summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordeva <deva>2010-02-28 13:06:39 +0000
committerdeva <deva>2010-02-28 13:06:39 +0000
commit9cff69d330760c133d2b22c96da7a89e319b2362 (patch)
tree2fcaf78432ed03a092b1b57e9155c0c294c03eab
parent5b272cd81712a01fceb946682bb99f8402c070df (diff)
Better control of xml enconding... still a lot of testing to do though.
-rw-r--r--utils/admin.php2
-rw-r--r--utils/convert.php7
-rw-r--r--utils/forms.php37
-rw-r--r--utils/modules/events.php9
-rw-r--r--utils/modules/news.php13
-rw-r--r--utils/modules/newsletter.php28
-rw-r--r--utils/modules/pressrelease.php155
7 files changed, 194 insertions, 57 deletions
diff --git a/utils/admin.php b/utils/admin.php
index f967c76..c8c96cf 100644
--- a/utils/admin.php
+++ b/utils/admin.php
@@ -1,6 +1,6 @@
<?php /* -*- Mode: php; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ ?>
<div class="admin" id="admin">
- <span class="windowtitle header">Admin</span>
+ <span class="header windowtitle">Admin</span>
<div class="button close"><a href="?page=">X</a></div>
<?php
global $loggedin;
diff --git a/utils/convert.php b/utils/convert.php
index 4471e8f..70fab51 100644
--- a/utils/convert.php
+++ b/utils/convert.php
@@ -1,5 +1,10 @@
<?php
+function xmlenc($message)
+{
+ return htmlspecialchars($message, ENT_QUOTES, "UTF-8");
+}
+
function convert($message)
{
$message = stripslashes($message);
@@ -14,7 +19,7 @@ function convert_array($vs)
if(sizeof($vs)) {
foreach($vs as $k => $v) {
- $vars[$k] = convert($v);
+ $vars[$k] = stripslashes($v);
}
}
diff --git a/utils/forms.php b/utils/forms.php
index 126d29f..0268315 100644
--- a/utils/forms.php
+++ b/utils/forms.php
@@ -1,4 +1,7 @@
<?php
+
+include_once($UTIL_DIR."/convert.php");
+
class LineEdit {
public $label, $name, $value;
@@ -12,8 +15,8 @@ class LineEdit {
function render($indent = "")
{
$str = $indent . "<div class=\"input\">\n";
- $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n";
- $str .= $indent . " <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".$this->value."\"/></div>\n";
+ $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n";
+ $str .= $indent . " <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".xmlenc($this->value)."\"/></div>\n";
$str .= $indent . "</div>\n";
return $str;
}
@@ -32,8 +35,8 @@ class LineEditPwd {
function render($indent = "")
{
$str = $indent . "<div class=\"input\">\n";
- $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n";
- $str .= $indent . " <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".$this->value."\" type=\"password\"/></div>\n";
+ $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n";
+ $str .= $indent . " <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".xmlenc($this->value)."\" type=\"password\"/></div>\n";
$str .= $indent . "</div>\n";
return $str;
}
@@ -52,7 +55,7 @@ class FileUpload {
public function render($indent = "")
{
$str = $indent . "<div class=\"input\">\n";
- $str .= $indent . " <div class=\"label\">". $this->label . "</div>\n";
+ $str .= $indent . " <div class=\"label\">". xmlenc($this->label) . "</div>\n";
$str .= $indent . " <div class=\"widget\"><input type=\"file\" name=\""
. $this->name. "\" accept=\"". $this->accept ."\"/></div>\n";
$str .= $indent . "</div>\n";
@@ -92,8 +95,8 @@ class CheckBox {
public function render($indent = "")
{
$str = $indent . "<div class=\"input\">\n";
- $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n";
- $str .= $indent . " <div class=\"widget\"><input type=\"checkbox\" name=\"vars[".$this->name."]\" value=\"".$this->value."\"/></div>\n";
+ $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n";
+ $str .= $indent . " <div class=\"widget\"><input type=\"checkbox\" name=\"vars[".$this->name."]\" value=\"".xmlenc($this->value)."\"/></div>\n";
$str .= $indent . "</div>\n";
return $str;
}
@@ -113,12 +116,12 @@ class ComboBox {
public function render($indent = "")
{
$str = $indent . "<div class=\"input\">\n";
- $str .= $indent . " <div class=\"label\">".$this->label."</div>\n";
+ $str .= $indent . " <div class=\"label\">".xmlenc($this->label)."</div>\n";
$str .= $indent . " <div class=\"widget\">\n";
$str .= $indent . " <select name=\"vars[".$this->name."]\">\n";
foreach($this->values as $k => $v) {
- if($v != $this->value) $str .= $indent . " <option value=\"".$v."\">".$k."</option>\n";
- else $str .= $indent . " <option value=\"".$v."\" selected>".$k."</option>\n";
+ if($v != $this->value) $str .= $indent . " <option value=\"".xmlenc($v)."\">".xmlenc($k)."</option>\n";
+ else $str .= $indent . " <option value=\"".xmlenc($v)."\" selected>".xmlenc($k)."</option>\n";
}
$str .= $indent . " </select>\n";
$str .= $indent . " </div>\n";
@@ -139,7 +142,7 @@ class Hidden {
{
$str = "";
foreach($this->values as $key => $value) {
- $str .= $indent . "<input type=\"hidden\" name=\"vars[".$key."]\" value=\"".$value."\"/>\n";
+ $str .= $indent . "<input type=\"hidden\" name=\"vars[".$key."]\" value=\"".xmlenc($value)."\"/>\n";
}
return $str;
}
@@ -159,8 +162,8 @@ class TextEdit {
function render($indent = "")
{
$str = $indent . "<div class=\"input\">\n";
- $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n";
- $str .= $indent . " <div class=\"widget\"><textarea rows=\"".$this->lines."\" class=\"textedit\" name=\"vars[".$this->name."]\">".$this->value."</textarea></div>\n";
+ $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n";
+ $str .= $indent . " <div class=\"widget\"><textarea rows=\"".$this->lines."\" class=\"textedit\" name=\"vars[".$this->name."]\">".xmlenc($this->value)."</textarea></div>\n";
$str .= $indent . "</div>\n";
return $str;
}
@@ -189,7 +192,7 @@ class DateTimeEdit {
$year = date('Y',$t);
$str = $indent . "<div class=\"input\">\n";
- $str .= $indent . " <div class=\"label\">".$this->label."</div>\n";
+ $str .= $indent . " <div class=\"label\">".xmlenc($this->label)."</div>\n";
$str .= $indent . " <div class=\"widget\">\n";
$str .= $indent . " <input style=\"width: 50px;\" name=\"vars[".$this->name."_year]\" value=\"".$year."\"/>";
$str .= "/<input style=\"width: 30px;\" name=\"vars[".$this->name."_month]\" value=\"".$month."\"/>";
@@ -237,7 +240,7 @@ class ImageComboBox {
else $numicons = sizeof($this->values);
$str = $indent . "<div class=\"input\">\n";
- $str .= $indent . " <div class=\"label\">".$this->label."</div>\n";
+ $str .= $indent . " <div class=\"label\">".xmlenc($this->label)."</div>\n";
$str .= $indent . " <div class=\"widget\">\n";
$str .= $indent . " <script type=\"text/javascript\">\n";
$str .= $indent . " function setSelection(value)\n";
@@ -391,14 +394,14 @@ class MultiList {
function render($indent = "")
{
$str = $indent . "<div class=\"input\">\n";
- $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n";
+ $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n";
$str .= $indent . " <div class=\"widget\">\n";
$str .= $indent . " <select multiple size=\"8\" id=\"items\" name=\"".$this->name."[]\">\n";
if(sizeof($this->values)) {
foreach($this->values as $value => $active) {
if($active == true) $sel = " selected=\"true\"";
else $sel = "";
- $str .= $indent . " <option value=\"".$value."\"".$sel.">".$value."</option>\n";
+ $str .= $indent . " <option value=\"".xmlenc($value)."\"".$sel.">".xmlenc($value)."</option>\n";
}
}
$str .= $indent . " </select>\n";
diff --git a/utils/modules/events.php b/utils/modules/events.php
index cf04734..6e1218f 100644
--- a/utils/modules/events.php
+++ b/utils/modules/events.php
@@ -15,11 +15,10 @@ class Event {
public function write($fp)
{
- fwrite($fp, " <event title=\"" .
- htmlspecialchars($this->title, ENT_QUOTES, "UTF-8") . "\"\n");
- fwrite($fp, " time=\"" . $this->time . "\"\n");
- fwrite($fp, " flyer=\"" . $this->flyer . "\">");
- fwrite($fp, htmlspecialchars($this->description, ENT_QUOTES, "UTF-8"));
+ fwrite($fp, " <event title=\"" .xmlenc($this->title) . "\"\n");
+ fwrite($fp, " time=\"" . xmlenc($this->time) . "\"\n");
+ fwrite($fp, " flyer=\"" . xmlenc($this->flyer) . "\">");
+ fwrite($fp, xmlenc($this->description));
fwrite($fp, " </event>\n");
}
diff --git a/utils/modules/news.php b/utils/modules/news.php
index 29187ea..00f1d4c 100644
--- a/utils/modules/news.php
+++ b/utils/modules/news.php
@@ -50,13 +50,12 @@ class NewsEntry {
public function write($fp)
{
- fwrite($fp, " <newsentry title=\"" .
- htmlspecialchars($this->title, ENT_QUOTES, "UTF-8") . "\"\n");
- fwrite($fp, " time=\"" . $this->time . "\"\n");
- fwrite($fp, " category=\"" . $this->category . "\"\n");
- fwrite($fp, " userid=\"" . $this->userid . "\"\n");
- fwrite($fp, " icon=\"" . $this->icon . "\">");
- fwrite($fp, htmlspecialchars($this->description, ENT_QUOTES, "UTF-8"));
+ fwrite($fp, " <newsentry title=\"".xmlenc($this->title)."\"\n");
+ fwrite($fp, " time=\"" . xmlenc($this->time) . "\"\n");
+ fwrite($fp, " category=\"" . xmlenc($this->category) . "\"\n");
+ fwrite($fp, " userid=\"" . xmlenc($this->userid) . "\"\n");
+ fwrite($fp, " icon=\"" . xmlenc($this->icon) . "\">");
+ fwrite($fp, xmlenc($this->description));
fwrite($fp, " </newsentry>\n");
}
diff --git a/utils/modules/newsletter.php b/utils/modules/newsletter.php
index 4bba9c6..3ca3f41 100644
--- a/utils/modules/newsletter.php
+++ b/utils/modules/newsletter.php
@@ -3,6 +3,7 @@
global $UTIL_DIR;
include_once($UTIL_DIR . "/mail.php");
+include_once($UTIL_DIR . "/convert.php");
class Mailinglist extends _Mailinglist {
private $file;
@@ -13,15 +14,14 @@ class Mailinglist extends _Mailinglist {
$fp = fopen($this->file, "w");
fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
- fwrite($fp, "<mailinglist subj_prefix=\"" . $this->subj_prefix . "\"\n");
- fwrite($fp, " sender=\"" . $this->sender . "\"\n");
- fwrite($fp, " replyto=\"" . $this->replyto . "\"\n");
- fwrite($fp, " unsubscribe_url=\"" . $this->unsubscribe_url . "\">\n");
- fwrite($fp, " <footer>" . $this->footer . "</footer>\n");
+ fwrite($fp, "<mailinglist subj_prefix=\"" . xmlenc($this->subj_prefix) . "\"\n");
+ fwrite($fp, " sender=\"" . xmlenc($this->sender) . "\"\n");
+ fwrite($fp, " replyto=\"" . xmlenc($this->replyto) . "\"\n");
+ fwrite($fp, " unsubscribe_url=\"" . xmlenc($this->unsubscribe_url) . "\">\n");
+ fwrite($fp, " <footer>" . xmlenc($this->footer) . "</footer>\n");
foreach($this->mailinglist as $email) {
- fwrite($fp, " <email email=\"" .
- htmlspecialchars($email->email, ENT_QUOTES, "UTF-8") . "\"\n");
- fwrite($fp, " timestamp=\"" . $email->timestamp . "\">\n");
+ fwrite($fp, " <email email=\"" . xmlenc($email->email) . "\"\n");
+ fwrite($fp, " timestamp=\"" . xmlenc($email->timestamp) . "\">\n");
fwrite($fp, " </email>\n");
}
fwrite($fp, "</mailinglist>\n");
@@ -64,9 +64,11 @@ class Mailinglist extends _Mailinglist {
$email = new EMail($emailaddr, time());
if($this->add($email)) {
$this->write();
- $str .= "<div class=\"newsletter_message\">The email: " . $emailaddr . " has now been subscribed.</div>";
+ $str .= "<div class=\"newsletter_message\">The email: " .
+ $emailaddr . " has now been subscribed.</div>";
} else {
- $str .= "<div class=\"newsletter_message\">The email: " . $emailaddr . " is already subscribed.</div>";
+ $str .= "<div class=\"newsletter_message\">The email: " .
+ $emailaddr . " is already subscribed.</div>";
}
return $str;
}
@@ -76,9 +78,11 @@ class Mailinglist extends _Mailinglist {
$str = "";
if($this->remove($emailaddr)) {
$this->write();
- $str .= "<div class=\"newsletter_message\">The email: " . $emailaddr . " has now been unsubscribed.</div>";
+ $str .= "<div class=\"newsletter_message\">The email: " .
+ $emailaddr . " has now been unsubscribed.</div>";
} else {
- $str .= "<div class=\"newsletter_message\">The email: " . $emailaddr . " is not subscribed.</div>";
+ $str .= "<div class=\"newsletter_message\">The email: " .
+ $emailaddr . " is not subscribed.</div>";
}
return $str;
}
diff --git a/utils/modules/pressrelease.php b/utils/modules/pressrelease.php
index 4779ffa..542edd0 100644
--- a/utils/modules/pressrelease.php
+++ b/utils/modules/pressrelease.php
@@ -3,10 +3,11 @@
global $UTIL_DIR;
include_once($UTIL_DIR . "/mail.php");
+include_once($UTIL_DIR . "/convert.php");
class PEmail extends Email {
public $url;
- public $title;
+ public $name;
};
class PMailinglist extends _Mailinglist {
@@ -17,15 +18,14 @@ class PMailinglist extends _Mailinglist {
$fp = fopen($this->file, "w");
fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
- fwrite($fp, "<pressrelease subj_prefix=\"" . $this->subj_prefix . "\"\n");
- fwrite($fp, " sender=\"" . $this->sender . "\"\n");
- fwrite($fp, " replyto=\"" . $this->replyto . "\">\n");
- fwrite($fp, " <footer>" . $this->footer . "</footer>\n");
+ fwrite($fp, "<pressrelease subj_prefix=\"" . xmlenc($this->subj_prefix) . "\"\n");
+ fwrite($fp, " sender=\"" . xmlenc($this->sender) . "\"\n");
+ fwrite($fp, " replyto=\"" . xmlenc($this->replyto) . "\">\n");
+ fwrite($fp, " <footer>" . xmlenc($this->footer) . "</footer>\n");
foreach($this->mailinglist as $email) {
- fwrite($fp, " <email email=\"" .
- htmlspecialchars($email->email, ENT_QUOTES, "UTF-8") . "\"\n");
- fwrite($fp, " url=\"" . $email->url . "\">\n");
- fwrite($fp, " name=\"" . $email->name . "\">\n");
+ fwrite($fp, " <email email=\"" . xmlenc($email->email) . "\"\n");
+ fwrite($fp, " url=\"" . xmlenc($email->url) . "\"\n");
+ fwrite($fp, " name=\"" . xmlenc($email->name) . "\">\n");
fwrite($fp, " </email>\n");
}
fwrite($fp, "</pressrelease>\n");
@@ -77,7 +77,11 @@ class PressRelease {
// Admin config
public $admin_title = "Press release";
public $admin_submodules = array("Send" => "send",
- "Config" => "config");
+ "Config" => "config",
+ "Add receiver" => "add",
+ "Edit receiver" => "edit",
+ "Delete receiver" => "delete",
+ "View receivers" => "view");
public function admin_send($action, $vars)
{
@@ -133,16 +137,123 @@ class PressRelease {
default:
$form = new Form("update");
- $form->addWidget(new LineEdit("Subject prefix:", "subj_prefix", $this->mailinglist->subj_prefix));
- $form->addWidget(new LineEdit("Sender:", "sender", $this->mailinglist->sender));
- $form->addWidget(new LineEdit("Reply to:", "replyto", $this->mailinglist->replyto));
- $form->addWidget(new TextEdit("Footer:", "footer", $this->mailinglist->footer));
+ $form->addWidget(new LineEdit("Subject prefix:", "subj_prefix",
+ $this->mailinglist->subj_prefix));
+ $form->addWidget(new LineEdit("Sender:", "sender",
+ $this->mailinglist->sender));
+ $form->addWidget(new LineEdit("Reply to:", "replyto",
+ $this->mailinglist->replyto));
+ $form->addWidget(new TextEdit("Footer:", "footer",
+ $this->mailinglist->footer));
$form->addWidget(new Button("Update"));
$form->render();
break;
}
}
+ public function admin_add($action, $vars)
+ {
+ global $UID, $GLOBALS;
+
+ switch($action) {
+ case "add":
+ $pemail = new PEmail($vars["email"], time());
+ $pemail->url = $vars["url"];
+ $pemail->name = $vars["name"];
+ $this->mailinglist->add($pemail);
+ $this->mailinglist->write();
+ break;
+
+ default:
+ $form = new Form("add");
+ $form->addWidget(new LineEdit("Email:", "email", ""));
+ $form->addWidget(new LineEdit("URL:", "url", ""));
+ $form->addWidget(new LineEdit("Name:", "name", ""));
+ $form->addWidget(new Button("Add"));
+ $form->render();
+ break;
+ }
+ }
+
+ public function admin_edit($action, $vars)
+ {
+ switch($action) {
+ case "write":
+ $email = $this->mailinglist->mailinglist[$vars["editid"]];
+ $email->email = $vars["email"];
+ $email->url = $vars["url"];
+ $email->name = $vars["name"];
+ $this->mailinglist->write();
+ break;
+
+ case "edit":
+ $email = $this->mailinglist->mailinglist[$vars["editid"]];
+
+ $form = new Form("write");
+ $form->addWidget(new Hidden(array("editid" => $email->email)));
+ $form->addWidget(new LineEdit("Email:", "email", $email->email));
+ $form->addWidget(new LineEdit("URL:", "url", $email->url));
+ $form->addWidget(new LineEdit("Name:", "name", $email->name));
+ $form->addWidget(new Button("Edit"));
+ $form->render();
+ break;
+
+ default:
+ $rcvlist = array();
+ foreach($this->mailinglist->mailinglist as $m) {
+ $title = $m->name . " (".$m->email.")";
+ $rcvlist[$title] = $m->email;
+ }
+
+ ksort($rcvlist);
+
+ $form = new Form("edit");
+ $form->addWidget(new ComboBox("Select receiver to edit:", "editid", "", $rcvlist));
+ $form->addWidget(new Button("Edit..."));
+ $form->render();
+ break;
+ }
+ }
+
+ public function admin_delete($action, $vars)
+ {
+ switch($action) {
+ case "delete":
+ $this->mailinglist->remove($vars["delrcv"]);
+ $this->mailinglist->write();
+ break;
+
+ default:
+ $rcvlist = array();
+ foreach($this->mailinglist->mailinglist as $m) {
+ $title = $m->name . " (".$m->email.")";
+ $rcvlist[$title] = $m->email;
+ }
+
+ ksort($rcvlist);
+
+ $form = new Form("delete");
+ $form->addWidget(new ComboBox("Select receiver to delete:", "delrcv", "", $rcvlist));
+ $form->addWidget(new Button("Delete"));
+ $form->render();
+ break;
+ }
+ }
+
+ public function admin_view($action, $vars)
+ {
+ switch($action) {
+ default:
+ echo "<p>There are " . sizeof($this->mailinglist->mailinglist) . " receivers:</p>\n";
+ echo "<ul>\n";
+ foreach($this->mailinglist->mailinglist as $m) {
+ echo " <li>".xmlenc($m->name)." (<a href=\"".xmlenc($m->url)."\">".$m->url."</a>): ".xmlenc($m->email)."</li>\n";
+ }
+ echo "</ul>\n";
+ break;
+ }
+ }
+
public function admin($sub, $action, $vars)
{
switch($sub) {
@@ -153,6 +264,22 @@ class PressRelease {
case "config":
$this->admin_config($action, $vars);
break;
+
+ case "add":
+ $this->admin_add($action, $vars);
+ break;
+
+ case "edit":
+ $this->admin_edit($action, $vars);
+ break;
+
+ case "delete":
+ $this->admin_delete($action, $vars);
+ break;
+
+ case "view":
+ $this->admin_view($action, $vars);
+ break;
}
}