qemudb/admin/editAppNote.php

<?php
/****************/
/* Edit AppNote */
/****************/

include("path.php");
require(BASE."include/incl.php");
require(BASE."include/application.php");
require(BASE."include/mail.php");

$aClean = array(); //array of filtered user input

$aClean['noteId'] = makeSafe($_REQUEST['noteId']);
$aClean['sub'] = makeSafe($_REQUEST['sub']);
$aClean['noteTitle'] = makeSafe($_REQUEST['noteTitle']);
$aClean['noteDesc'] = makeSafe($_REQUEST['noteDesc']);
$aClean['preview'] = makeSafe($_REQUEST['preview']);
$aClean['appId'] = makeSafe($_REQUEST['appId']);
$aClean['versionId'] = makeSafe($_REQUEST['versionId']);

if(!is_numeric($aClean['noteId']))
{
    errorpage('Wrong note ID');
    exit;
}  

/* Get note data */
$oNote = new Note($aClean['noteId']);

/* Check for privs */
if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($oNote->iVersionId) && !$_SESSION['current']->isSuperMaintainer($oNote->iAppId))
{
    errorpage("Insufficient Privileges!");
    exit;
}

if(!empty($aClean['sub']))
{
    if ($aClean['sub'] == 'Delete')
    {
        $oNote->delete();
    } 
    else if ($aClean['sub'] == 'Update')
    {
        $oNote->update($aClean['noteTitle'],$aClean['noteDesc']);
    }
    redirect(apidb_fullurl("appview.php?versionId={$oNote->iVersionId}"));
}
else
{
    if (empty($aClean['preview']))
    {
        $aClean['noteTitle'] = $oNote->sTitle;
        $aClean['noteDesc']  = $oNote->sDescription;
        $aClean['appId'] = $oNote->iAppId;
        $aClean['versionId'] = $oNote->iVersionId;
    }

    HtmlAreaLoaderScript(array("editor"));
    
    // show form
    apidb_header("Edit Application Note");

    echo "<form method=post action='editAppNote.php'>\n";
    echo html_frame_start("Edit Application Note {$aClean['noteId']}", "90%","",0);
    echo html_table_begin("width='100%' border=0 align=left cellpadding=6 cellspacing=0 class='box-body'");
    echo add_br($aClean['noteDesc']);
    
    echo '<input type="hidden" name="noteId" value='.$aClean['noteId'].'>';
    
    if ($aClean['noteTitle'] == "HOWTO" || $aClean['noteTitle'] == "WARNING")
    {
        echo '<tr><td class=color1>Title (Do not change)</td>';
        echo '<td class=color0><input size=80% type="text" name="noteTitle" type="text" value="'.$aClean['noteTitle'].'"></td></tr>',"\n";
    }
    else
    {
        echo '<tr><td class=color1>Title</td><td class=color0><input size=80% type="text" name="noteTitle" type="text" value="'.$aClean['noteTitle'].'"></td></tr>',"\n";
    }
    echo '<tr><td class=color4>Description</td><td class=color0>', "\n";
    echo '<p style="width:700px">', "\n";
    echo '<textarea cols="80" rows="20" id="editor" name="noteDesc">'.$aClean['noteDesc'].'</textarea>',"\n";
    echo '</p>';
    echo '</td></tr><tr><td colspan="2" align="center" class="color3">',"\n";
    echo '<input type="submit" name=preview value="Preview">&nbsp',"\n";
    echo '<input type="submit" name=sub value="Update">&nbsp',"\n";
    echo '<input type="submit" name=sub value="Delete"></td></tr>',"\n";

    echo html_table_end();
    echo html_frame_end();
    
    echo html_back_link(1,BASE."appview.php?versionId=".$oNote->iVersionId);
}

apidb_footer();
?>
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`<?php`
			`/****************/`
			`/* Edit AppNote */`
			`/****************/`
Initial revision 2004-03-15 16:22:00 +00:00
			`include("path.php");`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`require(BASE."include/incl.php");`
			`require(BASE."include/application.php");`
			`require(BASE."include/mail.php");`
Initial revision 2004-03-15 16:22:00 +00:00
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$aClean = array(); //array of filtered user input`

			`$aClean['noteId'] = makeSafe($_REQUEST['noteId']);`
			`$aClean['sub'] = makeSafe($_REQUEST['sub']);`
			`$aClean['noteTitle'] = makeSafe($_REQUEST['noteTitle']);`
			`$aClean['noteDesc'] = makeSafe($_REQUEST['noteDesc']);`
			`$aClean['preview'] = makeSafe($_REQUEST['preview']);`
			`$aClean['appId'] = makeSafe($_REQUEST['appId']);`
			`$aClean['versionId'] = makeSafe($_REQUEST['versionId']);`

			`if(!is_numeric($aClean['noteId']))`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
- Use super globals - Use include/db.php (including the new query compile function) - Better input checking - Cleanup - Use the new variable naming 2004-12-29 18:49:19 +00:00			`errorpage('Wrong note ID');`
Initial revision 2004-03-15 16:22:00 +00:00			`exit;`
- Use super globals - Use include/db.php (including the new query compile function) - Better input checking - Cleanup - Use the new variable naming 2004-12-29 18:49:19 +00:00			`}`

			`/* Get note data */`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$oNote = new Note($aClean['noteId']);`
Initial revision 2004-03-15 16:22:00 +00:00
- Use super globals - Use include/db.php (including the new query compile function) - Better input checking - Cleanup - Use the new variable naming 2004-12-29 18:49:19 +00:00			`/* Check for privs */`
Allow supermaintainers to edit notes 2005-02-19 01:23:02 +00:00			`if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($oNote->iVersionId) && !$_SESSION['current']->isSuperMaintainer($oNote->iAppId))`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
- Use super globals - Use include/db.php (including the new query compile function) - Better input checking - Cleanup - Use the new variable naming 2004-12-29 18:49:19 +00:00			`errorpage("Insufficient Privileges!");`
			`exit;`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
Initial revision 2004-03-15 16:22:00 +00:00
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`if(!empty($aClean['sub']))`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`if ($aClean['sub'] == 'Delete')`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
- new note class - improved performances (much less duplicated mysql queries) - less code and better error handling - fix various bugs 2005-02-02 02:43:08 +00:00			`$oNote->delete();`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`else if ($aClean['sub'] == 'Update')`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$oNote->update($aClean['noteTitle'],$aClean['noteDesc']);`
- Use super globals - Use include/db.php (including the new query compile function) - Better input checking - Cleanup - Use the new variable naming 2004-12-29 18:49:19 +00:00			`}`
- new note class - improved performances (much less duplicated mysql queries) - less code and better error handling - fix various bugs 2005-02-02 02:43:08 +00:00			`redirect(apidb_fullurl("appview.php?versionId={$oNote->iVersionId}"));`
Initial revision 2004-03-15 16:22:00 +00:00			`}`
			`else`
			`{`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`if (empty($aClean['preview']))`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$aClean['noteTitle'] = $oNote->sTitle;`
			`$aClean['noteDesc'] = $oNote->sDescription;`
			`$aClean['appId'] = $oNote->iAppId;`
			`$aClean['versionId'] = $oNote->iVersionId;`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
Switch from using htmlarea to using xinha. Clean up the use of the editor plugin 2005-09-30 02:48:33 +00:00
			`HtmlAreaLoaderScript(array("editor"));`

Initial revision 2004-03-15 16:22:00 +00:00			`// show form`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`apidb_header("Edit Application Note");`
Initial revision 2004-03-15 16:22:00 +00:00
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`echo "<form method=post action='editAppNote.php'>\n";`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`echo html_frame_start("Edit Application Note {$aClean['noteId']}", "90%","",0);`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`echo html_table_begin("width='100%' border=0 align=left cellpadding=6 cellspacing=0 class='box-body'");`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`echo add_br($aClean['noteDesc']);`
- Use super globals - Use include/db.php (including the new query compile function) - Better input checking - Cleanup - Use the new variable naming 2004-12-29 18:49:19 +00:00
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`echo '<input type="hidden" name="noteId" value='.$aClean['noteId'].'>';`
- Use super globals - Use include/db.php (including the new query compile function) - Better input checking - Cleanup - Use the new variable naming 2004-12-29 18:49:19 +00:00
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`if ($aClean['noteTitle'] == "HOWTO" \|\| $aClean['noteTitle'] == "WARNING")`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
			`echo '<tr><td class=color1>Title (Do not change)</td>';`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`echo '<td class=color0><input size=80% type="text" name="noteTitle" type="text" value="'.$aClean['noteTitle'].'"></td></tr>',"\n";`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
			`else`
			`{`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`echo '<tr><td class=color1>Title</td><td class=color0><input size=80% type="text" name="noteTitle" type="text" value="'.$aClean['noteTitle'].'"></td></tr>',"\n";`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
			`echo '<tr><td class=color4>Description</td><td class=color0>', "\n";`
- new note class - improved performances (much less duplicated mysql queries) - less code and better error handling - fix various bugs 2005-02-02 02:43:08 +00:00			`echo '<p style="width:700px">', "\n";`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`echo '<textarea cols="80" rows="20" id="editor" name="noteDesc">'.$aClean['noteDesc'].'</textarea>',"\n";`
- new note class - improved performances (much less duplicated mysql queries) - less code and better error handling - fix various bugs 2005-02-02 02:43:08 +00:00			`echo '</p>';`
			`echo '</td></tr><tr><td colspan="2" align="center" class="color3">',"\n";`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`echo '<input type="submit" name=preview value="Preview">&nbsp',"\n";`
			`echo '<input type="submit" name=sub value="Update">&nbsp',"\n";`
			`echo '<input type="submit" name=sub value="Delete"></td></tr>',"\n";`
Initial revision 2004-03-15 16:22:00 +00:00
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`echo html_table_end();`
			`echo html_frame_end();`

- new note class - improved performances (much less duplicated mysql queries) - less code and better error handling - fix various bugs 2005-02-02 02:43:08 +00:00			`echo html_back_link(1,BASE."appview.php?versionId=".$oNote->iVersionId);`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

			`apidb_footer();`
			`?>`