gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-11 09:35:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- no need to sanitize month, day, year because they are turned into an int

Browse Source
This commit is contained in:
steinm 2011-12-01 21:31:17 +00:00
parent 6945fcc0a8
commit 02d81d4525
1 changed files with 46 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
op/op.AddEvent.php
View File

@ -1,66 +1,66 @@
<?php
// MyDMS. Document Management System
// Copyright (C) 2002-2005 Markus Westphal
// Copyright (C) 2006-2008 Malcolm Cowe
// Copyright (C) 2010 Matteo Lucarelli
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
include("../inc/inc.Settings.php");
include("../inc/inc.LogInit.php");
include("../inc/inc.Utils.php");
include("../inc/inc.ClassEmail.php");
<?php
// MyDMS. Document Management System
// Copyright (C) 2002-2005 Markus Westphal
// Copyright (C) 2006-2008 Malcolm Cowe
// Copyright (C) 2010 Matteo Lucarelli
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
include("../inc/inc.Settings.php");
include("../inc/inc.LogInit.php");
include("../inc/inc.Utils.php");
include("../inc/inc.ClassEmail.php");
include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php");
include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Calendar.php");
include("../inc/inc.Authentication.php");
include("../inc/inc.Calendar.php");
include("../inc/inc.Authentication.php");
if ($user->isGuest()) {
UI::exitError(getMLText("edit_event"),getMLText("access_denied"));
}
if (!isset($_POST["frommonth"]) || !isset($_POST["fromday"]) || !isset($_POST["fromyear"]) ) {
UI::exitError(getMLText("add_event"),getMLText("error_occured"));
if (!isset($_POST["frommonth"]) || !isset($_POST["fromday"]) || !isset($_POST["fromyear"]) ) {
UI::exitError(getMLText("add_event"),getMLText("error_occured"));
}
if (!isset($_POST["tomonth"]) || !isset($_POST["today"]) || !isset($_POST["toyear"]) ) {
UI::exitError(getMLText("add_event"),getMLText("error_occured"));
if (!isset($_POST["tomonth"]) || !isset($_POST["today"]) || !isset($_POST["toyear"]) ) {
UI::exitError(getMLText("add_event"),getMLText("error_occured"));
}
if (!isset($_POST["name"]) || !isset($_POST["comment"]) ) {
UI::exitError(getMLText("add_event"),getMLText("error_occured"));
if (!isset($_POST["name"]) || !isset($_POST["comment"]) ) {
UI::exitError(getMLText("add_event"),getMLText("error_occured"));
}
$name = sanitizeString($_POST["name"]);
$name = sanitizeString($_POST["name"]);
$comment = sanitizeString($_POST["comment"]);
$from = mktime(0,0,0, intval($_POST["frommonth"]), intval($_POST["fromday"]), intval($_POST["fromyear"]));
$to = mktime(23,59,59, sanitizeString($_POST["tomonth"]), sanitizeString($_POST["today"]), sanitizeString($_POST["toyear"]));
$to = mktime(23,59,59, intval($_POST["tomonth"]), intval($_POST["today"]), intval($_POST["toyear"]));
if ($to<$from){
$to= mktime(23,59,59, sanitizeString($_POST["frommonth"]), sanitizeString($_POST["fromday"]), sanitizeString($_POST["fromyear"]));
$to= mktime(23,59,59, intval($_POST["frommonth"]), intval($_POST["fromday"]), intval($_POST["fromyear"]));
}
$res = addEvent($from, $to, $name, $comment);
if (is_bool($res) && !$res) {
UI::exitError(getMLText("add_event"),getMLText("error_occured"));
}
add_log_line("?name=".$name."&from=".$from."&to=".$to);
header("Location:../out/out.Calendar.php?mode=w&day=".$_POST["fromday"]."&year=".$_POST["fromyear"]."&month=".$_POST["frommonth"]);
?>
add_log_line("?name=".$name."&from=".$from."&to=".$to);
header("Location:../out/out.Calendar.php?mode=w&day=".$_POST["fromday"]."&year=".$_POST["fromyear"]."&month=".$_POST["frommonth"]);
?>