Split out functionality that gathers system specs

[squirrelmail.git] / plugins / calendar / event_create.php

diff --git a/plugins/calendar/event_create.php b/plugins/calendar/event_create.php
index 978a03017cb92a38d198e1524ae7a7df36047bc9..e09a63a6648af147074cb74d3f822019e8023fc9 100644 (file)
--- a/plugins/calendar/event_create.php
+++ b/plugins/calendar/event_create.php
@@ -3,7 +3,7 @@
 /**
  * event_create.php
  *
- * Copyright (c) 2002 The SquirrelMail Project Team
+ * Copyright (c) 2002-2004 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
  * Originally contrubuted by Michal Szczotka <michal@tuxy.org>
@@ -11,6 +11,12 @@
  * functions to create a event for calendar.
  *
  * $Id$
+ * @package plugins
+ * @subpackage calendar
+ */
+
+/**
+ * @ignore
  */
 define('SM_PATH','../../');
 
@@ -27,6 +33,55 @@ require_once(SM_PATH . 'functions/page_header.php');
 require_once(SM_PATH . 'include/load_prefs.php');
 require_once(SM_PATH . 'functions/html.php');
 
+/* get globals */
+
+if (isset($_POST['year'])) {
+    $year = $_POST['year'];
+}
+elseif (isset($_GET['year'])) {
+    $year = $_GET['year'];
+}
+if (isset($_POST['month'])) {
+    $month = $_POST['month'];
+}
+elseif (isset($_GET['month'])) {
+    $month = $_GET['month'];
+}
+if (isset($_POST['day'])) {
+    $day = $_POST['day'];
+}
+elseif (isset($_GET['day'])) {
+    $day = $_GET['day'];
+}
+if (isset($_POST['hour'])) {
+    $hour = $_POST['hour'];
+}
+elseif (isset($_GET['hour'])) {
+    $hour = $_GET['hour'];
+}
+if (isset($_POST['event_hour'])) {
+    $event_hour = $_POST['event_hour'];
+}
+if (isset($_POST['event_minute'])) {
+    $event_minute = $_POST['event_minute'];
+}
+if (isset($_POST['event_length'])) {
+    $event_length = $_POST['event_length'];
+}
+if (isset($_POST['event_priority'])) {
+    $event_priority = $_POST['event_priority'];
+}
+if (isset($_POST['event_title'])) {
+    $event_title = $_POST['event_title'];
+}
+if (isset($_POST['event_text'])) {
+    $event_text = $_POST['event_text'];
+}
+if (isset($_POST['send'])) {
+    $send = $_POST['send'];
+}
+/* got 'em */
+
 //main form to gather event info
 function show_event_form() {
     global $color, $editor_size, $year, $day, $month, $hour;
@@ -137,15 +192,15 @@ if(!isset($event_text)){
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" .
-                    html_tag( 'td', $event_title, 'left', $color[4] ) . "\n"
+                    html_tag( 'td', htmlspecialchars($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" .
-                    html_tag( 'td', $event_text, 'left', $color[4] ) . "\n"
+                    html_tag( 'td', htmlspecialchars($event_text,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td',
-                        "<a href=\"day.php?year=$year&month=$month&day=$day\">" . _("Day View") . "</a>\n" ,
+                        "<a href=\"day.php?year=$year&amp;month=$month&amp;day=$day\">" . _("Day View") . "</a>\n" ,
                     'left', $color[4], 'colspan="2"' ) . "\n"
                 ) ,
             '', $color[0], 'width="100%" border="0" cellpadding="2" cellspacing="1"' ) ."\n";