gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-06-18 02:59:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- no need to sanitize month, day, year because they are turned into an int

Browse Source
This commit is contained in:
steinm 2011-12-01 21:31:17 +00:00
parent 6945fcc0a8
commit 02d81d4525
1 changed files with 46 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
op/op.AddEvent.php
View File

@ -1,66 +1,66 @@
<?php <?php
// MyDMS. Document Management System // MyDMS. Document Management System
// Copyright (C) 2002-2005 Markus Westphal // Copyright (C) 2002-2005 Markus Westphal
// Copyright (C) 2006-2008 Malcolm Cowe // Copyright (C) 2006-2008 Malcolm Cowe
// Copyright (C) 2010 Matteo Lucarelli // Copyright (C) 2010 Matteo Lucarelli
// //
// This program is free software; you can redistribute it and/or modify // This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by // it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or // the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version. // (at your option) any later version.
// //
// This program is distributed in the hope that it will be useful, // This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of // but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details. // GNU General Public License for more details.
// //
// You should have received a copy of the GNU General Public License // You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software // along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. // Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
include("../inc/inc.Settings.php"); include("../inc/inc.Settings.php");
include("../inc/inc.LogInit.php"); include("../inc/inc.LogInit.php");
include("../inc/inc.Utils.php"); include("../inc/inc.Utils.php");
include("../inc/inc.ClassEmail.php"); include("../inc/inc.ClassEmail.php");
include("../inc/inc.DBInit.php"); include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php"); include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassUI.php");
include("../inc/inc.Calendar.php"); include("../inc/inc.Calendar.php");
include("../inc/inc.Authentication.php"); include("../inc/inc.Authentication.php");
if ($user->isGuest()) { if ($user->isGuest()) {
UI::exitError(getMLText("edit_event"),getMLText("access_denied")); UI::exitError(getMLText("edit_event"),getMLText("access_denied"));
} }
if (!isset($_POST["frommonth"]) || !isset($_POST["fromday"]) || !isset($_POST["fromyear"]) ) { if (!isset($_POST["frommonth"]) || !isset($_POST["fromday"]) || !isset($_POST["fromyear"]) ) {
UI::exitError(getMLText("add_event"),getMLText("error_occured")); UI::exitError(getMLText("add_event"),getMLText("error_occured"));
} }
if (!isset($_POST["tomonth"]) || !isset($_POST["today"]) || !isset($_POST["toyear"]) ) { if (!isset($_POST["tomonth"]) || !isset($_POST["today"]) || !isset($_POST["toyear"]) ) {
UI::exitError(getMLText("add_event"),getMLText("error_occured")); UI::exitError(getMLText("add_event"),getMLText("error_occured"));
} }
if (!isset($_POST["name"]) || !isset($_POST["comment"]) ) { if (!isset($_POST["name"]) || !isset($_POST["comment"]) ) {
UI::exitError(getMLText("add_event"),getMLText("error_occured")); UI::exitError(getMLText("add_event"),getMLText("error_occured"));
} }
$name = sanitizeString($_POST["name"]); $name = sanitizeString($_POST["name"]);
$comment = sanitizeString($_POST["comment"]); $comment = sanitizeString($_POST["comment"]);
$from = mktime(0,0,0, intval($_POST["frommonth"]), intval($_POST["fromday"]), intval($_POST["fromyear"])); $from = mktime(0,0,0, intval($_POST["frommonth"]), intval($_POST["fromday"]), intval($_POST["fromyear"]));
$to = mktime(23,59,59, sanitizeString($_POST["tomonth"]), sanitizeString($_POST["today"]), sanitizeString($_POST["toyear"])); $to = mktime(23,59,59, intval($_POST["tomonth"]), intval($_POST["today"]), intval($_POST["toyear"]));
if ($to<$from){ if ($to<$from){
$to= mktime(23,59,59, sanitizeString($_POST["frommonth"]), sanitizeString($_POST["fromday"]), sanitizeString($_POST["fromyear"])); $to= mktime(23,59,59, intval($_POST["frommonth"]), intval($_POST["fromday"]), intval($_POST["fromyear"]));
} }
$res = addEvent($from, $to, $name, $comment); $res = addEvent($from, $to, $name, $comment);
if (is_bool($res) && !$res) { if (is_bool($res) && !$res) {
UI::exitError(getMLText("add_event"),getMLText("error_occured")); UI::exitError(getMLText("add_event"),getMLText("error_occured"));
} }
add_log_line("?name=".$name."&from=".$from."&to=".$to); add_log_line("?name=".$name."&from=".$from."&to=".$to);
header("Location:../out/out.Calendar.php?mode=w&day=".$_POST["fromday"]."&year=".$_POST["fromyear"]."&month=".$_POST["frommonth"]); header("Location:../out/out.Calendar.php?mode=w&day=".$_POST["fromday"]."&year=".$_POST["fromyear"]."&month=".$_POST["frommonth"]);
?> ?>