X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=plugins%2Fcalendar%2Fevent_create.php;h=db2347c2ae2ebd5b53d3c203cf989d67af6c9644;hb=876fdb605dcb48b44b5c0a3a6f2f106c941e5c20;hp=5ce78fb7db2ca5de1eb3bfb2f99dfd77b3991e89;hpb=1ba8cd6be9ab9e969978e0149e79b82769c199d3;p=squirrelmail.git

diff --git a/plugins/calendar/event_create.php b/plugins/calendar/event_create.php
index 5ce78fb7..db2347c2 100644
--- a/plugins/calendar/event_create.php
+++ b/plugins/calendar/event_create.php
@@ -1,131 +1,108 @@
 <?php
 
 /**
- * event_create.php
- *
- * Copyright (c) 2002 The SquirrelMail Project Team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
- * Originally contrubuted by Michal Szczotka <michal@tuxy.org>
- *
  * functions to create a event for calendar.
  *
- * $Id$
+ * @copyright &copy; 2002-2007 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
+ * @version $Id$
+ * @package plugins
+ * @subpackage calendar
+ */
+/**
+ * Include the SquirrelMail initialization file.
  */
-define('SM_PATH','../../');
+require('../../include/init.php');
 
-/* Calender plugin required files. */
-require_once(SM_PATH . 'plugins/calendar/calendar_data.php');
-require_once(SM_PATH . 'plugins/calendar/functions.php');
+/* date_intl() */
+include_once(SM_PATH . 'functions/date.php');
 
-/* SquirrelMail required files. */
-require_once(SM_PATH . 'include/validate.php');
-require_once(SM_PATH . 'functions/strings.php');
-require_once(SM_PATH . 'functions/date.php');
-require_once(SM_PATH . 'config/config.php');
-require_once(SM_PATH . 'functions/page_header.php');
-require_once(SM_PATH . 'include/load_prefs.php');
-require_once(SM_PATH . 'functions/html.php');
+/* Calendar plugin required files. */
+include_once(SM_PATH . 'plugins/calendar/calendar_data.php');
+include_once(SM_PATH . 'plugins/calendar/functions.php');
 
 /* get globals */
-
-if (isset($_POST['year'])) {
-    $year = $_POST['year'];
-}
-elseif (isset($_GET['year'])) {
-    $year = $_GET['year'];
-}
-if (isset($_POST['month'])) {
-    $month = $_POST['month'];
+if (! sqGetGlobalVar('year',$year,SQ_FORM) || ! is_numeric($year)) {
+    unset($year);
 }
-elseif (isset($_GET['month'])) {
-    $month = $_GET['month'];
+if (! sqGetGlobalVar('month',$month,SQ_FORM) || ! is_numeric($month)) {
+    unset($month);
 }
-if (isset($_POST['day'])) {
-    $day = $_POST['day'];
+if (! sqGetGlobalVar('day',$day,SQ_FORM) || ! is_numeric($day)) {
+    unset($day);
 }
-elseif (isset($_GET['day'])) {
-    $day = $_GET['day'];
+if (! sqGetGlobalVar('hour',$hour,SQ_FORM) || ! is_numeric($hour)) {
+    unset($hour);
 }
-if (isset($_POST['hour'])) {
-    $hour = $_POST['hour'];
+if (! sqGetGlobalVar('event_hour',$event_hour,SQ_POST) || ! is_numeric($event_hour)) {
+    unset($event_hour);
 }
-elseif (isset($_GET['hour'])) {
-    $hour = $_GET['hour'];
+if (! sqGetGlobalVar('event_minute',$event_minute,SQ_POST) || ! is_numeric($event_minute)) {
+    unset($event_minute);
 }
-if (isset($_POST['event_hour'])) {
-    $event_hour = $_POST['event_hour'];
+if (! sqGetGlobalVar('event_length',$event_length,SQ_POST) || ! is_numeric($event_length)) {
+    unset($event_length);
 }
-if (isset($_POST['event_minute'])) {
-    $event_minute = $_POST['event_minute'];
-}
-if (isset($_POST['event_length'])) {
-    $event_length = $_POST['event_length'];
-}
-if (isset($_POST['event_priority'])) {
-    $event_priority = $_POST['event_priority'];
-}
-if (isset($_POST['event_title'])) {
-    $event_title = $_POST['event_title'];
-}
-if (isset($_POST['event_text'])) {
-    $event_text = $_POST['event_text'];
-}
-if (isset($_POST['send'])) {
-    $send = $_POST['send'];
+if (! sqGetGlobalVar('event_priority',$event_priority,SQ_POST) || ! is_numeric($event_priority)) {
+    unset($event_priority);
 }
+
+sqGetGlobalVar('event_title',$event_title,SQ_POST);
+sqGetGlobalVar('event_text',$event_text,SQ_POST);
+sqGetGlobalVar('send',$send,SQ_POST);
+
 /* got 'em */
 
 //main form to gather event info
 function show_event_form() {
     global $color, $editor_size, $year, $day, $month, $hour;
 
-    echo "\n<FORM name=eventscreate action=\"event_create.php\" METHOD=POST >\n".
-         "      <INPUT TYPE=hidden NAME=\"year\" VALUE=\"$year\">\n".
-         "      <INPUT TYPE=hidden NAME=\"month\" VALUE=\"$month\">\n".
-         "      <INPUT TYPE=hidden NAME=\"day\" VALUE=\"$day\">\n".
+    echo "\n<form name=\"eventscreate\" action=\"event_create.php\" method=\"post\">\n".
+         "      <input type=\"hidden\" name=\"year\" value=\"$year\" />\n".
+         "      <input type=\"hidden\" name=\"month\" value=\"$month\" />\n".
+         "      <input type=\"hidden\" name=\"day\" value=\"$day\" />\n".
          html_tag( 'tr' ) .
          html_tag( 'td', _("Start time:"), 'right', $color[4] ) . "\n" .
          html_tag( 'td', '', 'left', $color[4] ) . "\n" .
-         "      <SELECT NAME=\"event_hour\">\n";
+         "      <select name=\"event_hour\">\n";
     select_option_hour($hour);
-    echo "      </SELECT>\n" .
+    echo "      </select>\n" .
          "      &nbsp;:&nbsp;\n" .
-         "      <SELECT NAME=\"event_minute\">\n";
+         "      <select name=\"event_minute\">\n";
     select_option_minute("00");
-    echo "      </SELECT>\n".
+    echo "      </select>\n".
          "      </td></tr>\n".
          html_tag( 'tr' ) .
          html_tag( 'td', _("Length:"), 'right', $color[4] ) . "\n" .
          html_tag( 'td', '', 'left', $color[4] ) . "\n" .
-         "      <SELECT NAME=\"event_length\">\n";
+         "      <select name=\"event_length\">\n";
     select_option_length("0");
-    echo "      </SELECT>\n".
+    echo "      </select>\n".
          "      </td></tr>\n".
          html_tag( 'tr' ) .
          html_tag( 'td', _("Priority:"), 'right', $color[4] ) . "\n" .
          html_tag( 'td', '', 'left', $color[4] ) . "\n" .
-         "      <SELECT NAME=\"event_priority\">\n";
+         "      <select name=\"event_priority\">\n";
     select_option_priority("0");
-    echo "      </SELECT>\n".
+    echo "      </select>\n".
          "      </td></tr>\n".
          html_tag( 'tr' ) .
          html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" .
          html_tag( 'td', '', 'left', $color[4] ) . "\n" .
-         "      <INPUT TYPE=text NAME=\"event_title\" VALUE=\"\" SIZE=30 MAXLENGTH=50><BR>\n".
+         "      <input type=\"text\" name=\"event_title\" value=\"\" size=\"30\" maxlength=\"50\" /><br />\n".
          "      </td></tr>\n".
          html_tag( 'tr',
              html_tag( 'td',
-                 "<TEXTAREA NAME=\"event_text\" ROWS=5 COLS=\"$editor_size\" WRAP=HARD></TEXTAREA>" ,
+                 "<textarea name=\"event_text\" rows=\"5\" cols=\"$editor_size\"></textarea>" ,
              'left', $color[4], 'colspan="2"' )
          ) ."\n" .
          html_tag( 'tr',
              html_tag( 'td',
-                 "<INPUT TYPE=SUBMIT NAME=send VALUE=\"" .
-                 _("Set Event") . "\">" ,
+                 '<input type="submit" name="send" value="' .
+                 _("Set Event") . '" />' ,
              'left', $color[4], 'colspan="2"' )
          ) ."\n";
-    echo "</FORM>\n";
+    echo "</form>\n";
 }
 
 
@@ -145,7 +122,7 @@ if (!isset($hour) || $hour <= 0){
 $calself=basename($PHP_SELF);
 
 
-displayPageHeader($color, 'None');
+displayPageHeader($color);
 //load calendar menu
 calendar_header();
 
@@ -160,37 +137,33 @@ if(!isset($event_text)){
     show_event_form();
 } else {
     readcalendardata();
-    //make sure that event text is fittting in one line
-    $event_text=nl2br($event_text);
-    $event_text=ereg_replace ("\n", "", $event_text);
-    $event_text=ereg_replace ("\r", "", $event_text);
     $calendardata["$month$day$year"]["$event_hour$event_minute"] =
-    array( 'length' => $event_length,
+    array( 'length'   => $event_length,
            'priority' => $event_priority,
-           'title' => $event_title,
-           'message' => $event_text,
+           'title'    => $event_title,
+           'message'  => $event_text,
            'reminder' => '' );
     //save
     writecalendardata();
     echo html_tag( 'table',
                 html_tag( 'tr',
-                    html_tag( 'th', _("Event Has been added!") . "<br>\n", '', $color[4], 'colspan="2"' )
+                    html_tag( 'th', _("Event Has been added!") . "<br />\n", '', $color[4], 'colspan="2"' )
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Date:"), 'right', $color[4] ) . "\n" .
-                    html_tag( 'td', $month .'/'.$day.'/'.$year, 'left', $color[4] ) . "\n"
+                    html_tag( 'td', date_intl(_("m/d/Y"),mktime(0,0,0,$month,$day,$year)), 'left', $color[4] ) . "\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Time:"), 'right', $color[4] ) . "\n" .
-                    html_tag( 'td', $event_hour.':'.$event_minute, 'left', $color[4] ) . "\n"
+                    html_tag( 'td', date_intl(_("H:i"),mktime($event_hour,$event_minute,0,$month,$day,$year)), 'left', $color[4] ) . "\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" .
-                    html_tag( 'td', $event_title, 'left', $color[4] ) . "\n"
+                    html_tag( 'td', htmlspecialchars($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" .
-                    html_tag( 'td', $event_text, 'left', $color[4] ) . "\n"
+                    html_tag( 'td', nl2br(htmlspecialchars($event_text,ENT_NOQUOTES)), 'left', $color[4] ) . "\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td',