qemudb/admin/editAppNote.php

<?php
/****************/
/* Edit AppNote */
/****************/

include("path.php");
require(BASE."include/incl.php");
require(BASE."include/application.php");
require(BASE."include/mail.php");

$aClean = array(); //array of filtered user input

$aClean['iNoteId'] = makeSafe($_REQUEST['iNoteId']);
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
$aClean['sPreview'] = makeSafe($_REQUEST['sPreview']);

if(!is_numeric($aClean['iNoteId']))
{
    util_show_error_page('Wrong note ID');
    exit;
}  

/* Get note data */
$oNote = new Note($aClean['iNoteId']);

/* Check for privs */
if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($oNote->iVersionId) && !$_SESSION['current']->isSuperMaintainer($oNote->iAppId))
{
    util_show_error_page("Insufficient Privileges!");
    exit;
}

if(!empty($aClean['sSub']))
{
    $oNote->GetOutputEditorValues(); /* retrieve the updated values */

    if ($aClean['sSub'] == 'Delete')
    {
        $oNote->delete();
    } 
    else if ($aClean['sSub'] == 'Update')
    {
        $oNote->update();
    }
    redirect(apidb_fullurl("appview.php?iVersionId={$oNote->iVersionId}"));
} else /* display note */
{
    // show form
    apidb_header("Application Note");

    /* if preview is set display the note for review */
    if($aClean['sPreview'])
    {
        $oNote->GetOutputEditorValues(); /* retrieve the updated values */
        $oNote->show(true);
    }

    echo "<form method=post action='editAppNote.php'>\n";

    /* display the editor for this note */
    $oNote->OutputEditor();
   
    echo '<center>';
    echo '<input type="submit" name=sPreview value="Preview">&nbsp',"\n";
    echo '<input type="submit" name=sSub value="Update">&nbsp',"\n";
    echo '<input type="submit" name=sSub value="Delete"></td></tr>',"\n";
    echo '</center>';
    
    echo html_back_link(1,BASE."appview.php?iVersionId=".$oNote->iVersionId);
}

apidb_footer();
?>
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`<?php`
			`/****************/`
			`/* Edit AppNote */`
			`/****************/`
Initial revision 2004-03-15 16:22:00 +00:00
			`include("path.php");`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`require(BASE."include/incl.php");`
			`require(BASE."include/application.php");`
			`require(BASE."include/mail.php");`
Initial revision 2004-03-15 16:22:00 +00:00
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$aClean = array(); //array of filtered user input`

Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`$aClean['iNoteId'] = makeSafe($_REQUEST['iNoteId']);`
			`$aClean['sSub'] = makeSafe($_REQUEST['sSub']);`
			`$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);`
			`$aClean['sPreview'] = makeSafe($_REQUEST['sPreview']);`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`if(!is_numeric($aClean['iNoteId']))`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
Rename errorpage() to util_show_error_page() and move util_show_error_page() into include/util.php 2006-06-29 16:13:35 +00:00			`util_show_error_page('Wrong note ID');`
Initial revision 2004-03-15 16:22:00 +00:00			`exit;`
- Use super globals - Use include/db.php (including the new query compile function) - Better input checking - Cleanup - Use the new variable naming 2004-12-29 18:49:19 +00:00			`}`

			`/* Get note data */`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`$oNote = new Note($aClean['iNoteId']);`
Initial revision 2004-03-15 16:22:00 +00:00
- Use super globals - Use include/db.php (including the new query compile function) - Better input checking - Cleanup - Use the new variable naming 2004-12-29 18:49:19 +00:00			`/* Check for privs */`
Allow supermaintainers to edit notes 2005-02-19 01:23:02 +00:00			`if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($oNote->iVersionId) && !$_SESSION['current']->isSuperMaintainer($oNote->iAppId))`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
Rename errorpage() to util_show_error_page() and move util_show_error_page() into include/util.php 2006-06-29 16:13:35 +00:00			`util_show_error_page("Insufficient Privileges!");`
- Use super globals - Use include/db.php (including the new query compile function) - Better input checking - Cleanup - Use the new variable naming 2004-12-29 18:49:19 +00:00			`exit;`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
Initial revision 2004-03-15 16:22:00 +00:00
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`if(!empty($aClean['sSub']))`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`$oNote->GetOutputEditorValues(); /* retrieve the updated values */`

			`if ($aClean['sSub'] == 'Delete')`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
- new note class - improved performances (much less duplicated mysql queries) - less code and better error handling - fix various bugs 2005-02-02 02:43:08 +00:00			`$oNote->delete();`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`else if ($aClean['sSub'] == 'Update')`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`$oNote->update();`
- Use super globals - Use include/db.php (including the new query compile function) - Better input checking - Cleanup - Use the new variable naming 2004-12-29 18:49:19 +00:00			`}`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`redirect(apidb_fullurl("appview.php?iVersionId={$oNote->iVersionId}"));`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`} else /* display note */`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
			`// show form`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`apidb_header("Application Note");`
Initial revision 2004-03-15 16:22:00 +00:00
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`/* if preview is set display the note for review */`
			`if($aClean['sPreview'])`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`{`
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`$oNote->GetOutputEditorValues(); /* retrieve the updated values */`
			`$oNote->show(true);`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00			`}`
Initial revision 2004-03-15 16:22:00 +00:00
Cleanup note editing. Improve previewing of notes during addition and editing. Rename note related variables to have the proper prefix. 2006-06-30 19:48:33 +00:00			`echo "<form method=post action='editAppNote.php'>\n";`

			`/* display the editor for this note */`
			`$oNote->OutputEditor();`

			`echo '<center>';`
			`echo '<input type="submit" name=sPreview value="Preview">&nbsp',"\n";`
			`echo '<input type="submit" name=sSub value="Update">&nbsp',"\n";`
			`echo '<input type="submit" name=sSub value="Delete"></td></tr>',"\n";`
			`echo '</center>';`
- Let Maintainers add, edit and delete Notes. - Display out front, special class notes ( WARNING & HOWTO ) 2004-12-01 22:33:48 +00:00
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`echo html_back_link(1,BASE."appview.php?iVersionId=".$oNote->iVersionId);`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

			`apidb_footer();`
			`?>`