--- inc/newsEdit.php 2001/08/08 12:58:08 1.4 +++ inc/newsEdit.php 2001/09/03 15:52:15 1.6 @@ -9,12 +9,12 @@ $ss = array("HTTP_GET_VARS", "HTTP_POST_VARS", "HTTP_POST_FILES"); while (list($key, $val) = each($ss)) array_walk($$val, "ss"); # ---KLUDGE-END--- - $phptmp = "php"; + $phptmp = "^php"; function sql($sql) { # echo "[SQL] $sql
\n"; } function newsEdit($art, $trigger = "") { - global $phptmp, $picdir, $syspicdir, $section, $dbh, $tpl; + global $phptmp, $picdir, $syspicdir, $section, $section_menu, $dbh, $tpl; global $ed_id, $ed_cat; $i = 1; global $ed_delete_main, $ed_del_main; @@ -49,7 +49,7 @@ if ($cancel || $save) { if ($save) { // Move temp pics & save article. - if (ereg("^$phptmp", $titlepic_url2) && $ed_id > 0) { + if (ereg("$phptmp", $titlepic_url2) && $ed_id > 0) { $sql = "SELECT title_pic FROM news WHERE (news_id = $ed_id)"; sql($sql); $sth = $dbh->prepare($sql); @@ -61,19 +61,21 @@ if ($row) MyDelete($syspicdir."/".$row); } global $ed_title, $ed_lead, $ed_titlepic_alt, - $ed_titlepic_pos, $ed_more, $ed_cat; + $ed_titlepic_pos, $ed_more, $ed_more_title, + $ed_cat; $ed_title = MyQuote($ed_title); $ed_lead = MyQuote($ed_lead); $ed_titlepic_nm = MyQuote(basename($titlepic_name)); $ed_titlepic_alt = MyQuote($ed_titlepic_alt); $ed_more = MyQuote($ed_more); + $ed_more_title = MyQuote($ed_more_title); if (!$ed_titlepic_pos) $ed_titlepic_pos = 0; if ($ed_id > 0) { - $sql = "UPDATE news SET category = '$ed_cat', title = $ed_title, lead = $ed_lead, title_pic = $ed_titlepic_nm, title_alt = $ed_titlepic_alt, title_pos = $ed_titlepic_pos, url = $ed_more, date = CURRENT_TIMESTAMP WHERE (news_id = $ed_id)"; + $sql = "UPDATE news SET category = '$ed_cat', title = $ed_title, lead = $ed_lead, title_pic = $ed_titlepic_nm, title_alt = $ed_titlepic_alt, title_pos = $ed_titlepic_pos, url = $ed_more, url_title = $ed_more_title, date = CURRENT_TIMESTAMP WHERE (news_id = $ed_id)"; sql($sql); $dbh->dbh_do($sql); } else { - $sql = "INSERT INTO news (category, title, lead, title_pic, title_alt, title_pos, url, date) VALUES ('$ed_cat', $ed_title, $ed_lead, $ed_titlepic_nm, $ed_titlepic_alt, $ed_titlepic_pos, $ed_more, CURRENT_TIMESTAMP)"; + $sql = "INSERT INTO news (category, title, lead, title_pic, title_alt, title_pos, url, url_title, date) VALUES ('$ed_cat', $ed_title, $ed_lead, $ed_titlepic_nm, $ed_titlepic_alt, $ed_titlepic_pos, $ed_more, $ed_more_title, CURRENT_TIMESTAMP)"; sql($sql); $dbh->dbh_do($sql); $sql = "SELECT news_id FROM news WHERE (title = $ed_title)"; @@ -143,12 +145,12 @@ } } else { // Delete temp pics. - if (ereg("^$phptmp", $titlepic_url2)) + if (ereg("$phptmp", $titlepic_url2)) MyDelete($syspicdir."/".$titlepic_url2); $i = 1; while (isset(${"ed_textpic_id_".$i})) { $tmp = ${"textpic_url2_".$i}; - if (ereg("^$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp); + if (ereg("$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp); $i++; } } @@ -173,14 +175,14 @@ $titlepic_url = $nm.$ext; $titlepic_name = $name; $u = $titlepic_url2; - if (ereg("^$phptmp", $u)) MyDelete($syspicdir."/".$u); + if (ereg("$phptmp", $u)) MyDelete($syspicdir."/".$u); unset($clear_main, $clr_main); } else if (ereg("^ed_textpic_url_([1-9][0-9]*)$", $key, $regs)) { $n = $regs[1]; ${"textpic_url_".$n} = $nm.$ext; ${"textpic_name_".$n} = $name; $u = ${"textpic_url2_".$n}; - if (ereg("^$phptmp", $u)) MyDelete($syspicdir."/".$u2); + if (ereg("$phptmp", $u)) MyDelete($syspicdir."/".$u2); unset(${"clear_".$n}, ${"clr_".$n}); } else { // [?!?] @@ -210,7 +212,8 @@ $tp->assign("levels", $levels); // ----- global $ed_id, $ed_title, $ed_lead, $ed_titlepic_pos, - $ed_titlepic_alt, $ed_cat, $ed_more; + $ed_titlepic_alt, $ed_cat, $ed_more, + $ed_more_title; global $ed_edit, $ed_preview, $preview, $add; if (!$ed_preview) $ed_preview = ($preview ? true : false); if ($ed_edit) $ed_preview = false; @@ -225,7 +228,8 @@ $ed_warning = 0; if ($ed_edit || $ed_preview || $add || $delete || $clear) { global $ed_title, $ed_lead, $ed_titlepic_pos, - $ed_titlepic_alt, $ed_cat, $ed_more; + $ed_titlepic_alt, $ed_cat, $ed_more, + $ed_more_title; if (!$HTTP_POST_FILES["ed_titlepic_url"]["name"]) $titlepic_url = ""; if (!$titlepic_url) $titlepic_url = $titlepic_url2; if (!$titlepic_url && !($clear_main || $clr_main)) @@ -260,10 +264,11 @@ } else { list($ed_title, $ed_lead, $ed_titlepic_pos, $titlepic_url, $titlepic_url2, $titlepic_name, $ed_titlepic_alt, - $ed_cat, $ed_more, $width, $height) = array($art["title"], - $art["lead"], $art["pic_pos"], $art["pic_url"], - $art["pic_url"], $art["pic_url"], $art["pic_alt"], - $art["category"], $art["more"], $art["pic_w"], $art["pic_h"]); + $ed_cat, $ed_more, $ed_more_title, $width, $height) = + array($art["title"], $art["lead"], $art["pic_pos"], + $art["pic_url"], $art["pic_url"], $art["pic_url"], + $art["pic_alt"], $art["category"], $art["more"], + $art["more_title"], $art["pic_w"], $art["pic_h"]); while ($art["text"] && list($id, $val) = each($art["text"])) { list($id, $txt, $title, $lev, $cls, $pic, $alt, $pos, $w, $h) = array( $val["id"], $val["text"], $val["title"], $val["level"], @@ -297,12 +302,12 @@ if ($val["id"] == $lev) $class = $val["class"]; if ((${"clear_".$i} || ${"clr_".$i}) && $ed_preview && (${"textpic_name_".$i} != ${"textpic_url2_".$i})) { $tmp = ${"textpic_url2_".$i}; - if (ereg("^$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp); + if (ereg("$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp); $picurl = ${"textpic_url_".$i} = ${"textpic_url2_".$i} = $name = ""; } if (!$name) $name = $picurl; - $txt = MyEscape($txt); - $txt2 = ParseNewline($txt); + $txt = MyEscape(convert_html($txt)); + $txt2 = ParseNewline($txt, true); global ${"ed_text_force_".$i}; $force = ${"ed_text_force_".$i}; $empty = (($ed_preview && !$txt && !$pos && !$new) ? true : false); @@ -316,12 +321,12 @@ "n" => $i, "txt" => $txt2, "txt2" => $txt, - "title" => MyEscape($tit), + "title" => MyEscape(convert_html($tit)), "level" => $lev, - "class" => MyEscape($class), - "url" => MyEscape($picurl), - "name" => MyEscape($name), - "alt" => MyEscape($alt), + "class" => MyEscape(convert_html($class)), + "url" => MyEscape(convert_html($picurl)), + "name" => MyEscape(convert_html($name)), + "alt" => MyEscape(convert_html($alt)), "width" => $w, "height" => $h, "pos" => $pos, @@ -335,16 +340,17 @@ $tp->assign("ed_cat", $ed_cat); $tp->assign("ed_preview", $ed_preview); $tp->assign("ed_trigger", $trigger); - $tp->assign("ed_title", MyEscape($ed_title)); - $tp->assign("ed_lead", MyEscape($ed_lead)); + $tp->assign("ed_title", MyEscape(convert_html($ed_title))); + $tp->assign("ed_lead", MyEscape(convert_html($ed_lead))); $tp->assign("ed_titlepic_pos", $ed_titlepic_pos); - $tp->assign("ed_titlepic_url", MyEscape($titlepic_url)); - $tp->assign("ed_titlepic_url2", MyEscape($titlepic_url2)); - $tp->assign("ed_titlepic_name", MyEscape($titlepic_name)); - $tp->assign("ed_titlepic_alt", MyEscape($ed_titlepic_alt)); + $tp->assign("ed_titlepic_url", MyEscape(convert_html($titlepic_url))); + $tp->assign("ed_titlepic_url2", MyEscape(convert_html($titlepic_url2))); + $tp->assign("ed_titlepic_name", MyEscape(convert_html($titlepic_name))); + $tp->assign("ed_titlepic_alt", MyEscape(convert_html($ed_titlepic_alt))); $tp->assign("ed_titlepic_width", $width); $tp->assign("ed_titlepic_height", $height); $tp->assign("ed_more", MyEscape($ed_more)); + $tp->assign("ed_more_title", MyEscape($ed_more_title)); $tp->assign("ed_clr_main", ($clear_main || $clr_main || !$titlepic_url) ? true : false); $tp->assign("ed_text", $ed_text); $tp->assign("ed_empty", $ed_empty); @@ -354,6 +360,7 @@ $tp->assign("newspicdir", "$picdir/"); $params = array(); if ($section) array_push($params, "section=$section"); + if ($section_menu) array_push($params, "section_menu=$section_menu"); if ($ed_id) array_push($params, "ed_id=$ed_id"); if ($ed_preview) array_push($params, "ed_preview=$ed_preview"); if ($trigger) array_push($params, "$trigger=1");