X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=plugins%2Fcalendar%2Fevent_create.php;h=febd8375867dee08e32b4c20a598c6da964b2407;hb=a6d3eff675f7ace3d69f6d9788489ca930333315;hp=62cd0e78c4ac5ed51ceddd34215c281ec97d168e;hpb=76911253eb850bacde3d86c8cb7b4af072e67ebe;p=squirrelmail.git diff --git a/plugins/calendar/event_create.php b/plugins/calendar/event_create.php index 62cd0e78..febd8375 100644 --- a/plugins/calendar/event_create.php +++ b/plugins/calendar/event_create.php @@ -3,7 +3,7 @@ /** * event_create.php * - * Copyright (c) 2002-2003 The SquirrelMail Project Team + * Copyright (c) 2002-2005 The SquirrelMail Project Team * Licensed under the GNU GPL. For full terms see the file COPYING. * * Originally contrubuted by Michal Szczotka @@ -11,6 +11,12 @@ * functions to create a event for calendar. * * $Id$ + * @package plugins + * @subpackage calendar + */ + +/** + * @ignore */ define('SM_PATH','../../'); @@ -29,40 +35,53 @@ require_once(SM_PATH . 'functions/html.php'); /* get globals */ -if (isset($_POST['year'])) { - $year = $_POST['year']; -} -elseif (isset($_GET['year'])) { +// undo rg = on effects +if (isset($month)) unset($month); +if (isset($year)) unset($year); +if (isset($day)) unset($day); +if (isset($hour)) unset($hour); +if (isset($minute)) unset($minute); +if (isset($event_hour)) unset($event_hour); +if (isset($event_minute)) unset($event_minute); +if (isset($event_length)) unset($event_length); +if (isset($event_priority)) unset($event_priority); + + +if (isset($_GET['year']) && is_numeric($_GET['year'])) { $year = $_GET['year']; } -if (isset($_POST['month'])) { - $month = $_POST['month']; +elseif (isset($_POST['year']) && is_numeric($_POST['year'])) { + $year = $_POST['year']; } -elseif (isset($_GET['month'])) { +if (isset($_GET['month']) && is_numeric($_GET['month'])) { $month = $_GET['month']; } -if (isset($_POST['day'])) { - $day = $_POST['day']; +elseif (isset($_POST['month']) && is_numeric($_POST['month'])) { + $month = $_POST['month']; } -elseif (isset($_GET['day'])) { +if (isset($_GET['day']) && is_numeric($_GET['day'])) { $day = $_GET['day']; } -if (isset($_POST['hour'])) { +elseif (isset($_POST['day']) && is_numeric($_POST['day'])) { + $day = $_POST['day']; +} + +if (isset($_POST['hour']) && is_numeric($_POST['hour'])) { $hour = $_POST['hour']; } -elseif (isset($_GET['hour'])) { +elseif (isset($_GET['hour']) && is_numeric($_GET['hour'])) { $hour = $_GET['hour']; } -if (isset($_POST['event_hour'])) { +if (isset($_POST['event_hour']) && is_numeric($_POST['event_hour'])) { $event_hour = $_POST['event_hour']; } -if (isset($_POST['event_minute'])) { +if (isset($_POST['event_minute']) && is_numeric($_POST['event_minute'])) { $event_minute = $_POST['event_minute']; } -if (isset($_POST['event_length'])) { +if (isset($_POST['event_length']) && is_numeric($_POST['event_length'])) { $event_length = $_POST['event_length']; } -if (isset($_POST['event_priority'])) { +if (isset($_POST['event_priority']) && is_numeric($_POST['event_priority'])) { $event_priority = $_POST['event_priority']; } if (isset($_POST['event_title'])) { @@ -80,52 +99,52 @@ if (isset($_POST['send'])) { function show_event_form() { global $color, $editor_size, $year, $day, $month, $hour; - echo "\n
\n". - " \n". - " \n". - " \n". + echo "\n\n". + " \n". + " \n". + " \n". html_tag( 'tr' ) . html_tag( 'td', _("Start time:"), 'right', $color[4] ) . "\n" . html_tag( 'td', '', 'left', $color[4] ) . "\n" . - " \n"; select_option_hour($hour); - echo " \n" . + echo " \n" . "  : \n" . - " \n"; select_option_minute("00"); - echo " \n". + echo " \n". " \n". html_tag( 'tr' ) . html_tag( 'td', _("Length:"), 'right', $color[4] ) . "\n" . html_tag( 'td', '', 'left', $color[4] ) . "\n" . - " \n"; select_option_length("0"); - echo " \n". + echo " \n". " \n". html_tag( 'tr' ) . html_tag( 'td', _("Priority:"), 'right', $color[4] ) . "\n" . html_tag( 'td', '', 'left', $color[4] ) . "\n" . - " \n"; select_option_priority("0"); - echo " \n". + echo " \n". " \n". html_tag( 'tr' ) . html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" . html_tag( 'td', '', 'left', $color[4] ) . "\n" . - "
\n". + "
\n". " \n". html_tag( 'tr', html_tag( 'td', - "" , + "" , 'left', $color[4], 'colspan="2"' ) ) ."\n" . html_tag( 'tr', html_tag( 'td', - "" , + '' , 'left', $color[4], 'colspan="2"' ) ) ."\n"; - echo "
\n"; + echo "\n"; } @@ -174,7 +193,7 @@ if(!isset($event_text)){ writecalendardata(); echo html_tag( 'table', html_tag( 'tr', - html_tag( 'th', _("Event Has been added!") . "
\n", '', $color[4], 'colspan="2"' ) + html_tag( 'th', _("Event Has been added!") . "
\n", '', $color[4], 'colspan="2"' ) ) . html_tag( 'tr', html_tag( 'td', _("Date:"), 'right', $color[4] ) . "\n" . @@ -186,11 +205,11 @@ if(!isset($event_text)){ ) . html_tag( 'tr', html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" . - html_tag( 'td', $event_title, 'left', $color[4] ) . "\n" + html_tag( 'td', htmlspecialchars($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n" ) . html_tag( 'tr', html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" . - html_tag( 'td', $event_text, 'left', $color[4] ) . "\n" + html_tag( 'td', htmlspecialchars($event_text,ENT_NOQUOTES), 'left', $color[4] ) . "\n" ) . html_tag( 'tr', html_tag( 'td', @@ -202,4 +221,4 @@ if(!isset($event_text)){ ?> - + \ No newline at end of file