X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=plugins%2Fcalendar%2Fevent_create.php;h=e09a63a6648af147074cb74d3f822019e8023fc9;hp=1153a678caf647987a5a325109c2acedae060993;hb=595848f9dbf9fda650ca1809f94702043dbc0f79;hpb=7c67a5e84c7466417e14ef5064a1cfd7f4088a3c diff --git a/plugins/calendar/event_create.php b/plugins/calendar/event_create.php index 1153a678..e09a63a6 100644 --- a/plugins/calendar/event_create.php +++ b/plugins/calendar/event_create.php @@ -3,7 +3,7 @@ /** * event_create.php * - * Copyright (c) 2002 The SquirrelMail Project Team + * Copyright (c) 2002-2004 The SquirrelMail Project Team * Licensed under the GNU GPL. For full terms see the file COPYING. * * Originally contrubuted by Michal Szczotka @@ -11,18 +11,76 @@ * functions to create a event for calendar. * * $Id$ + * @package plugins + * @subpackage calendar */ -require_once('calendar_data.php'); -require_once('functions.php'); -chdir('..'); -require_once('../src/validate.php'); -require_once('../functions/strings.php'); -require_once('../functions/date.php'); -require_once('../config/config.php'); -require_once('../functions/page_header.php'); -require_once('../src/load_prefs.php'); -require_once('../functions/html.php'); +/** + * @ignore + */ +define('SM_PATH','../../'); + +/* Calender plugin required files. */ +require_once(SM_PATH . 'plugins/calendar/calendar_data.php'); +require_once(SM_PATH . 'plugins/calendar/functions.php'); + +/* SquirrelMail required files. */ +require_once(SM_PATH . 'include/validate.php'); +require_once(SM_PATH . 'functions/strings.php'); +require_once(SM_PATH . 'functions/date.php'); +require_once(SM_PATH . 'config/config.php'); +require_once(SM_PATH . 'functions/page_header.php'); +require_once(SM_PATH . 'include/load_prefs.php'); +require_once(SM_PATH . 'functions/html.php'); + +/* get globals */ + +if (isset($_POST['year'])) { + $year = $_POST['year']; +} +elseif (isset($_GET['year'])) { + $year = $_GET['year']; +} +if (isset($_POST['month'])) { + $month = $_POST['month']; +} +elseif (isset($_GET['month'])) { + $month = $_GET['month']; +} +if (isset($_POST['day'])) { + $day = $_POST['day']; +} +elseif (isset($_GET['day'])) { + $day = $_GET['day']; +} +if (isset($_POST['hour'])) { + $hour = $_POST['hour']; +} +elseif (isset($_GET['hour'])) { + $hour = $_GET['hour']; +} +if (isset($_POST['event_hour'])) { + $event_hour = $_POST['event_hour']; +} +if (isset($_POST['event_minute'])) { + $event_minute = $_POST['event_minute']; +} +if (isset($_POST['event_length'])) { + $event_length = $_POST['event_length']; +} +if (isset($_POST['event_priority'])) { + $event_priority = $_POST['event_priority']; +} +if (isset($_POST['event_title'])) { + $event_title = $_POST['event_title']; +} +if (isset($_POST['event_text'])) { + $event_text = $_POST['event_text']; +} +if (isset($_POST['send'])) { + $send = $_POST['send']; +} +/* got 'em */ //main form to gather event info function show_event_form() { @@ -134,15 +192,15 @@ if(!isset($event_text)){ ) . html_tag( 'tr', html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" . - html_tag( 'td', $event_title, 'left', $color[4] ) . "\n" + html_tag( 'td', htmlspecialchars($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n" ) . html_tag( 'tr', html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" . - html_tag( 'td', $event_text, 'left', $color[4] ) . "\n" + html_tag( 'td', htmlspecialchars($event_text,ENT_NOQUOTES), 'left', $color[4] ) . "\n" ) . html_tag( 'tr', html_tag( 'td', - "" . _("Day View") . "\n" , + "" . _("Day View") . "\n" , 'left', $color[4], 'colspan="2"' ) . "\n" ) , '', $color[0], 'width="100%" border="0" cellpadding="2" cellspacing="1"' ) ."\n";