qemudb/admin/addAppNote.php

<?php
/************************/
/* Add Application Note */
/************************/

include("path.php");
require(BASE."include/incl.php");
require(BASE."include/application.php");
require(BASE."include/mail.php");

$aClean = array(); //array of filtered user input

$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['iAppId'] = makeSafe( $_REQUEST['iAppId']);
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);

//FIXME: get rid of appId references everywhere, as version is enough.
$sQuery = "SELECT appId FROM appVersion WHERE versionId = '?'";
$hResult = query_parameters($sQuery, $aClean['iVersionId']);
$oRow = mysql_fetch_object($hResult);
$appId = $oRow->appId; 

//check for admin privs
if(!$_SESSION['current']->hasPriv("admin") &&
   !$_SESSION['current']->isMaintainer($aClean['iVersionId']) &&
   !$_SESSION['current']->isSuperMaintainer($aClean['iAppId']))
{
    util_show_error_page_and_exit("Insufficient Privileges!");
}

//set link for version
if(is_numeric($aClean['iVersionId']) and !empty($aClean['iVersionId']))
{
    $sVersionLink = "iVersionId={$aClean['iVersionId']}";
}
else 
    exit;

$oNote = new Note();
$oNote->GetOutputEditorValues();

if($aClean['sSub'] == "Submit")
{
    $oNote->create();
    util_redirect_and_exit(apidb_fullurl("appview.php?".$sVersionLink));
}
else if($aClean['sSub'] == 'Preview' OR empty($aClean['sSubmit']))
{
    // show form
    apidb_header("Application Note");

    if($aClean['sSub'] == 'Preview')
        $oNote->show(true);

    echo "<form method=post action='addAppNote.php'>\n";

    $oNote->OutputEditor();

    echo '<center>';
    echo '<input type="submit" name="sSub" value="Preview">&nbsp',"\n";
    echo '<input type="submit" name="sSub" value="Submit"></td></tr>',"\n";
    echo '</center>';
    
    echo html_back_link(1,BASE."appview.php?".$sVersionLink);
    apidb_footer();
}
?>
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`<?php`
			`/************************/`
			`/* Add Application Note */`
			`/************************/`
Initial revision 2004-03-15 16:22:00 +00:00
			`include("path.php");`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`require(BASE."include/incl.php");`
			`require(BASE."include/application.php");`
			`require(BASE."include/mail.php");`
- new note class - improved performances (much less duplicated mysql queries) - less code and better error handling - fix various bugs 2005-02-02 02:43:08 +00:00
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$aClean = array(); //array of filtered user input`

Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);`
			`$aClean['iAppId'] = makeSafe( $_REQUEST['iAppId']);`
			`$aClean['sSub'] = makeSafe($_REQUEST['sSub']);`
			`$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00
- new note class - improved performances (much less duplicated mysql queries) - less code and better error handling - fix various bugs 2005-02-02 02:43:08 +00:00			`//FIXME: get rid of appId references everywhere, as version is enough.`
Use query_parameters() in SQL select, update and delete statements to protect against sql injection attacks 2006-06-27 19:16:27 +00:00			`$sQuery = "SELECT appId FROM appVersion WHERE versionId = '?'";`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`$hResult = query_parameters($sQuery, $aClean['iVersionId']);`
- new note class - improved performances (much less duplicated mysql queries) - less code and better error handling - fix various bugs 2005-02-02 02:43:08 +00:00			`$oRow = mysql_fetch_object($hResult);`
			`$appId = $oRow->appId;`
Initial revision 2004-03-15 16:22:00 +00:00
			`//check for admin privs`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`if(!$_SESSION['current']->hasPriv("admin") &&`
			`!$_SESSION['current']->isMaintainer($aClean['iVersionId']) &&`
			`!$_SESSION['current']->isSuperMaintainer($aClean['iAppId']))`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
Rename util_show_error_page() to util_show_error_page_and_exit() and redirect() to util_redirect_and_exit() so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after we call them 2006-07-06 18:44:56 +00:00			`util_show_error_page_and_exit("Insufficient Privileges!");`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`//set link for version`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`if(is_numeric($aClean['iVersionId']) and !empty($aClean['iVersionId']))`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`$sVersionLink = "iVersionId={$aClean['iVersionId']}";`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
Use super globals. Better input checking. 2004-12-29 03:47:48 +00:00			`else`
			`exit;`

Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`$oNote = new Note();`
			`$oNote->GetOutputEditorValues();`
Initial revision 2004-03-15 16:22:00 +00:00
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`if($aClean['sSub'] == "Submit")`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`$oNote->create();`
Rename util_show_error_page() to util_show_error_page_and_exit() and redirect() to util_redirect_and_exit() so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after we call them 2006-07-06 18:44:56 +00:00			`util_redirect_and_exit(apidb_fullurl("appview.php?".$sVersionLink));`
Initial revision 2004-03-15 16:22:00 +00:00			`}`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`else if($aClean['sSub'] == 'Preview' OR empty($aClean['sSubmit']))`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`// show form`
			`apidb_header("Application Note");`

			`if($aClean['sSub'] == 'Preview')`
			`$oNote->show(true);`
Initial revision 2004-03-15 16:22:00 +00:00
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`echo "<form method=post action='addAppNote.php'>\n";`
Initial revision 2004-03-15 16:22:00 +00:00
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`$oNote->OutputEditor();`
Initial revision 2004-03-15 16:22:00 +00:00
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`echo '<center>';`
			`echo '<input type="submit" name="sSub" value="Preview">&nbsp',"\n";`
			`echo '<input type="submit" name="sSub" value="Submit"></td></tr>',"\n";`
			`echo '</center>';`
Initial revision 2004-03-15 16:22:00 +00:00
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`echo html_back_link(1,BASE."appview.php?".$sVersionLink);`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`apidb_footer();`
Initial revision 2004-03-15 16:22:00 +00:00			`}`
			`?>`