Author'), User_Nick_render($user_source)),
+ form_text('eBetreff', _('Subject'), $news['Betreff']),
+ form_textarea('eText', _('Message'), $news['Text']),
+ form_checkbox('eTreffen', _('Meeting'), $news['Treffen'] == 1, 1),
+ form_submit('submit', _('Save'))
+ ],
+ page_link_to('admin_news', ['action' => 'save', 'id' => $news_id])
+ );
- $html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $news_id) . '">'
+ $html .= '<a class="btn btn-danger" href="'
+ . page_link_to('admin_news', ['action' => 'delete', 'id' => $news_id])
+ . '">'
. '<span class="glyphicon glyphicon-trash"></span> ' . _('Delete')
. '</a>';
break;
case 'save':
+ $text = $request->postData('eText');
+ if (!in_array('admin_news_html', $privileges)) {
+ $text = strip_tags($text);
+ }
+
DB::update('
UPDATE `News` SET
`Datum`=?,
@@ -56,14 +66,15 @@ function admin_news()
',
[
time(),
- $request->post('eBetreff'),
- $request->post('eText'),
+ strip_tags($request->postData('eBetreff')),
+ $text,
$user['UID'],
$request->has('eTreffen') ? 1 : 0,
$news_id
]
);
- engelsystem_log('News updated: ' . $request->post('eBetreff'));
+
+ engelsystem_log('News updated: ' . $request->postData('eBetreff'));
success(_('News entry updated.'));
redirect(page_link_to('news'));
break;
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index 2b61b055..5f2e3a2b 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -52,9 +52,9 @@ function admin_questions()
'answer' => form([
form_textarea('answer', '', ''),
form_submit('submit', _('Save'))
- ], page_link_to('admin_questions') . '&action=answer&id=' . $question['QID']),
+ ], page_link_to('admin_questions', ['action' => 'answer', 'id' => $question['QID']])),
'actions' => button(
- page_link_to('admin_questions') . '&action=delete&id=' . $question['QID'],
+ page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]),
_('delete'),
'btn-xs'
)
@@ -72,7 +72,7 @@ function admin_questions()
'answered_by' => User_Nick_render($answer_user_source),
'answer' => str_replace("\n", '<br />', $question['Answer']),
'actions' => button(
- page_link_to('admin_questions') . '&action=delete&id=' . $question['QID'],
+ page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]),
_('delete'),
'btn-xs'
)
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
index 6f3584d5..9e153bf1 100644
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@@ -25,8 +25,8 @@ function admin_rooms()
'from_pentabarf' => glyph_bool($room['FromPentabarf'] == 'Y'),
'public' => glyph_bool($room['show'] == 'Y'),
'actions' => table_buttons([
- button(page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'], _('edit'), 'btn-xs'),
- button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _('delete'), 'btn-xs')
+ button(page_link_to('admin_rooms', ['show' => 'edit', 'id' => $room['RID']]), _('edit'), 'btn-xs'),
+ button(page_link_to('admin_rooms', ['show' => 'delete', 'id' => $room['RID']]), _('delete'), 'btn-xs')
])
];
}
@@ -107,11 +107,14 @@ function admin_rooms()
}
foreach ($angeltypes as $angeltype_id => $angeltype) {
- if (
- $request->has('angeltype_count_' . $angeltype_id)
- && preg_match('/^\d{1,4}$/', $request->input('angeltype_count_' . $angeltype_id))
- ) {
- $angeltypes_count[$angeltype_id] = $request->input('angeltype_count_' . $angeltype_id);
+ $angeltypes_count[$angeltype_id] = 0;
+ $queryKey = 'angeltype_count_' . $angeltype_id;
+ if (!$request->has($queryKey)) {
+ continue;
+ }
+
+ if (preg_match('/^\d{1,4}$/', $request->input($queryKey))) {
+ $angeltypes_count[$angeltype_id] = $request->input($queryKey);
} else {
$valid = false;
$msg .= error(sprintf(_('Please enter needed angels for type %s.'), $angeltype), true);
@@ -220,7 +223,7 @@ function admin_rooms()
sprintf(_('Do you want to delete room %s?'), $name),
buttons([
button(
- page_link_to('admin_rooms') . '&show=delete&id=' . $room_id . '&ack',
+ page_link_to('admin_rooms', ['show' => 'delete', 'id' => $room_id, 'ack' => 1]),
_('Delete'),
'delete btn-danger'
)
@@ -231,7 +234,7 @@ function admin_rooms()
return page_with_title(admin_rooms_title(), [
buttons([
- button(page_link_to('admin_rooms') . '&show=edit', _('add'))
+ button(page_link_to('admin_rooms', ['show' => 'edit']), _('add'))
]),
msg(),
table([
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php
index b5079ed1..04d88a4f 100644
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@@ -132,16 +132,14 @@ function admin_shifts()
} elseif ($request->input('angelmode') == 'manually') {
$angelmode = 'manually';
foreach ($types as $type) {
- if (
- $request->has('type_' . $type['id'])
- && preg_match('/^\d+$/', trim($request->input('type_' . $type['id'])))
- ) {
- $needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id']));
+ if (preg_match('/^\d+$/', trim($request->input('type_' . $type['id'], 0)))) {
+ $needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id'], 0));
} else {
$valid = false;
error(sprintf(_('Please check the needed angels for team %s.'), $type['name']));
}
}
+
if (array_sum($needed_angel_types) == 0) {
$valid = false;
error(_('There are 0 angels needed. Please enter the amounts of needed angels.'));
@@ -303,7 +301,7 @@ function admin_shifts()
}
} elseif ($request->has('submit')) {
if (
- !$request->has('admin_shifts_shifts')
+ !isset($_SESSION['admin_shifts_shifts'])
|| !isset($_SESSION['admin_shifts_types'])
|| !is_array($_SESSION['admin_shifts_shifts'])
|| !is_array($_SESSION['admin_shifts_types'])
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 6bdc8d71..9b3b0f44 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -46,25 +46,27 @@ function admin_user()
. 'Wenn T-Shirt ein \'Ja\' enth&auml;lt, bedeutet dies, dass der Engel '
. 'bereits sein T-Shirt erhalten hat.<br /><br />' . "\n";
- $html .= '<form action="' . page_link_to('admin_user') . '&action=save&id=' . $user_id . '" method="post">' . "\n";
+ $html .= '<form action="'
+ . page_link_to('admin_user', ['action' => 'save', 'id' => $user_id])
+ . '" method="post">' . "\n";
$html .= '<table border="0">' . "\n";
$html .= '<input type="hidden" name="Type" value="Normal">' . "\n";
$html .= '<tr><td>' . "\n";
$html .= '<table>' . "\n";
- $html .= ' <tr><td>Nick</td><td>' . '<input type="text" size="40" name="eNick" value="' . $user_source['Nick'] . '" class="form-control"></td></tr>' . "\n";
+ $html .= ' <tr><td>Nick</td><td>' . '<input size="40" name="eNick" value="' . $user_source['Nick'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Last login</td><td><p class="help-block">'
. date('Y-m-d H:i', $user_source['lastLogIn'])
. '</p></td></tr>' . "\n";
- $html .= ' <tr><td>Name</td><td>' . '<input type="text" size="40" name="eName" value="' . $user_source['Name'] . '" class="form-control"></td></tr>' . "\n";
- $html .= ' <tr><td>Vorname</td><td>' . '<input type="text" size="40" name="eVorname" value="' . $user_source['Vorname'] . '" class="form-control"></td></tr>' . "\n";
- $html .= ' <tr><td>Alter</td><td>' . '<input type="text" size="5" name="eAlter" value="' . $user_source['Alter'] . '" class="form-control"></td></tr>' . "\n";
- $html .= ' <tr><td>Telefon</td><td>' . '<input type="text" size="40" name="eTelefon" value="' . $user_source['Telefon'] . '" class="form-control"></td></tr>' . "\n";
- $html .= ' <tr><td>Handy</td><td>' . '<input type="text" size="40" name="eHandy" value="' . $user_source['Handy'] . '" class="form-control"></td></tr>' . "\n";
- $html .= ' <tr><td>DECT</td><td>' . '<input type="text" size="4" name="eDECT" value="' . $user_source['DECT'] . '" class="form-control"></td></tr>' . "\n";
+ $html .= ' <tr><td>Name</td><td>' . '<input size="40" name="eName" value="' . $user_source['Name'] . '" class="form-control"></td></tr>' . "\n";
+ $html .= ' <tr><td>Vorname</td><td>' . '<input size="40" name="eVorname" value="' . $user_source['Vorname'] . '" class="form-control"></td></tr>' . "\n";
+ $html .= ' <tr><td>Alter</td><td>' . '<input size="5" name="eAlter" value="' . $user_source['Alter'] . '" class="form-control"></td></tr>' . "\n";
+ $html .= ' <tr><td>Telefon</td><td>' . '<input size="40" name="eTelefon" value="' . $user_source['Telefon'] . '" class="form-control"></td></tr>' . "\n";
+ $html .= ' <tr><td>Handy</td><td>' . '<input size="40" name="eHandy" value="' . $user_source['Handy'] . '" class="form-control"></td></tr>' . "\n";
+ $html .= ' <tr><td>DECT</td><td>' . '<input size="4" name="eDECT" value="' . $user_source['DECT'] . '" class="form-control"></td></tr>' . "\n";
if ($user_source['email_by_human_allowed']) {
- $html .= " <tr><td>email</td><td>" . '<input type="text" size="40" name="eemail" value="' . $user_source['email'] . '" class="form-control"></td></tr>' . "\n";
+ $html .= " <tr><td>email</td><td>" . '<input size="40" name="eemail" value="' . $user_source['email'] . '" class="form-control"></td></tr>' . "\n";
}
- $html .= " <tr><td>jabber</td><td>" . '<input type="text" size="40" name="ejabber" value="' . $user_source['jabber'] . '" class="form-control"></td></tr>' . "\n";
+ $html .= " <tr><td>jabber</td><td>" . '<input size="40" name="ejabber" value="' . $user_source['jabber'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Size</td><td>'
. html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . '</td></tr>' . "\n";
@@ -91,7 +93,7 @@ function admin_user()
$html .= ' <tr><td>T-Shirt</td><td>' . "\n";
$html .= html_options('eTshirt', $options, $user_source['Tshirt']) . '</td></tr>' . "\n";
- $html .= ' <tr><td>Hometown</td><td>' . '<input type="text" size="40" name="Hometown" value="' . $user_source['Hometown'] . '" class="form-control"></td></tr>' . "\n";
+ $html .= ' <tr><td>Hometown</td><td>' . '<input size="40" name="Hometown" value="' . $user_source['Hometown'] . '" class="form-control"></td></tr>' . "\n";
$html .= '</table>' . "\n" . '</td><td valign="top"></td></tr>';
@@ -105,7 +107,8 @@ function admin_user()
$html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.'));
$html .= 'Hier kannst Du das Passwort dieses Engels neu setzen:<form action="'
- . page_link_to('admin_user') . '&action=change_pw&id=' . $user_id . '" method="post">' . "\n";
+ . page_link_to('admin_user', ['action' => 'change_pw', 'id' => $user_id])
+ . '" method="post">' . "\n";
$html .= '<table>' . "\n";
$html .= ' <tr><td>Passwort</td><td>' . '<input type="password" size="40" name="new_pw" value="" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Wiederholung</td><td>' . '<input type="password" size="40" name="new_pw2" value="" class="form-control"></td></tr>' . "\n";
@@ -134,7 +137,8 @@ function admin_user()
if ($user_id != $user['UID'] && $my_highest_group <= $his_highest_group) {
$html .= 'Hier kannst Du die Benutzergruppen des Engels festlegen:<form action="'
- . page_link_to('admin_user') . '&action=save_groups&id=' . $user_id . '" method="post">' . "\n";
+ . page_link_to('admin_user', ['action' => 'save_groups', 'id' => $user_id])
+ . '" method="post">' . "\n";
$html .= '<table>';
$groups = DB::select('
@@ -257,7 +261,7 @@ function admin_user()
`Handy` = ?,
`Alter` =?,
`DECT` = ?,
- ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->post('eemail')) . ',' : '') . '
+ ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->postData('eemail')) . ',' : '') . '
`jabber` = ?,
`Size` = ?,
`Gekommen`= ?,
@@ -268,34 +272,34 @@ function admin_user()
WHERE `UID` = ?
LIMIT 1';
DB::update($sql, [
- $request->post('eNick'),
- $request->post('eName'),
- $request->post('eVorname'),
- $request->post('eTelefon'),
- $request->post('eHandy'),
- $request->post('eAlter'),
- $request->post('eDECT'),
- $request->post('ejabber'),
- $request->post('eSize'),
- $request->post('eGekommen'),
- $request->post('eAktiv'),
+ User_validate_Nick($request->postData('eNick')),
+ $request->postData('eName'),
+ $request->postData('eVorname'),
+ $request->postData('eTelefon'),
+ $request->postData('eHandy'),
+ $request->postData('eAlter'),
+ $request->postData('eDECT'),
+ $request->postData('ejabber'),
+ $request->postData('eSize'),
+ $request->postData('eGekommen'),
+ $request->postData('eAktiv'),
$force_active,
- $request->post('eTshirt'),
- $request->post('Hometown'),
+ $request->postData('eTshirt'),
+ $request->postData('Hometown'),
$user_id,
]);
engelsystem_log(
- 'Updated user: ' . $request->post('eNick') . ', ' . $request->post('eSize')
- . ', arrived: ' . $request->post('eVorname')
- . ', active: ' . $request->post('eAktiv')
- . ', tshirt: ' . $request->post('eTshirt')
+ 'Updated user: ' . $request->postData('eNick') . ', ' . $request->postData('eSize')
+ . ', arrived: ' . $request->postData('eVorname')
+ . ', active: ' . $request->postData('eAktiv')
+ . ', tshirt: ' . $request->postData('eTshirt')
);
$html .= success('Änderung wurde gespeichert...' . "\n", true);
break;
case 'change_pw':
- if ($request->post('new_pw') != '' && $request->post('new_pw') == $request->post('new_pw2')) {
- set_password($user_id, $request->post('new_pw'));
+ if ($request->postData('new_pw') != '' && $request->postData('new_pw') == $request->postData('new_pw2')) {
+ set_password($user_id, $request->postData('new_pw'));
$user_source = User($user_id);
engelsystem_log('Set new password for ' . User_Nick_render($user_source));
$html .= success('Passwort neu gesetzt.', true);
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index f8c52767..4a77b40c 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -127,8 +127,8 @@ function guest_register()
}
}
- if ($request->has('password') && strlen($request->post('password')) >= $min_password_length) {
- if ($request->post('password') != $request->post('password2')) {
+ if ($request->has('password') && strlen($request->postData('password')) >= $min_password_length) {
+ if ($request->postData('password') != $request->postData('password2')) {
$valid = false;
$msg .= error(_('Your passwords don\'t match.'), true);
}
@@ -233,8 +233,8 @@ function guest_register()
// Assign user-group and set password
$user_id = DB::getPdo()->lastInsertId();
- DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -2)', [$user_id]);
- set_password($user_id, $request->post('password'));
+ DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -20)', [$user_id]);
+ set_password($user_id, $request->postData('password'));
// Assign angel-types
$user_angel_types_info = [];
@@ -328,7 +328,7 @@ function guest_register()
'angel_types',
_('What do you want to do?') . sprintf(
' (<a href="%s">%s</a>)',
- page_link_to('angeltypes') . '&action=about',
+ page_link_to('angeltypes', ['action' => 'about']),
_('Description of job types')
),
$angel_types,
@@ -402,7 +402,7 @@ function guest_login()
$login_user = DB::selectOne('SELECT * FROM `User` WHERE `Nick`=?', [$nick]);
if (!empty($login_user)) {
if ($request->has('password')) {
- if (!verify_password($request->post('password'), $login_user['Passwort'], $login_user['UID'])) {
+ if (!verify_password($request->postData('password'), $login_user['Passwort'], $login_user['UID'])) {
$valid = false;
error(_('Your password is incorrect. Please try it again.'));
}
@@ -466,7 +466,10 @@ function guest_login()
heading(_('What can I do?'), 2),
'<p>' . _('Please read about the jobs you can do to help us.') . '</p>',
buttons([
- button(page_link_to('angeltypes') . '&action=about', _('Teams/Job description') . ' &raquo;')
+ button(
+ page_link_to('angeltypes', ['action' => 'about']),
+ _('Teams/Job description') . ' &raquo;'
+ )
])
])
])
diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php
index a1e2580a..2991bdbf 100644
--- a/includes/pages/user_atom.php
+++ b/includes/pages/user_atom.php
@@ -1,6 +1,7 @@
<?php
use Engelsystem\Database\DB;
+use Engelsystem\Http\Request;
/**
* Publically available page to feed the news to feed readers
@@ -44,14 +45,15 @@ function user_atom()
*/
function make_atom_entries_from_news($news_entries)
{
+ $request = Request::getInstance();
$html = '<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Engelsystem</title>
- <id>' . $_SERVER['HTTP_HOST']
+ <id>' . $request->getHttpHost()
. htmlspecialchars(preg_replace(
'#[&?]key=[a-f\d]{32}#',
'',
- $_SERVER['REQUEST_URI']
+ $request->getRequestUri()
))
. '</id>
<updated>' . date('Y-m-d\TH:i:sP', $news_entries[0]['Datum']) . '</updated>' . "\n";
@@ -64,11 +66,12 @@ function make_atom_entries_from_news($news_entries)
function make_atom_entry_from_news($news_entry)
{
- return ' <entry>
+ return '
+ <entry>
<title>' . htmlspecialchars($news_entry['Betreff']) . '</title>
- <link href="' . page_link_to_absolute('news_comments&amp;nid=') . $news_entry['ID'] . '"/>
- <id>' . preg_replace('#^https?://#', '', page_link_to_absolute('news')) . '-' . $news_entry['ID'] . '</id>
- <updated>' . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . '</updated>
- <summary type="html">' . htmlspecialchars($news_entry['Text']) . '</summary>
- </entry>' . "\n";
+ <link href="' . page_link_to('news_comments', ['nid' => $news_entry['ID']]) . '"/>
+ <id>' . preg_replace('#^https?://#', '', page_link_to('news_comments', ['nid' => $news_entry['ID']])) . '</id>
+ <updated>' . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . '</updated>
+ <summary>' . htmlspecialchars($news_entry['Text']) . '</summary>
+ </entry>' . "\n";
}
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index 2dea6207..06ae7e75 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -92,14 +92,14 @@ function user_messages()
if ($message['RUID'] == $user['UID']) {
if ($message['isRead'] == 'N') {
$messages_table_entry['actions'] = button(
- page_link_to('user_messages') . '&action=read&id=' . $message['id'],
+ page_link_to('user_messages', ['action' => 'read', 'id' => $message['id']]),
_('mark as read'),
'btn-xs'
);
}
} else {
$messages_table_entry['actions'] = button(
- page_link_to('user_messages') . '&action=delete&id=' . $message['id'],
+ page_link_to('user_messages', ['action' => 'delete', 'id' => $message['id']]),
_('delete message'),
'btn-xs'
);
@@ -119,7 +119,7 @@ function user_messages()
'text' => _('Message'),
'actions' => ''
], $messages_table)
- ], page_link_to('user_messages') . '&action=send')
+ ], page_link_to('user_messages', ['action' => 'send']))
]);
} else {
switch ($request->input('action')) {
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index 81f8f505..60a26922 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -37,14 +37,14 @@ function user_myshifts()
if ($request->input('reset') == 'ack') {
User_reset_api_key($user);
success(_('Key changed.'));
- redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']);
+ redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']]));
}
return page_with_title(_('Reset API key'), [
error(
_('If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports.'),
true
),
- button(page_link_to('user_myshifts') . '&reset=ack', _('Continue'), 'btn-danger')
+ button(page_link_to('user_myshifts', ['reset' => 'ack']), _('Continue'), 'btn-danger')
]);
} elseif ($request->has('edit') && preg_match('/^\d*$/', $request->input('edit'))) {
$user_id = $request->input('edit');
@@ -106,7 +106,7 @@ function user_myshifts()
. '. Freeloaded: ' . ($freeloaded ? 'YES Comment: ' . $freeload_comment : 'NO')
);
success(_('Shift saved.'));
- redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']);
+ redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']]));
}
}
@@ -164,6 +164,6 @@ function user_myshifts()
}
}
- redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']);
+ redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']]));
return '';
}
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index 3cf11a6b..b51b0a4c 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -35,8 +35,8 @@ function user_meetings()
$html = '<div class="col-md-12"><h1>' . meetings_title() . '</h1>' . msg();
$request = request();
- if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) {
- $page = $request->input('page');
+ if (preg_match('/^\d{1,}$/', $request->input('page', 0))) {
+ $page = $request->input('page', 0);
} else {
$page = 0;
}
@@ -57,14 +57,14 @@ function user_meetings()
$dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news);
$html .= '<div class="text-center">' . '<ul class="pagination">';
for ($i = 0; $i < $dis_rows; $i++) {
- if ($request->has('page') && $i == $request->input('page')) {
+ if ($request->has('page') && $i == $request->input('page', 0)) {
$html .= '<li class="active">';
} elseif (!$request->has('page') && $i == 0) {
$html .= '<li class="active">';
} else {
$html .= '<li>';
}
- $html .= '<a href="' . page_link_to('user_meetings') . '&page=' . $i . '">' . ($i + 1) . '</a></li>';
+ $html .= '<a href="' . page_link_to('user_meetings', ['page' => $i]) . '">' . ($i + 1) . '</a></li>';
}
$html .= '</ul></div></div>';
@@ -89,7 +89,7 @@ function display_news($news)
$html .= '<div class="panel-footer text-muted">';
if (in_array('admin_news', $privileges)) {
$html .= '<div class="pull-right">'
- . button_glyph(page_link_to('admin_news') . '&action=edit&id=' . $news['ID'], 'edit', 'btn-xs')
+ . button_glyph(page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]), 'edit', 'btn-xs')
. '</div>';
}
$html .= '<span class="glyphicon glyphicon-time"></span> ' . date('Y-m-d H:i', $news['Datum']) . '&emsp;';
@@ -98,7 +98,7 @@ function display_news($news)
$html .= User_Nick_render($user_source);
if ($page != 'news_comments') {
- $html .= '&emsp;<a href="' . page_link_to('news_comments') . '&nid=' . $news['ID'] . '">'
+ $html .= '&emsp;<a href="' . page_link_to('news_comments', ['nid' => $news['ID']]) . '">'
. '<span class="glyphicon glyphicon-comment"></span> '
. _('Comments') . ' &raquo;</a> '
. '<span class="badge">'
@@ -154,7 +154,7 @@ function user_news_comments()
$user_source = User($comment['UID']);
$html .= '<div class="panel panel-default">';
- $html .= '<div class="panel-body">' . nl2br($comment['Text']) . '</div>';
+ $html .= '<div class="panel-body">' . nl2br(htmlspecialchars($comment['Text'])) . '</div>';
$html .= '<div class="panel-footer text-muted">';
$html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . '&emsp;';
$html .= User_Nick_render($user_source);
@@ -166,7 +166,7 @@ function user_news_comments()
$html .= form([
form_textarea('text', _('Message'), ''),
form_submit('submit', _('Save'))
- ], page_link_to('news_comments') . '&nid=' . $news['ID']);
+ ], page_link_to('news_comments', ['nid' => $news['ID']]));
} else {
$html .= _('Invalid request.');
}
@@ -185,30 +185,36 @@ function user_news()
$html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg();
- $isMeeting = $request->post('treffen');
+ $isMeeting = $request->postData('treffen');
if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) {
- if (!$request->has('treffen') || !in_array('admin_news', $privileges)) {
+ if (!$request->has('treffen')) {
$isMeeting = 0;
}
+
+ $text = $request->postData('text');
+ if (!in_array('admin_news_html', $privileges)) {
+ $text = strip_tags($text);
+ }
+
DB::insert('
INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`)
VALUES (?, ?, ?, ?, ?)
',
[
time(),
- $request->post('betreff'),
- $request->post('text'),
+ strip_tags($request->postData('betreff')),
+ $text,
$user['UID'],
$isMeeting,
]
);
- engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $isMeeting);
+ engelsystem_log('Created news: ' . $request->postData('betreff') . ', treffen: ' . $isMeeting);
success(_('Entry saved.'));
redirect(page_link_to('news'));
}
- if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) {
- $page = $request->input('page');
+ if (preg_match('/^\d{1,}$/', $request->input('page', 0))) {
+ $page = $request->input('page', 0);
} else {
$page = 0;
}
@@ -229,14 +235,14 @@ function user_news()
$dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news);
$html .= '<div class="text-center">' . '<ul class="pagination">';
for ($i = 0; $i < $dis_rows; $i++) {
- if ($request->has('page') && $i == $request->input('page')) {
+ if ($request->has('page') && $i == $request->input('page', 0)) {
$html .= '<li class="active">';
} elseif (!$request->has('page') && $i == 0) {
$html .= '<li class="active">';
} else {
$html .= '<li>';
}
- $html .= '<a href="' . page_link_to('news') . '&page=' . $i . '">' . ($i + 1) . '</a></li>';
+ $html .= '<a href="' . page_link_to('news', ['page' => $i]) . '">' . ($i + 1) . '</a></li>';
}
$html .= '</ul></div>';
diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php
index e4f35577..41fbe64d 100644
--- a/includes/pages/user_questions.php
+++ b/includes/pages/user_questions.php
@@ -33,7 +33,11 @@ function user_questions()
$question['answer_user'] = User_Nick_render($answer_user_source);
}
- return Questions_view($open_questions, $answered_questions, page_link_to('user_questions') . '&action=ask');
+ return Questions_view(
+ $open_questions,
+ $answered_questions,
+ page_link_to('user_questions', ['action' => 'ask'])
+ );
} else {
switch ($request->input('action')) {
case 'ask':
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index 7edee7b5..03621a45 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -84,7 +84,7 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes)
if ($valid) {
User_update($user_source);
-
+
success(_('Settings saved.'));
redirect(page_link_to('user_settings'));
}
@@ -102,15 +102,15 @@ function user_settings_password($user_source)
$request = request();
if (
!$request->has('password')
- || !verify_password($request->post('password'), $user_source['Passwort'], $user_source['UID'])
+ || !verify_password($request->postData('password'), $user_source['Passwort'], $user_source['UID'])
) {
error(_('-> not OK. Please try again.'));
- } elseif (strlen($request->post('new_password')) < config('min_password_length')) {
+ } elseif (strlen($request->postData('new_password')) < config('min_password_length')) {
error(_('Your password is to short (please use at least 6 characters).'));
- } elseif ($request->post('new_password') != $request->post('new_password2')) {
+ } elseif ($request->postData('new_password') != $request->postData('new_password2')) {
error(_('Your passwords don\'t match.'));
} else {
- set_password($user_source['UID'], $request->post('new_password'));
+ set_password($user_source['UID'], $request->postData('new_password'));
success(_('Password saved.'));
}
redirect(page_link_to('user_settings'));
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 813cb9b3..db0bb193 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -223,15 +223,15 @@ function view_user_shifts()
'task_notice' =>
'<sup>1</sup>'
. _('The tasks shown here are influenced by the angeltypes you joined already!')
- . ' <a href="' . page_link_to('angeltypes') . '&action=about' . '">'
+ . ' <a href="' . page_link_to('angeltypes', ['action' => 'about']) . '">'
. _('Description of the jobs.')
. '</a>',
'shifts_table' => msg() . $shiftCalendarRenderer->render(),
'ical_text' => '<h2>' . _('iCal export') . '</h2><p>' . sprintf(
_('Export of shown shifts. <a href="%s">iCal format</a> or <a href="%s">JSON format</a> available (please keep secret, otherwise <a href="%s">reset the api key</a>).'),
- page_link_to_absolute('ical') . '&key=' . $user['api_key'],
- page_link_to_absolute('shifts_json_export') . '&key=' . $user['api_key'],
- page_link_to('user_myshifts') . '&reset'
+ page_link_to('ical', ['key' => $user['api_key']]),
+ page_link_to('shifts_json_export', ['key' => $user['api_key']]),
+ page_link_to('user_myshifts', ['reset' => 1])
) . '</p>',
'filter' => _('Filter')
])
diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index e0ed67e5..36f0f935 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -30,7 +30,7 @@ function load_auth()
}
// guest privileges
- $privileges = privileges_for_group(-1);
+ $privileges = privileges_for_group(-10);
}
/**
diff --git a/includes/sys_form.php b/includes/sys_form.php
index f890b7a7..7fa0682d 100644
--- a/includes/sys_form.php
+++ b/includes/sys_form.php
@@ -10,7 +10,7 @@
*/
function form_hidden($name, $value)
{
- return '<input type="hidden" name="' . $name . '" value="' . $value . '" />';
+ return '<input type="hidden" name="' . $name . '" value="' . htmlspecialchars($value) . '" />';
}
/**
@@ -25,7 +25,7 @@ function form_spinner($name, $label, $value)
{
return form_element($label, '
<div class="input-group">
- <input id="spinner-' . $name . '" class="form-control" type="text" name="' . $name . '" value="' . $value . '" />
+ <input id="spinner-' . $name . '" class="form-control" name="' . $name . '" value="' . htmlspecialchars($value) . '" />
<div class="input-group-btn">
<button id="spinner-' . $name . '-down" class="btn btn-default" type="button">
<span class="glyphicon glyphicon-minus"></span>
@@ -66,7 +66,8 @@ function form_date($name, $label, $value, $start_date = '', $end_date = '')
$end_date = is_numeric($end_date) ? date('Y-m-d', $end_date) : '';
return form_element($label, '
<div class="input-group date" id="' . $dom_id . '">
- <input type="text" name="' . $name . '" class="form-control" value="' . $value . '"><span class="input-group-addon">' . glyph('th') . '</span>
+ <input name="' . $name . '" class="form-control" value="' . htmlspecialchars($value) . '">'
+ . '<span class="input-group-addon">' . glyph('th') . '</span>
</div>
<script type="text/javascript">
$(function(){
@@ -144,12 +145,17 @@ function form_multi_checkboxes($names, $label, $items, $selected, $disabled = []
* @param string $label
* @param string $selected
* @param string $value
+ * @param string $id
* @return string
*/
-function form_checkbox($name, $label, $selected, $value = 'checked')
+function form_checkbox($name, $label, $selected, $value = 'checked', $id = null)
{
+ if (is_null($id)) {
+ $id = $name;
+ }
+
return '<div class="checkbox"><label>'
- . '<input type="checkbox" id="' . $name . '" name="' . $name . '" value="' . $value . '" '
+ . '<input type="checkbox" id="' . $id . '" name="' . $name . '" value="' . htmlspecialchars($value) . '" '
. ($selected ? ' checked="checked"' : '') . ' /> '
. $label
. '</label></div>';
@@ -167,7 +173,7 @@ function form_checkbox($name, $label, $selected, $value = 'checked')
function form_radio($name, $label, $selected, $value)
{
return '<div class="radio">'
- . '<label><input type="radio" id="' . $name . '" name="' . $name . '" value="' . $value . '" '
+ . '<label><input type="radio" id="' . $name . '" name="' . $name . '" value="' . htmlspecialchars($value) . '" '
. ($selected ? ' checked="checked"' : '') . ' /> '
. $label
. '</label></div>';
@@ -328,8 +334,8 @@ function form_textarea($name, $label, $value, $disabled = false)
$disabled = $disabled ? ' disabled="disabled"' : '';
return form_element(
$label,
- '<textarea rows="5" class="form-control" id="form_' . $name . '" type="text" name="'
- . $name . '" ' . $disabled . '>' . $value . '</textarea>',
+ '<textarea rows="5" class="form-control" id="form_' . $name . '" name="'
+ . $name . '" ' . $disabled . '>' . htmlspecialchars($value) . '</textarea>',
'form_' . $name
);
}
@@ -374,7 +380,7 @@ function form_element($label, $input, $for = '')
*/
function form($elements, $action = '')
{
- return '<form role="form" action="' . $action . '" enctype="multipart/form-data" method="post">' . join($elements) . '</form>';
+ return '<form action="' . $action . '" enctype="multipart/form-data" method="post">' . join($elements) . '</form>';
}
/**
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index f160441c..2eaa1234 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -1,28 +1,16 @@
<?php
-use Engelsystem\UserHintsRenderer;
-/**
- * @param string $page
- * @return string
- */
-function page_link_to($page = '')
-{
- if ($page == '') {
- return '?';
- }
- return '?p=' . $page;
-}
+use Engelsystem\UserHintsRenderer;
/**
* @param string $page
+ * @param array $parameters get parameters
* @return string
*/
-function page_link_to_absolute($page)
+function page_link_to($page = '', $parameters = [])
{
- return (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://'
- . $_SERVER['HTTP_HOST']
- . preg_replace("/\?.*$/", '', $_SERVER['REQUEST_URI'])
- . page_link_to($page);
+ $page = str_replace('_', '-', $page);
+ return url($page, $parameters);
}
/**
@@ -65,7 +53,7 @@ function header_toolbar()
if (isset($user)) {
$toolbar_items[] = toolbar_item_link(
- page_link_to('shifts') . '&amp;action=next',
+ page_link_to('shifts', ['action' => 'next']),
'time',
User_shift_state_render($user)
);
@@ -86,7 +74,7 @@ function header_toolbar()
$toolbar_items[] = header_render_hints();
if (in_array('user_myshifts', $privileges)) {
$toolbar_items[] = toolbar_item_link(
- page_link_to('users') . '&amp;action=view',
+ page_link_to('users', ['action' => 'view']),
' icon-icon_angel',
$user['Nick'],
$page == 'users'
diff --git a/includes/sys_page.php b/includes/sys_page.php
index 1b33d1f4..df57d08a 100644
--- a/includes/sys_page.php
+++ b/includes/sys_page.php
@@ -1,4 +1,5 @@
<?php
+
use Engelsystem\ValidationResult;
/**
@@ -168,11 +169,8 @@ function strip_request_item($name, $default_value = null)
*/
function test_request_int($name)
{
- $request = request();
- if ($request->has($name)) {
- return preg_match('/^\d*$/', $request->input($name));
- }
- return false;
+ $input = request()->input($name);
+ return preg_match('/^\d*$/', $input);
}
/**
@@ -186,7 +184,11 @@ function strip_request_item_nl($name, $default_value = null)
{
$request = request();
if ($request->has($name)) {
- return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($request->input($name)));
+ return preg_replace(
+ "/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui",
+ '',
+ strip_tags($request->input($name))
+ );
}
return $default_value;
}
diff --git a/includes/view/AngelTypes_view.php b/includes/view/AngelTypes_view.php
index 37b4fb2c..f75cc616 100644
--- a/includes/view/AngelTypes_view.php
+++ b/includes/view/AngelTypes_view.php
@@ -50,7 +50,10 @@ function AngelType_delete_view($angeltype)
buttons([
button(page_link_to('angeltypes'), _('cancel'), 'cancel'),
button(
- page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'] . '&confirmed',
+ page_link_to(
+ 'angeltypes',
+ ['action' => 'delete', 'angeltype_id' => $angeltype['id'], 'confirmed' => 1]
+ ),
_('delete'),
'ok'
)
@@ -67,7 +70,6 @@ function AngelType_delete_view($angeltype)
*/
function AngelType_edit_view($angeltype, $supporter_mode)
{
- $contact_info = AngelType_contact_info($angeltype);
return page_with_title(sprintf(_('Edit %s'), $angeltype['name']), [
buttons([
button(page_link_to('angeltypes'), _('Angeltypes'), 'back')
@@ -127,7 +129,7 @@ function AngelType_view_buttons($angeltype, $user_angeltype, $admin_angeltypes,
if ($user_angeltype == null) {
$buttons[] = button(
- page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'],
+ page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]),
_('join'),
'add'
);
@@ -142,20 +144,22 @@ function AngelType_view_buttons($angeltype, $user_angeltype, $admin_angeltypes,
$angeltype['name']
));
}
- $buttons[] = button(page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $user_angeltype['id'],
- _('leave'), 'cancel');
+ $buttons[] = button(
+ page_link_to('user_angeltypes', ['action' => 'delete', 'user_angeltype_id' => $user_angeltype['id']]),
+ _('leave'), 'cancel'
+ );
}
if ($admin_angeltypes || $supporter) {
$buttons[] = button(
- page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'],
+ page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]),
_('edit'),
'edit'
);
}
if ($admin_angeltypes) {
$buttons[] = button(
- page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'],
+ page_link_to('angeltypes', ['action' => 'delete', 'angeltype_id' => $angeltype['id']]),
_('delete'),
'delete'
);
@@ -193,12 +197,18 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a
if ($angeltype['restricted'] && $member['confirm_user_id'] == null) {
$member['actions'] = table_buttons([
button(
- page_link_to('user_angeltypes') . '&action=confirm&user_angeltype_id=' . $member['user_angeltype_id'],
+ page_link_to(
+ 'user_angeltypes',
+ ['action' => 'confirm', 'user_angeltype_id' => $member['user_angeltype_id']]
+ ),
_('confirm'),
'btn-xs'
),
button(
- page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'],
+ page_link_to(
+ 'user_angeltypes',
+ ['action' => 'delete', 'user_angeltype_id' => $member['user_angeltype_id']]
+ ),
_('deny'),
'btn-xs'
)
@@ -208,7 +218,11 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a
if ($admin_angeltypes) {
$member['actions'] = table_buttons([
button(
- page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&supporter=0',
+ page_link_to('user_angeltypes', [
+ 'action' => 'update',
+ 'user_angeltype_id' => $member['user_angeltype_id'],
+ 'supporter' => 0
+ ]),
_('Remove supporter rights'),
'btn-xs'
)
@@ -221,11 +235,18 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a
if ($admin_user_angeltypes) {
$member['actions'] = table_buttons([
$admin_angeltypes
- ? button(page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&supporter=1',
+ ? button(page_link_to('user_angeltypes', [
+ 'action' => 'update',
+ 'user_angeltype_id' => $member['user_angeltype_id'],
+ 'supporter' => 1
+ ]),
_('Add supporter rights'), 'btn-xs')
: '',
button(
- page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'],
+ page_link_to('user_angeltypes', [
+ 'action' => 'delete',
+ 'user_angeltype_id' => $member['user_angeltype_id']
+ ]),
_('remove'),
'btn-xs'
)
@@ -339,7 +360,14 @@ function AngelType_view(
$page[] = '<h3>' . _('Members') . '</h3>';
if ($admin_user_angeltypes) {
$page[] = buttons([
- button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], _('Add'), 'add')
+ button(
+ page_link_to(
+ 'user_angeltypes',
+ ['action' => 'add', 'angeltype_id' => $angeltype['id']]
+ ),
+ _('Add'),
+ 'add'
+ )
]);
}
$page[] = table($table_headers, $members_confirmed);
@@ -348,12 +376,12 @@ function AngelType_view(
$page[] = '<h3>' . _('Unconfirmed') . '</h3>';
$page[] = buttons([
button(
- page_link_to('user_angeltypes') . '&action=confirm_all&angeltype_id=' . $angeltype['id'],
+ page_link_to('user_angeltypes', ['action' => 'confirm_all', 'angeltype_id' => $angeltype['id']]),
_('confirm all'),
'ok'
),
button(
- page_link_to('user_angeltypes') . '&action=delete_all&angeltype_id=' . $angeltype['id'],
+ page_link_to('user_angeltypes', ['action' => 'delete_all', 'angeltype_id' => $angeltype['id']]),
_('deny all'),
'cancel'
)
@@ -376,8 +404,10 @@ function AngelTypes_list_view($angeltypes, $admin_angeltypes)
return page_with_title(angeltypes_title(), [
msg(),
buttons([
- $admin_angeltypes ? button(page_link_to('angeltypes') . '&action=edit', _('New angeltype'), 'add') : '',
- button(page_link_to('angeltypes') . '&action=about', _('Teams/Job description'))
+ $admin_angeltypes
+ ? button(page_link_to('angeltypes', ['action' => 'edit']), _('New angeltype'), 'add')
+ : '',
+ button(page_link_to('angeltypes', ['action' => 'about']), _('Teams/Job description'))
]),
table([
'name' => _('Name'),
@@ -405,13 +435,16 @@ function AngelTypes_about_view_angeltype($angeltype)
$buttons = [];
if ($angeltype['user_angeltype_id'] != null) {
$buttons[] = button(
- page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $angeltype['user_angeltype_id'],
+ page_link_to(
+ 'user_angeltypes',
+ ['action' => 'delete', 'user_angeltype_id' => $angeltype['user_angeltype_id']]
+ ),
_('leave'),
'cancel'
);
} else {
$buttons[] = button(
- page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'],
+ page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]),
_('join'),
'add'
);
diff --git a/includes/view/Questions_view.php b/includes/view/Questions_view.php
index dee7585c..a44a099d 100644
--- a/includes/view/Questions_view.php
+++ b/includes/view/Questions_view.php
@@ -9,14 +9,22 @@
function Questions_view($open_questions, $answered_questions, $ask_action)
{
foreach ($open_questions as &$question) {
- $question['actions'] = '<a href="' . page_link_to('user_questions') . '&action=delete&id=' . $question['QID'] . '">' . _('delete') . '</a>';
+ $question['actions'] = '<a href="'
+ . page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']])
+ . '">'
+ . _('delete')
+ . '</a>';
$question['Question'] = str_replace("\n", '<br />', $question['Question']);
}
foreach ($answered_questions as &$question) {
$question['Question'] = str_replace("\n", '<br />', $question['Question']);
$question['Answer'] = str_replace("\n", '<br />', $question['Answer']);
- $question['actions'] = '<a href="' . page_link_to('user_questions') . '&action=delete&id=' . $question['QID'] . '">' . _('delete') . '</a>';
+ $question['actions'] = '<a href="'
+ . page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']])
+ . '">'
+ . _('delete')
+ . '</a>';
}
return page_with_title(questions_title(), [
diff --git a/includes/view/ShiftCalendarShiftRenderer.php b/includes/view/ShiftCalendarShiftRenderer.php
index 8560d47d..f0488e83 100644
--- a/includes/view/ShiftCalendarShiftRenderer.php
+++ b/includes/view/ShiftCalendarShiftRenderer.php
@@ -125,7 +125,7 @@ class ShiftCalendarShiftRenderer
if (in_array('user_shifts_admin', $privileges)) {
$html .= '<li class="list-group-item">' . button(
- page_link_to('user_shifts') . '&amp;shift_id=' . $shift['SID'],
+ page_link_to('user_shifts', ['shift_id' => $shift['SID']]),
_('Add more angels'),
'btn-xs'
) . '</li>';
@@ -169,11 +169,13 @@ class ShiftCalendarShiftRenderer
case ShiftSignupState::ADMIN:
case ShiftSignupState::FREE:
// When admin or free display a link + button for sign up
- $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&amp;shift_id=' . $shift['SID'] . '&amp;type_id=' . $angeltype['id'] . '">'
+ $entry_list[] = '<a href="'
+ . page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']])
+ . '">'
. $inner_text
. '</a> '
. button(
- page_link_to('user_shifts') . '&amp;shift_id=' . $shift['SID'] . '&amp;type_id=' . $angeltype['id'],
+ page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']]),
_('Sign up'), 'btn-xs btn-primary'
);
break;
@@ -191,7 +193,7 @@ class ShiftCalendarShiftRenderer
// Add link to join the angeltype first
$entry_list[] = $inner_text . '<br />'
. button(
- page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'],
+ page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]),
sprintf(_('Become %s'), $angeltype['name']),
'btn-xs'
);
@@ -232,8 +234,8 @@ class ShiftCalendarShiftRenderer
$header_buttons = '';
if (in_array('admin_shifts', $privileges)) {
$header_buttons = '<div class="pull-right">' . table_buttons([
- button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'),
- button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs')
+ button(page_link_to('user_shifts', ['edit_shift' => $shift['SID']]), glyph('edit'), 'btn-xs'),
+ button(page_link_to('user_shifts', ['delete_shift' => $shift['SID']]), glyph('trash'), 'btn-xs')
]) . '</div>';
}
$shift_heading = date('H:i', $shift['start']) . ' &dash; '
diff --git a/includes/view/ShiftTypes_view.php b/includes/view/ShiftTypes_view.php
index e0750617..74e0d7c0 100644
--- a/includes/view/ShiftTypes_view.php
+++ b/includes/view/ShiftTypes_view.php
@@ -24,7 +24,10 @@ function ShiftType_delete_view($shifttype)
buttons([
button(page_link_to('shifttypes'), _('cancel'), 'cancel'),
button(
- page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'] . '&confirmed',
+ page_link_to(
+ 'shifttypes',
+ ['action' => 'delete', 'shifttype_id' => $shifttype['id'], 'confirmed' => 1]
+ ),
_('delete'),
'ok btn-danger'
)
@@ -81,12 +84,16 @@ function ShiftType_view($shifttype, $angeltype)
buttons([
button(page_link_to('shifttypes'), shifttypes_title(), 'back'),
$angeltype ? button(
- page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'],
+ page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
$angeltype['name']
) : '',
- button(page_link_to('shifttypes') . '&action=edit&shifttype_id=' . $shifttype['id'], _('edit'), 'edit'),
button(
- page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'],
+ page_link_to('shifttypes', ['action' => 'edit', 'shifttype_id' => $shifttype['id']]),
+ _('edit'),
+ 'edit'
+ ),
+ button(
+ page_link_to('shifttypes', ['action' => 'delete', 'shifttype_id' => $shifttype['id']]),
_('delete'),
'delete'
)
@@ -103,11 +110,22 @@ function ShiftType_view($shifttype, $angeltype)
function ShiftTypes_list_view($shifttypes)
{
foreach ($shifttypes as &$shifttype) {
- $shifttype['name'] = '<a href="' . page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype['id'] . '">' . $shifttype['name'] . '</a>';
+ $shifttype['name'] = '<a href="'
+ . page_link_to('shifttypes', ['action' => 'view', 'shifttype_id' => $shifttype['id']])
+ . '">'
+ . $shifttype['name']
+ . '</a>';
$shifttype['actions'] = table_buttons([
- button(page_link_to('shifttypes') . '&action=edit&shifttype_id=' . $shifttype['id'], _('edit'), 'btn-xs'),
button(
- page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'],
+ page_link_to(
+ 'shifttypes',
+ ['action' => 'edit', 'shifttype_id' => $shifttype['id']]
+ ),
+ _('edit'),
+ 'btn-xs'
+ ),
+ button(
+ page_link_to('shifttypes', ['action' => 'delete', 'shifttype_id' => $shifttype['id']]),
_('delete'),
'btn-xs'
)
@@ -117,7 +135,7 @@ function ShiftTypes_list_view($shifttypes)
return page_with_title(shifttypes_title(), [
msg(),
buttons([
- button(page_link_to('shifttypes') . '&action=edit', _('New shifttype'), 'add')
+ button(page_link_to('shifttypes', ['action' => 'edit']), _('New shifttype'), 'add')
]),
table([
'name' => _('Name'),
diff --git a/includes/view/Shifts_view.php b/includes/view/Shifts_view.php
index 094af7ad..bc905f39 100644
--- a/includes/view/Shifts_view.php
+++ b/includes/view/Shifts_view.php
@@ -1,4 +1,5 @@
<?php
+
use Engelsystem\ShiftSignupState;
/**
@@ -41,12 +42,12 @@ function Shift_signup_button_render($shift, $angeltype, $user_angeltype = null)
if ($angeltype['shift_signup_state']->isSignupAllowed()) {
return button(
- page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'],
+ page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']]),
_('Sign up')
);
} elseif ($user_angeltype == null) {
return button(
- page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'],
+ page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
sprintf(_('Become %s'),
$angeltype['name'])
);
@@ -207,12 +208,12 @@ function Shift_view_render_shift_entry($shift_entry, $user_shift_admin, $angelty
$entry .= ' <div class="btn-group">';
if ($user_shift_admin) {
$entry .= button_glyph(
- page_link_to('user_myshifts') . '&edit=' . $shift_entry['id'] . '&id=' . $shift_entry['UID'],
+ page_link_to('user_myshifts', ['edit' => $shift_entry['id'], 'id' => $shift_entry['UID']]),
'pencil',
'btn-xs'
);
}
- $entry .= button_glyph(page_link_to('user_shifts') . '&entry_id=' . $shift_entry['id'], 'trash', 'btn-xs');
+ $entry .= button_glyph(page_link_to('user_shifts', ['entry_id' => $shift_entry['id']]), 'trash', 'btn-xs');
$entry .= '</div>';
}
return $entry;
diff --git a/includes/view/UserAngelTypes_view.php b/includes/view/UserAngelTypes_view.php
index 15d99961..98f6c3e9 100644
--- a/includes/view/UserAngelTypes_view.php
+++ b/includes/view/UserAngelTypes_view.php
@@ -19,12 +19,18 @@ function UserAngelType_update_view($user_angeltype, $user, $angeltype, $supporte
User_Nick_render($user)
), true),
buttons([
- button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button(
- page_link_to('user_angeltypes')
- . '&action=update&user_angeltype_id=' . $user_angeltype['id']
- . '&supporter=' . ($supporter ? '1' : '0')
- . '&confirmed',
+ page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
+ _('cancel'),
+ 'cancel'
+ ),
+ button(
+ page_link_to('user_angeltypes', [
+ 'action' => 'update',
+ 'user_angeltype_id' => $user_angeltype['id'],
+ 'supporter' => ($supporter ? '1' : '0'),
+ 'confirmed' => 1,
+ ]),
_('yes'),
'ok'
)
@@ -42,9 +48,19 @@ function UserAngelTypes_delete_all_view($angeltype)
msg(),
info(sprintf(_('Do you really want to deny all users for %s?'), $angeltype['name']), true),
buttons([
- button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button(
- page_link_to('user_angeltypes') . '&action=delete_all&angeltype_id=' . $angeltype['id'] . '&confirmed',
+ page_link_to(
+ 'angeltypes',
+ ['action' => 'view', 'angeltype_id' => $angeltype['id']]
+ ),
+ _('cancel'),
+ 'cancel'
+ ),
+ button(
+ page_link_to(
+ 'user_angeltypes',
+ ['action' => 'delete_all', 'angeltype_id' => $angeltype['id'], 'confirmed' => 1]
+ ),
_('yes'),
'ok'
)
@@ -62,9 +78,11 @@ function UserAngelTypes_confirm_all_view($angeltype)
msg(),
info(sprintf(_('Do you really want to confirm all users for %s?'), $angeltype['name']), true),
buttons([
- button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
+ button(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]), _('cancel'),
+ 'cancel'),
button(
- page_link_to('user_angeltypes') . '&action=confirm_all&angeltype_id=' . $angeltype['id'] . '&confirmed',
+ page_link_to('user_angeltypes',
+ ['action' => 'confirm_all', 'angeltype_id' => $angeltype['id'], 'confirmed' => 1]),
_('yes'),
'ok'
)
@@ -84,9 +102,16 @@ function UserAngelType_confirm_view($user_angeltype, $user, $angeltype)
msg(),
info(sprintf(_('Do you really want to confirm %s for %s?'), User_Nick_render($user), $angeltype['name']), true),
buttons([
- button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button(
- page_link_to('user_angeltypes') . '&action=confirm&user_angeltype_id=' . $user_angeltype['id'] . '&confirmed',
+ page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
+ _('cancel'),
+ 'cancel'
+ ),
+ button(
+ page_link_to(
+ 'user_angeltypes',
+ ['action' => 'confirm', 'user_angeltype_id' => $user_angeltype['id'], 'confirmed' => 1]
+ ),
_('yes'),
'ok'
)
@@ -106,9 +131,14 @@ function UserAngelType_delete_view($user_angeltype, $user, $angeltype)
msg(),
info(sprintf(_('Do you really want to delete %s from %s?'), User_Nick_render($user), $angeltype['name']), true),
buttons([
- button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button(
- page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $user_angeltype['id'] . '&confirmed',
+ page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
+ _('cancel'),
+ 'cancel'
+ ),
+ button(
+ page_link_to('user_angeltypes',
+ ['action' => 'delete', 'user_angeltype_id' => $user_angeltype['id'], 'confirmed' => 1]),
_('yes'),
'ok'
)
@@ -132,7 +162,11 @@ function UserAngelType_add_view($angeltype, $users_source, $user_id)
return page_with_title(_('Add user to angeltype'), [
msg(),
buttons([
- button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('back'), 'back')
+ button(
+ page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
+ _('back'),
+ 'back'
+ )
]),
form([
form_info(_('Angeltype'), $angeltype['name']),
@@ -153,9 +187,16 @@ function UserAngelType_join_view($user, $angeltype)
msg(),
info(sprintf(_('Do you really want to add %s to %s?'), User_Nick_render($user), $angeltype['name']), true),
buttons([
- button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button(
- page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '&user_id=' . $user['UID'] . '&confirmed',
+ page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
+ _('cancel'),
+ 'cancel'
+ ),
+ button(
+ page_link_to(
+ 'user_angeltypes',
+ ['action' => 'add', 'angeltype_id' => $angeltype['id'], 'user_id' => $user['UID'], 'confirmed' => 1]
+ ),
_('save'),
'ok'
)
diff --git a/includes/view/User_view.php b/includes/view/User_view.php
index 932614a7..c1e6f49e 100644
--- a/includes/view/User_view.php
+++ b/includes/view/User_view.php
@@ -127,7 +127,7 @@ function User_registration_success_view($event_welcome_message)
'<h2>' . _('What can I do?') . '</h2>',
'<p>' . _('Please read about the jobs you can do to help us.') . '</p>',
buttons([
- button(page_link_to('angeltypes') . '&action=about', _('Teams/Job description') . ' &raquo;')
+ button(page_link_to('angeltypes', ['action' => 'about']), _('Teams/Job description') . ' &raquo;')
])
])
])
@@ -172,10 +172,13 @@ function User_edit_vouchers_view($user)
button(user_link($user), glyph('chevron-left') . _('back'))
]),
info(sprintf(_('Angel should receive at least %d vouchers.'), User_get_eligable_voucher_count($user)), true),
- form([
- form_spinner('vouchers', _('Number of vouchers given out'), $user['got_voucher']),
- form_submit('submit', _('Save'))
- ], page_link_to('users') . '&action=edit_vouchers&user_id=' . $user['UID'])
+ form(
+ [
+ form_spinner('vouchers', _('Number of vouchers given out'), $user['got_voucher']),
+ form_submit('submit', _('Save'))
+ ],
+ page_link_to('users', ['action' => 'edit_vouchers', 'user_id' => $user['UID']])
+ )
]);
}
@@ -208,7 +211,7 @@ function Users_view(
$user['Tshirt'] = glyph_bool($user['Tshirt']);
$user['lastLogIn'] = date(_('m/d/Y h:i a'), $user['lastLogIn']);
$user['actions'] = table_buttons([
- button_glyph(page_link_to('admin_user') . '&id=' . $user['UID'], 'edit', 'btn-xs')
+ button_glyph(page_link_to('admin_user', ['id' => $user['UID']]), 'edit', 'btn-xs')
]);
}
$users[] = [
@@ -253,7 +256,11 @@ function Users_view(
*/
function Users_table_header_link($column, $label, $order_by)
{
- return '<a href="' . page_link_to('users') . '&OrderBy=' . $column . '">' . $label . ($order_by == $column ? ' <span class="caret"></span>' : '') . '</a>';
+ return '<a href="'
+ . page_link_to('users', ['OrderBy' => $column])
+ . '">'
+ . $label . ($order_by == $column ? ' <span class="caret"></span>' : '')
+ . '</a>';
}
/**
@@ -347,7 +354,7 @@ function User_view_myshift($shift, $user_source, $its_me)
];
if ($its_me || in_array('user_shifts_admin', $privileges)) {
$myshift['actions'][] = button(
- page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '&id=' . $user_source['UID'],
+ page_link_to('user_myshifts', ['edit' => $shift['id'], 'id' => $user_source['UID']]),
glyph('edit') . _('edit'),
'btn-xs'
);
@@ -356,8 +363,15 @@ function User_view_myshift($shift, $user_source, $its_me)
($shift['start'] > time() + config('last_unsubscribe') * 3600)
|| in_array('user_shifts_admin', $privileges)
) {
+ $parameters = [
+ 'cancel' => $shift['id'],
+ 'id' => $user_source['UID'],
+ ];
+ if ($its_me) {
+ $parameters['id'] = '';
+ }
$myshift['actions'][] = button(
- page_link_to('user_myshifts') . ((!$its_me) ? '&id=' . $user_source['UID'] : '') . '&cancel=' . $shift['id'],
+ page_link_to('user_myshifts', $parameters),
glyph('trash') . _('sign off'),
'btn-xs'
);
@@ -427,7 +441,7 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel
div('col-md-12', [
buttons([
$admin_user_privilege ? button(
- page_link_to('admin_user') . '&id=' . $user_source['UID'],
+ page_link_to('admin_user', ['id' => $user_source['UID']]),
glyph('edit') . _('edit')
) : '',
$admin_user_privilege ? button(
@@ -435,24 +449,24 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel
glyph('road') . _('driving license')
) : '',
($admin_user_privilege && !$user_source['Gekommen']) ? button(
- page_link_to('admin_arrive') . '&arrived=' . $user_source['UID'],
+ page_link_to('admin_arrive', ['arrived' => $user_source['UID']]),
_('arrived')
) : '',
$admin_user_privilege ? button(
- page_link_to('users') . '&action=edit_vouchers&user_id=' . $user_source['UID'],
+ page_link_to('users', ['action' => 'edit_vouchers', 'user_id' => $user_source['UID']]),
glyph('cutlery') . _('Edit vouchers')
) : '',
$its_me ? button(page_link_to('user_settings'), glyph('list-alt') . _('Settings')) : '',
$its_me ? button(
- page_link_to('ical') . '&key=' . $user_source['api_key'],
+ page_link_to('ical', ['key' => $user_source['api_key']]),
glyph('calendar') . _('iCal Export')
) : '',
$its_me ? button(
- page_link_to('shifts_json_export') . '&key=' . $user_source['api_key'],
+ page_link_to('shifts_json_export', ['key' => $user_source['api_key']]),
glyph('export') . _('JSON Export')
) : '',
$its_me ? button(
- page_link_to('user_myshifts') . '&reset',
+ page_link_to('user_myshifts', ['reset' => 1]),
glyph('repeat') . _('Reset API key')
) : ''
])
@@ -607,7 +621,7 @@ function User_groups_render($user_groups)
function User_Nick_render($user_source)
{
return '<a class="' . ($user_source['Gekommen'] ? '' : 'text-muted') . '" href="'
- . page_link_to('users') . '&amp;action=view&amp;user_id=' . $user_source['UID']
+ . page_link_to('users', ['action' => 'view', 'user_id' => $user_source['UID']])
. '"><span class="icon-icon_angel"></span> ' . htmlspecialchars($user_source['Nick']) . '</a>';
}