diff options
Diffstat (limited to 'utils')
| -rw-r--r-- | utils/admin.php | 2 | ||||
| -rw-r--r-- | utils/convert.php | 7 | ||||
| -rw-r--r-- | utils/forms.php | 37 | ||||
| -rw-r--r-- | utils/modules/events.php | 9 | ||||
| -rw-r--r-- | utils/modules/news.php | 13 | ||||
| -rw-r--r-- | utils/modules/newsletter.php | 28 | ||||
| -rw-r--r-- | utils/modules/pressrelease.php | 155 |
7 files changed, 194 insertions, 57 deletions
diff --git a/utils/admin.php b/utils/admin.php index f967c76..c8c96cf 100644 --- a/utils/admin.php +++ b/utils/admin.php @@ -1,6 +1,6 @@ <?php /* -*- Mode: php; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ ?> <div class="admin" id="admin"> - <span class="windowtitle header">Admin</span> + <span class="header windowtitle">Admin</span> <div class="button close"><a href="?page=">X</a></div> <?php global $loggedin; diff --git a/utils/convert.php b/utils/convert.php index 4471e8f..70fab51 100644 --- a/utils/convert.php +++ b/utils/convert.php @@ -1,5 +1,10 @@ <?php +function xmlenc($message) +{ + return htmlspecialchars($message, ENT_QUOTES, "UTF-8"); +} + function convert($message) { $message = stripslashes($message); @@ -14,7 +19,7 @@ function convert_array($vs) if(sizeof($vs)) { foreach($vs as $k => $v) { - $vars[$k] = convert($v); + $vars[$k] = stripslashes($v); } } diff --git a/utils/forms.php b/utils/forms.php index 126d29f..0268315 100644 --- a/utils/forms.php +++ b/utils/forms.php @@ -1,4 +1,7 @@ <?php + +include_once($UTIL_DIR."/convert.php"); + class LineEdit { public $label, $name, $value; @@ -12,8 +15,8 @@ class LineEdit { function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n"; - $str .= $indent . " <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".$this->value."\"/></div>\n"; + $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n"; + $str .= $indent . " <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".xmlenc($this->value)."\"/></div>\n"; $str .= $indent . "</div>\n"; return $str; } @@ -32,8 +35,8 @@ class LineEditPwd { function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n"; - $str .= $indent . " <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".$this->value."\" type=\"password\"/></div>\n"; + $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n"; + $str .= $indent . " <div class=\"widget\"><input name=\"vars[".$this->name."]\" value=\"".xmlenc($this->value)."\" type=\"password\"/></div>\n"; $str .= $indent . "</div>\n"; return $str; } @@ -52,7 +55,7 @@ class FileUpload { public function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">". $this->label . "</div>\n"; + $str .= $indent . " <div class=\"label\">". xmlenc($this->label) . "</div>\n"; $str .= $indent . " <div class=\"widget\"><input type=\"file\" name=\"" . $this->name. "\" accept=\"". $this->accept ."\"/></div>\n"; $str .= $indent . "</div>\n"; @@ -92,8 +95,8 @@ class CheckBox { public function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n"; - $str .= $indent . " <div class=\"widget\"><input type=\"checkbox\" name=\"vars[".$this->name."]\" value=\"".$this->value."\"/></div>\n"; + $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n"; + $str .= $indent . " <div class=\"widget\"><input type=\"checkbox\" name=\"vars[".$this->name."]\" value=\"".xmlenc($this->value)."\"/></div>\n"; $str .= $indent . "</div>\n"; return $str; } @@ -113,12 +116,12 @@ class ComboBox { public function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">".$this->label."</div>\n"; + $str .= $indent . " <div class=\"label\">".xmlenc($this->label)."</div>\n"; $str .= $indent . " <div class=\"widget\">\n"; $str .= $indent . " <select name=\"vars[".$this->name."]\">\n"; foreach($this->values as $k => $v) { - if($v != $this->value) $str .= $indent . " <option value=\"".$v."\">".$k."</option>\n"; - else $str .= $indent . " <option value=\"".$v."\" selected>".$k."</option>\n"; + if($v != $this->value) $str .= $indent . " <option value=\"".xmlenc($v)."\">".xmlenc($k)."</option>\n"; + else $str .= $indent . " <option value=\"".xmlenc($v)."\" selected>".xmlenc($k)."</option>\n"; } $str .= $indent . " </select>\n"; $str .= $indent . " </div>\n"; @@ -139,7 +142,7 @@ class Hidden { { $str = ""; foreach($this->values as $key => $value) { - $str .= $indent . "<input type=\"hidden\" name=\"vars[".$key."]\" value=\"".$value."\"/>\n"; + $str .= $indent . "<input type=\"hidden\" name=\"vars[".$key."]\" value=\"".xmlenc($value)."\"/>\n"; } return $str; } @@ -159,8 +162,8 @@ class TextEdit { function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n"; - $str .= $indent . " <div class=\"widget\"><textarea rows=\"".$this->lines."\" class=\"textedit\" name=\"vars[".$this->name."]\">".$this->value."</textarea></div>\n"; + $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n"; + $str .= $indent . " <div class=\"widget\"><textarea rows=\"".$this->lines."\" class=\"textedit\" name=\"vars[".$this->name."]\">".xmlenc($this->value)."</textarea></div>\n"; $str .= $indent . "</div>\n"; return $str; } @@ -189,7 +192,7 @@ class DateTimeEdit { $year = date('Y',$t); $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">".$this->label."</div>\n"; + $str .= $indent . " <div class=\"label\">".xmlenc($this->label)."</div>\n"; $str .= $indent . " <div class=\"widget\">\n"; $str .= $indent . " <input style=\"width: 50px;\" name=\"vars[".$this->name."_year]\" value=\"".$year."\"/>"; $str .= "/<input style=\"width: 30px;\" name=\"vars[".$this->name."_month]\" value=\"".$month."\"/>"; @@ -237,7 +240,7 @@ class ImageComboBox { else $numicons = sizeof($this->values); $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">".$this->label."</div>\n"; + $str .= $indent . " <div class=\"label\">".xmlenc($this->label)."</div>\n"; $str .= $indent . " <div class=\"widget\">\n"; $str .= $indent . " <script type=\"text/javascript\">\n"; $str .= $indent . " function setSelection(value)\n"; @@ -391,14 +394,14 @@ class MultiList { function render($indent = "") { $str = $indent . "<div class=\"input\">\n"; - $str .= $indent . " <div class=\"label\">". $this->label ."</div>\n"; + $str .= $indent . " <div class=\"label\">". xmlenc($this->label) ."</div>\n"; $str .= $indent . " <div class=\"widget\">\n"; $str .= $indent . " <select multiple size=\"8\" id=\"items\" name=\"".$this->name."[]\">\n"; if(sizeof($this->values)) { foreach($this->values as $value => $active) { if($active == true) $sel = " selected=\"true\""; else $sel = ""; - $str .= $indent . " <option value=\"".$value."\"".$sel.">".$value."</option>\n"; + $str .= $indent . " <option value=\"".xmlenc($value)."\"".$sel.">".xmlenc($value)."</option>\n"; } } $str .= $indent . " </select>\n"; diff --git a/utils/modules/events.php b/utils/modules/events.php index cf04734..6e1218f 100644 --- a/utils/modules/events.php +++ b/utils/modules/events.php @@ -15,11 +15,10 @@ class Event { public function write($fp) { - fwrite($fp, " <event title=\"" . - htmlspecialchars($this->title, ENT_QUOTES, "UTF-8") . "\"\n"); - fwrite($fp, " time=\"" . $this->time . "\"\n"); - fwrite($fp, " flyer=\"" . $this->flyer . "\">"); - fwrite($fp, htmlspecialchars($this->description, ENT_QUOTES, "UTF-8")); + fwrite($fp, " <event title=\"" .xmlenc($this->title) . "\"\n"); + fwrite($fp, " time=\"" . xmlenc($this->time) . "\"\n"); + fwrite($fp, " flyer=\"" . xmlenc($this->flyer) . "\">"); + fwrite($fp, xmlenc($this->description)); fwrite($fp, " </event>\n"); } diff --git a/utils/modules/news.php b/utils/modules/news.php index 29187ea..00f1d4c 100644 --- a/utils/modules/news.php +++ b/utils/modules/news.php @@ -50,13 +50,12 @@ class NewsEntry { public function write($fp) { - fwrite($fp, " <newsentry title=\"" . - htmlspecialchars($this->title, ENT_QUOTES, "UTF-8") . "\"\n"); - fwrite($fp, " time=\"" . $this->time . "\"\n"); - fwrite($fp, " category=\"" . $this->category . "\"\n"); - fwrite($fp, " userid=\"" . $this->userid . "\"\n"); - fwrite($fp, " icon=\"" . $this->icon . "\">"); - fwrite($fp, htmlspecialchars($this->description, ENT_QUOTES, "UTF-8")); + fwrite($fp, " <newsentry title=\"".xmlenc($this->title)."\"\n"); + fwrite($fp, " time=\"" . xmlenc($this->time) . "\"\n"); + fwrite($fp, " category=\"" . xmlenc($this->category) . "\"\n"); + fwrite($fp, " userid=\"" . xmlenc($this->userid) . "\"\n"); + fwrite($fp, " icon=\"" . xmlenc($this->icon) . "\">"); + fwrite($fp, xmlenc($this->description)); fwrite($fp, " </newsentry>\n"); } diff --git a/utils/modules/newsletter.php b/utils/modules/newsletter.php index 4bba9c6..3ca3f41 100644 --- a/utils/modules/newsletter.php +++ b/utils/modules/newsletter.php @@ -3,6 +3,7 @@ global $UTIL_DIR; include_once($UTIL_DIR . "/mail.php"); +include_once($UTIL_DIR . "/convert.php"); class Mailinglist extends _Mailinglist { private $file; @@ -13,15 +14,14 @@ class Mailinglist extends _Mailinglist { $fp = fopen($this->file, "w"); fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"); - fwrite($fp, "<mailinglist subj_prefix=\"" . $this->subj_prefix . "\"\n"); - fwrite($fp, " sender=\"" . $this->sender . "\"\n"); - fwrite($fp, " replyto=\"" . $this->replyto . "\"\n"); - fwrite($fp, " unsubscribe_url=\"" . $this->unsubscribe_url . "\">\n"); - fwrite($fp, " <footer>" . $this->footer . "</footer>\n"); + fwrite($fp, "<mailinglist subj_prefix=\"" . xmlenc($this->subj_prefix) . "\"\n"); + fwrite($fp, " sender=\"" . xmlenc($this->sender) . "\"\n"); + fwrite($fp, " replyto=\"" . xmlenc($this->replyto) . "\"\n"); + fwrite($fp, " unsubscribe_url=\"" . xmlenc($this->unsubscribe_url) . "\">\n"); + fwrite($fp, " <footer>" . xmlenc($this->footer) . "</footer>\n"); foreach($this->mailinglist as $email) { - fwrite($fp, " <email email=\"" . - htmlspecialchars($email->email, ENT_QUOTES, "UTF-8") . "\"\n"); - fwrite($fp, " timestamp=\"" . $email->timestamp . "\">\n"); + fwrite($fp, " <email email=\"" . xmlenc($email->email) . "\"\n"); + fwrite($fp, " timestamp=\"" . xmlenc($email->timestamp) . "\">\n"); fwrite($fp, " </email>\n"); } fwrite($fp, "</mailinglist>\n"); @@ -64,9 +64,11 @@ class Mailinglist extends _Mailinglist { $email = new EMail($emailaddr, time()); if($this->add($email)) { $this->write(); - $str .= "<div class=\"newsletter_message\">The email: " . $emailaddr . " has now been subscribed.</div>"; + $str .= "<div class=\"newsletter_message\">The email: " . + $emailaddr . " has now been subscribed.</div>"; } else { - $str .= "<div class=\"newsletter_message\">The email: " . $emailaddr . " is already subscribed.</div>"; + $str .= "<div class=\"newsletter_message\">The email: " . + $emailaddr . " is already subscribed.</div>"; } return $str; } @@ -76,9 +78,11 @@ class Mailinglist extends _Mailinglist { $str = ""; if($this->remove($emailaddr)) { $this->write(); - $str .= "<div class=\"newsletter_message\">The email: " . $emailaddr . " has now been unsubscribed.</div>"; + $str .= "<div class=\"newsletter_message\">The email: " . + $emailaddr . " has now been unsubscribed.</div>"; } else { - $str .= "<div class=\"newsletter_message\">The email: " . $emailaddr . " is not subscribed.</div>"; + $str .= "<div class=\"newsletter_message\">The email: " . + $emailaddr . " is not subscribed.</div>"; } return $str; } diff --git a/utils/modules/pressrelease.php b/utils/modules/pressrelease.php index 4779ffa..542edd0 100644 --- a/utils/modules/pressrelease.php +++ b/utils/modules/pressrelease.php @@ -3,10 +3,11 @@ global $UTIL_DIR; include_once($UTIL_DIR . "/mail.php"); +include_once($UTIL_DIR . "/convert.php"); class PEmail extends Email { public $url; - public $title; + public $name; }; class PMailinglist extends _Mailinglist { @@ -17,15 +18,14 @@ class PMailinglist extends _Mailinglist { $fp = fopen($this->file, "w"); fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"); - fwrite($fp, "<pressrelease subj_prefix=\"" . $this->subj_prefix . "\"\n"); - fwrite($fp, " sender=\"" . $this->sender . "\"\n"); - fwrite($fp, " replyto=\"" . $this->replyto . "\">\n"); - fwrite($fp, " <footer>" . $this->footer . "</footer>\n"); + fwrite($fp, "<pressrelease subj_prefix=\"" . xmlenc($this->subj_prefix) . "\"\n"); + fwrite($fp, " sender=\"" . xmlenc($this->sender) . "\"\n"); + fwrite($fp, " replyto=\"" . xmlenc($this->replyto) . "\">\n"); + fwrite($fp, " <footer>" . xmlenc($this->footer) . "</footer>\n"); foreach($this->mailinglist as $email) { - fwrite($fp, " <email email=\"" . - htmlspecialchars($email->email, ENT_QUOTES, "UTF-8") . "\"\n"); - fwrite($fp, " url=\"" . $email->url . "\">\n"); - fwrite($fp, " name=\"" . $email->name . "\">\n"); + fwrite($fp, " <email email=\"" . xmlenc($email->email) . "\"\n"); + fwrite($fp, " url=\"" . xmlenc($email->url) . "\"\n"); + fwrite($fp, " name=\"" . xmlenc($email->name) . "\">\n"); fwrite($fp, " </email>\n"); } fwrite($fp, "</pressrelease>\n"); @@ -77,7 +77,11 @@ class PressRelease { // Admin config public $admin_title = "Press release"; public $admin_submodules = array("Send" => "send", - "Config" => "config"); + "Config" => "config", + "Add receiver" => "add", + "Edit receiver" => "edit", + "Delete receiver" => "delete", + "View receivers" => "view"); public function admin_send($action, $vars) { @@ -133,16 +137,123 @@ class PressRelease { default: $form = new Form("update"); - $form->addWidget(new LineEdit("Subject prefix:", "subj_prefix", $this->mailinglist->subj_prefix)); - $form->addWidget(new LineEdit("Sender:", "sender", $this->mailinglist->sender)); - $form->addWidget(new LineEdit("Reply to:", "replyto", $this->mailinglist->replyto)); - $form->addWidget(new TextEdit("Footer:", "footer", $this->mailinglist->footer)); + $form->addWidget(new LineEdit("Subject prefix:", "subj_prefix", + $this->mailinglist->subj_prefix)); + $form->addWidget(new LineEdit("Sender:", "sender", + $this->mailinglist->sender)); + $form->addWidget(new LineEdit("Reply to:", "replyto", + $this->mailinglist->replyto)); + $form->addWidget(new TextEdit("Footer:", "footer", + $this->mailinglist->footer)); $form->addWidget(new Button("Update")); $form->render(); break; } } + public function admin_add($action, $vars) + { + global $UID, $GLOBALS; + + switch($action) { + case "add": + $pemail = new PEmail($vars["email"], time()); + $pemail->url = $vars["url"]; + $pemail->name = $vars["name"]; + $this->mailinglist->add($pemail); + $this->mailinglist->write(); + break; + + default: + $form = new Form("add"); + $form->addWidget(new LineEdit("Email:", "email", "")); + $form->addWidget(new LineEdit("URL:", "url", "")); + $form->addWidget(new LineEdit("Name:", "name", "")); + $form->addWidget(new Button("Add")); + $form->render(); + break; + } + } + + public function admin_edit($action, $vars) + { + switch($action) { + case "write": + $email = $this->mailinglist->mailinglist[$vars["editid"]]; + $email->email = $vars["email"]; + $email->url = $vars["url"]; + $email->name = $vars["name"]; + $this->mailinglist->write(); + break; + + case "edit": + $email = $this->mailinglist->mailinglist[$vars["editid"]]; + + $form = new Form("write"); + $form->addWidget(new Hidden(array("editid" => $email->email))); + $form->addWidget(new LineEdit("Email:", "email", $email->email)); + $form->addWidget(new LineEdit("URL:", "url", $email->url)); + $form->addWidget(new LineEdit("Name:", "name", $email->name)); + $form->addWidget(new Button("Edit")); + $form->render(); + break; + + default: + $rcvlist = array(); + foreach($this->mailinglist->mailinglist as $m) { + $title = $m->name . " (".$m->email.")"; + $rcvlist[$title] = $m->email; + } + + ksort($rcvlist); + + $form = new Form("edit"); + $form->addWidget(new ComboBox("Select receiver to edit:", "editid", "", $rcvlist)); + $form->addWidget(new Button("Edit...")); + $form->render(); + break; + } + } + + public function admin_delete($action, $vars) + { + switch($action) { + case "delete": + $this->mailinglist->remove($vars["delrcv"]); + $this->mailinglist->write(); + break; + + default: + $rcvlist = array(); + foreach($this->mailinglist->mailinglist as $m) { + $title = $m->name . " (".$m->email.")"; + $rcvlist[$title] = $m->email; + } + + ksort($rcvlist); + + $form = new Form("delete"); + $form->addWidget(new ComboBox("Select receiver to delete:", "delrcv", "", $rcvlist)); + $form->addWidget(new Button("Delete")); + $form->render(); + break; + } + } + + public function admin_view($action, $vars) + { + switch($action) { + default: + echo "<p>There are " . sizeof($this->mailinglist->mailinglist) . " receivers:</p>\n"; + echo "<ul>\n"; + foreach($this->mailinglist->mailinglist as $m) { + echo " <li>".xmlenc($m->name)." (<a href=\"".xmlenc($m->url)."\">".$m->url."</a>): ".xmlenc($m->email)."</li>\n"; + } + echo "</ul>\n"; + break; + } + } + public function admin($sub, $action, $vars) { switch($sub) { @@ -153,6 +264,22 @@ class PressRelease { case "config": $this->admin_config($action, $vars); break; + + case "add": + $this->admin_add($action, $vars); + break; + + case "edit": + $this->admin_edit($action, $vars); + break; + + case "delete": + $this->admin_delete($action, $vars); + break; + + case "view": + $this->admin_view($action, $vars); + break; } } |