/**
* event_create.php
*
- * Copyright (c) 2002-2003 The SquirrelMail Project Team
+ * Copyright (c) 2002-2005 The SquirrelMail Project Team
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* Originally contrubuted by Michal Szczotka <michal@tuxy.org>
* functions to create a event for calendar.
*
* $Id$
+ * @package plugins
+ * @subpackage calendar
+ */
+
+/**
+ * @ignore
*/
define('SM_PATH','../../');
/* get globals */
-if (isset($_POST['year'])) {
- $year = $_POST['year'];
-}
-elseif (isset($_GET['year'])) {
+// undo rg = on effects
+if (isset($month)) unset($month);
+if (isset($year)) unset($year);
+if (isset($day)) unset($day);
+if (isset($hour)) unset($hour);
+if (isset($minute)) unset($minute);
+if (isset($event_hour)) unset($event_hour);
+if (isset($event_minute)) unset($event_minute);
+if (isset($event_length)) unset($event_length);
+if (isset($event_priority)) unset($event_priority);
+
+
+if (isset($_GET['year']) && is_numeric($_GET['year'])) {
$year = $_GET['year'];
}
-if (isset($_POST['month'])) {
- $month = $_POST['month'];
+elseif (isset($_POST['year']) && is_numeric($_POST['year'])) {
+ $year = $_POST['year'];
}
-elseif (isset($_GET['month'])) {
+if (isset($_GET['month']) && is_numeric($_GET['month'])) {
$month = $_GET['month'];
}
-if (isset($_POST['day'])) {
- $day = $_POST['day'];
+elseif (isset($_POST['month']) && is_numeric($_POST['month'])) {
+ $month = $_POST['month'];
}
-elseif (isset($_GET['day'])) {
+if (isset($_GET['day']) && is_numeric($_GET['day'])) {
$day = $_GET['day'];
}
-if (isset($_POST['hour'])) {
+elseif (isset($_POST['day']) && is_numeric($_POST['day'])) {
+ $day = $_POST['day'];
+}
+
+if (isset($_POST['hour']) && is_numeric($_POST['hour'])) {
$hour = $_POST['hour'];
}
-elseif (isset($_GET['hour'])) {
+elseif (isset($_GET['hour']) && is_numeric($_GET['hour'])) {
$hour = $_GET['hour'];
}
-if (isset($_POST['event_hour'])) {
+if (isset($_POST['event_hour']) && is_numeric($_POST['event_hour'])) {
$event_hour = $_POST['event_hour'];
}
-if (isset($_POST['event_minute'])) {
+if (isset($_POST['event_minute']) && is_numeric($_POST['event_minute'])) {
$event_minute = $_POST['event_minute'];
}
-if (isset($_POST['event_length'])) {
+if (isset($_POST['event_length']) && is_numeric($_POST['event_length'])) {
$event_length = $_POST['event_length'];
}
-if (isset($_POST['event_priority'])) {
+if (isset($_POST['event_priority']) && is_numeric($_POST['event_priority'])) {
$event_priority = $_POST['event_priority'];
}
if (isset($_POST['event_title'])) {
function show_event_form() {
global $color, $editor_size, $year, $day, $month, $hour;
- echo "\n<FORM name=eventscreate action=\"event_create.php\" METHOD=POST >\n".
- " <INPUT TYPE=hidden NAME=\"year\" VALUE=\"$year\">\n".
- " <INPUT TYPE=hidden NAME=\"month\" VALUE=\"$month\">\n".
- " <INPUT TYPE=hidden NAME=\"day\" VALUE=\"$day\">\n".
+ echo "\n<form name=\"eventscreate\" action=\"event_create.php\" method=\"post\">\n".
+ " <input type=\"hidden\" name=\"year\" value=\"$year\" />\n".
+ " <input type=\"hidden\" name=\"month\" value=\"$month\" />\n".
+ " <input type=\"hidden\" name=\"day\" value=\"$day\" />\n".
html_tag( 'tr' ) .
html_tag( 'td', _("Start time:"), 'right', $color[4] ) . "\n" .
html_tag( 'td', '', 'left', $color[4] ) . "\n" .
- " <SELECT NAME=\"event_hour\">\n";
+ " <select name=\"event_hour\">\n";
select_option_hour($hour);
- echo " </SELECT>\n" .
+ echo " </select>\n" .
" : \n" .
- " <SELECT NAME=\"event_minute\">\n";
+ " <select name=\"event_minute\">\n";
select_option_minute("00");
- echo " </SELECT>\n".
+ echo " </select>\n".
" </td></tr>\n".
html_tag( 'tr' ) .
html_tag( 'td', _("Length:"), 'right', $color[4] ) . "\n" .
html_tag( 'td', '', 'left', $color[4] ) . "\n" .
- " <SELECT NAME=\"event_length\">\n";
+ " <select name=\"event_length\">\n";
select_option_length("0");
- echo " </SELECT>\n".
+ echo " </select>\n".
" </td></tr>\n".
html_tag( 'tr' ) .
html_tag( 'td', _("Priority:"), 'right', $color[4] ) . "\n" .
html_tag( 'td', '', 'left', $color[4] ) . "\n" .
- " <SELECT NAME=\"event_priority\">\n";
+ " <select name=\"event_priority\">\n";
select_option_priority("0");
- echo " </SELECT>\n".
+ echo " </select>\n".
" </td></tr>\n".
html_tag( 'tr' ) .
html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" .
html_tag( 'td', '', 'left', $color[4] ) . "\n" .
- " <INPUT TYPE=text NAME=\"event_title\" VALUE=\"\" SIZE=30 MAXLENGTH=50><BR>\n".
+ " <input type=\"text\" name=\"event_title\" value=\"\" size=\"30\" maxlength=\"50\" /><br />\n".
" </td></tr>\n".
html_tag( 'tr',
html_tag( 'td',
- "<TEXTAREA NAME=\"event_text\" ROWS=5 COLS=\"$editor_size\" WRAP=HARD></TEXTAREA>" ,
+ "<textarea name=\"event_text\" rows=\"5\" cols=\"$editor_size\" wrap=\"hard\"></textarea>" ,
'left', $color[4], 'colspan="2"' )
) ."\n" .
html_tag( 'tr',
html_tag( 'td',
- "<INPUT TYPE=SUBMIT NAME=send VALUE=\"" .
- _("Set Event") . "\">" ,
+ '<input type="submit" name="send" value="' .
+ _("Set Event") . '" />' ,
'left', $color[4], 'colspan="2"' )
) ."\n";
- echo "</FORM>\n";
+ echo "</form>\n";
}
writecalendardata();
echo html_tag( 'table',
html_tag( 'tr',
- html_tag( 'th', _("Event Has been added!") . "<br>\n", '', $color[4], 'colspan="2"' )
+ html_tag( 'th', _("Event Has been added!") . "<br />\n", '', $color[4], 'colspan="2"' )
) .
html_tag( 'tr',
html_tag( 'td', _("Date:"), 'right', $color[4] ) . "\n" .
) .
html_tag( 'tr',
html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" .
- html_tag( 'td', $event_title, 'left', $color[4] ) . "\n"
+ html_tag( 'td', htmlspecialchars($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
) .
html_tag( 'tr',
html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" .
- html_tag( 'td', $event_text, 'left', $color[4] ) . "\n"
+ html_tag( 'td', htmlspecialchars($event_text,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
) .
html_tag( 'tr',
html_tag( 'td',
?>
</table></td></tr></table>
-</body></html>
+</body></html>
\ No newline at end of file
projects / squirrelmail.git / blobdiff