--- inc/newsEdit.php	2001/08/03 11:21:16	1.2
+++ inc/newsEdit.php	2001/08/30 16:35:36	1.5
@@ -9,7 +9,7 @@
 	$ss = array("HTTP_GET_VARS", "HTTP_POST_VARS", "HTTP_POST_FILES");
 	while (list($key, $val) = each($ss)) array_walk($$val, "ss");
 	# ---KLUDGE-END---
-	$phptmp = "php";
+	$phptmp = "^php";
 	function sql($sql) {
 		# echo "<TT><B>[SQL]</B> $sql<BR>\n";
 	}
@@ -49,7 +49,7 @@
 		if ($cancel || $save) {
 			if ($save) {
 				// Move temp pics & save article.
-				if (ereg("^$phptmp", $titlepic_url2) && $ed_id > 0) {
+				if (ereg("$phptmp", $titlepic_url2) && $ed_id > 0) {
 					$sql = "SELECT title_pic FROM news WHERE (news_id = $ed_id)";
 sql($sql);
 					$sth = $dbh->prepare($sql);
@@ -143,19 +143,19 @@
 				}
 			} else {
 				// Delete temp pics.
-				if (ereg("^$phptmp", $titlepic_url2))
+				if (ereg("$phptmp", $titlepic_url2))
 					MyDelete($syspicdir."/".$titlepic_url2);
 				$i = 1;
 				while (isset(${"ed_textpic_id_".$i})) {
 					$tmp = ${"textpic_url2_".$i};
-					if (ereg("^$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp);
+					if (ereg("$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp);
 					$i++;
 				}
 			}
 			if (!isset($art["limit"])) $art["limit"] = 1;
 			if (!isset($art["npar"])) $art["npar"] = 1;
 			return array_shift(newsLoad($ed_id, $ed_cat,
-				$art["limit"], $art["npar"]));
+				$art["limit"], $art["offset"], $art["npar"]));
 		}
 		// Handle temp pic upload.
 		global $HTTP_POST_FILES;
@@ -173,14 +173,14 @@
 				$titlepic_url = $nm.$ext;
 				$titlepic_name = $name;
 				$u = $titlepic_url2;
-				if (ereg("^$phptmp", $u)) MyDelete($syspicdir."/".$u);
+				if (ereg("$phptmp", $u)) MyDelete($syspicdir."/".$u);
 				unset($clear_main, $clr_main);
 			} else if (ereg("^ed_textpic_url_([1-9][0-9]*)$", $key, $regs)) {
 				$n = $regs[1];
 				${"textpic_url_".$n} = $nm.$ext;
 				${"textpic_name_".$n} = $name;
 				$u = ${"textpic_url2_".$n};
-				if (ereg("^$phptmp", $u)) MyDelete($syspicdir."/".$u2);
+				if (ereg("$phptmp", $u)) MyDelete($syspicdir."/".$u2);
 				unset(${"clear_".$n}, ${"clr_".$n});
 			} else {
 				// [?!?]
@@ -280,6 +280,7 @@
 			for ($i = 0; $i < intval($add_num); $i++)
 				array_push($ed_pgfs, array(-1, "", "", -1, "", "", "", "", 0, 0, 0, true));
 		}
+		$ed_empty = ($ed_title || $ed_lead || $ed_titlepic_pos || $ed_more) ? false : true;
 		$ed_text = array();
 		$ed_records = array();
 		$ed_warnings = ($ed_warning ? true : false);
@@ -296,12 +297,12 @@
 				if ($val["id"] == $lev) $class = $val["class"];
 			if ((${"clear_".$i} || ${"clr_".$i}) && $ed_preview && (${"textpic_name_".$i} != ${"textpic_url2_".$i})) {
 				$tmp = ${"textpic_url2_".$i};
-				if (ereg("^$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp);
+				if (ereg("$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp);
 				$picurl = ${"textpic_url_".$i} = ${"textpic_url2_".$i} = $name = "";
 			}
 			if (!$name) $name = $picurl;
-			$txt = MyEscape($txt);
-			$txt2 = ParseNewline($txt);
+			$txt = MyEscape(convert_html($txt));
+			$txt2 = ParseNewline($txt, true);
 			global ${"ed_text_force_".$i};
 			$force = ${"ed_text_force_".$i};
 			$empty = (($ed_preview && !$txt && !$pos && !$new) ? true : false);
@@ -315,12 +316,12 @@
 				"n" => $i,
 				"txt" => $txt2,
 				"txt2" => $txt,
-				"title" => MyEscape($tit),
+				"title" => MyEscape(convert_html($tit)),
 				"level" => $lev,
-				"class" => MyEscape($class),
-				"url" => MyEscape($picurl),
-				"name" => MyEscape($name),
-				"alt" => MyEscape($alt),
+				"class" => MyEscape(convert_html($class)),
+				"url" => MyEscape(convert_html($picurl)),
+				"name" => MyEscape(convert_html($name)),
+				"alt" => MyEscape(convert_html($alt)),
 				"width" => $w,
 				"height" => $h,
 				"pos" => $pos,
@@ -334,13 +335,13 @@
 		$tp->assign("ed_cat", $ed_cat);
 		$tp->assign("ed_preview", $ed_preview);
 		$tp->assign("ed_trigger", $trigger);
-		$tp->assign("ed_title", MyEscape($ed_title));
-		$tp->assign("ed_lead", MyEscape($ed_lead));
+		$tp->assign("ed_title", MyEscape(convert_html($ed_title)));
+		$tp->assign("ed_lead", MyEscape(convert_html($ed_lead)));
 		$tp->assign("ed_titlepic_pos", $ed_titlepic_pos);
-		$tp->assign("ed_titlepic_url", MyEscape($titlepic_url));
-		$tp->assign("ed_titlepic_url2", MyEscape($titlepic_url2));
-		$tp->assign("ed_titlepic_name", MyEscape($titlepic_name));
-		$tp->assign("ed_titlepic_alt", MyEscape($ed_titlepic_alt));
+		$tp->assign("ed_titlepic_url", MyEscape(convert_html($titlepic_url)));
+		$tp->assign("ed_titlepic_url2", MyEscape(convert_html($titlepic_url2)));
+		$tp->assign("ed_titlepic_name", MyEscape(convert_html($titlepic_name)));
+		$tp->assign("ed_titlepic_alt", MyEscape(convert_html($ed_titlepic_alt)));
 		$tp->assign("ed_titlepic_width", $width);
 		$tp->assign("ed_titlepic_height", $height);
 		$tp->assign("ed_more", MyEscape($ed_more));
@@ -358,6 +359,8 @@
 		if ($trigger) array_push($params, "$trigger=1");
 		global $PHP_SELF;
 		$tp->assign("FORM_ACTION", $PHP_SELF.HTMLSpecialChars("?".implode("&", $params)));
+		global $onload;
+		$onload .= "document.forms[0].elements[0].focus();";
 		return $tp->fetch("edit.tpl");
 	}
 ?>