From 91dafb19ec171e747d9976cf738606759bde3aae Mon Sep 17 00:00:00 2001 From: msquare Date: Thu, 29 Sep 2016 10:53:17 +0200 Subject: prohibit inline control structures on pages --- includes/pages/user_news.php | 104 ++++++++++++++++++++++++------------------- 1 file changed, 57 insertions(+), 47 deletions(-) (limited to 'includes/pages/user_news.php') diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 78d63d61..e035e656 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -1,4 +1,5 @@

' . meetings_title() . '

' . msg(); - - if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) + + if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) { $page = $_REQUEST['page']; - else + } else { $page = 0; - + } + $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); - foreach ($news as $entry) + foreach ($news as $entry) { $html .= display_news($entry); - + } + $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS); $html .= '
' . '
'; - + return $html; } function display_news($news) { global $privileges, $p; - + $html = ''; $html .= '
'; $html .= '
'; $html .= '

' . ($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '

'; $html .= '
'; $html .= '
' . ReplaceSmilies(nl2br($news['Text'])) . '
'; - + $html .= '
'; - if (in_array("admin_news", $privileges)) + if (in_array("admin_news", $privileges)) { $html .= '
' . button_glyph(page_link_to("admin_news") . '&action=edit&id=' . $news['ID'], 'edit', 'btn-xs') . '
'; - + } $html .= ' ' . date("Y-m-d H:i", $news['Datum']) . ' '; - + $user_source = User($news['UID']); - if ($user_source === false) + if ($user_source === false) { engelsystem_error(_("Unable to load user.")); - + } + $html .= User_Nick_render($user_source); - if ($p != "news_comments") + if ($p != "news_comments") { $html .= '  ' . _("Comments") . ' » ' . sql_num_query("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ''; + } $html .= '
'; $html .= '
'; return $html; @@ -71,7 +77,7 @@ function display_news($news) { function user_news_comments() { global $user; - + $html = '

' . user_news_comments_title() . '

'; if (isset($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0) { $nid = $_REQUEST["nid"]; @@ -82,15 +88,16 @@ function user_news_comments() { engelsystem_log("Created news_comment: " . $text); $html .= success(_("Entry saved."), true); } - + $html .= display_news($news); - + $comments = sql_select("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'"); foreach ($comments as $comment) { $user_source = User($comment['UID']); - if ($user_source === false) + if ($user_source === false) { engelsystem_error(_("Unable to load user.")); - + } + $html .= '
'; $html .= '
' . nl2br($comment['Text']) . '
'; $html .= '
'; @@ -99,66 +106,69 @@ function user_news_comments() { $html .= '
'; $html .= '
'; } - + $html .= '

' . _("New Comment:") . '

'; - $html .= form(array( + $html .= form([ form_textarea('text', _("Message"), ''), - form_submit('submit', _("Save")) - ), page_link_to('news_comments') . '&nid=' . $news['ID']); - + form_submit('submit', _("Save")) + ], page_link_to('news_comments') . '&nid=' . $news['ID']); } else { $html .= _("Invalid request."); } - + return $html . '
'; } function user_news() { global $DISPLAY_NEWS, $privileges, $user; - + $html = '

' . news_title() . '

' . msg(); - + if (isset($_POST["text"]) && isset($_POST["betreff"]) && in_array("admin_news", $privileges)) { - if (! isset($_POST["treffen"]) || ! in_array("admin_news", $privileges)) + if (! isset($_POST["treffen"]) || ! in_array("admin_news", $privileges)) { $_POST["treffen"] = 0; + } sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "', '" . sql_escape($_POST["treffen"]) . "');"); engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]); success(_("Entry saved.")); redirect(page_link_to('news')); } - - if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) + + if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) { $page = $_REQUEST['page']; - else + } else { $page = 0; - + } + $news = sql_select("SELECT * FROM `News` ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); - foreach ($news as $entry) + foreach ($news as $entry) { $html .= display_news($entry); - + } + $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS); $html .= '
' . '
    '; for ($i = 0; $i < $dis_rows; $i ++) { - if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) + if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) { $html .= '
  • '; - elseif (! isset($_REQUEST['page']) && $i == 0) + } elseif (! isset($_REQUEST['page']) && $i == 0) { $html .= '
  • '; - else + } else { $html .= '
  • '; + } $html .= '' . ($i + 1) . '
    • '; } $html .= '
'; - + if (in_array("admin_news", $privileges)) { $html .= '
'; $html .= '

' . _("Create news:") . '

'; - - $html .= form(array( + + $html .= form([ form_text('betreff', _("Subject"), ''), form_textarea('text', _("Message"), ''), form_checkbox('treffen', _("Meeting"), false, 1), - form_submit('submit', _("Save")) - )); + form_submit('submit', _("Save")) + ]); } return $html . '
'; } -- cgit v1.2.3-54-g00ecf