WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Strip slashes of draft titles, XHTML and formatting updates. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
saxmatt 2003-06-10 19:28:03 +00:00
parent 1aaef103e2
commit 69c2ef5a35
2 changed files with 193 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
wp-admin/b2edit.form.php
View File

@ -17,7 +17,8 @@ switch($action) {
$form_pingback = ''; $form_pingback = '';
} }
if ($use_trackback) { if ($use_trackback) {
$form_trackback = '<p><label for="trackback"><strong>TrackBack</strong> an <acronym title="Uniform Resource Locator">URL</acronym>:</label> (Seperate multiple URLs with commas.)<br /><input type="text" name="trackback_url" style="width: 415px" id="trackback" /></p>'; $form_trackback = '<p><label for="trackback"><strong>TrackBack</strong> an <acronym title="Uniform Resource Locator">URL</acronym>:</label> (Seperate multiple <acronym title="Uniform Resource Locator">URL</acronym>s with commas.)<br />
<input type="text" name="trackback_url" style="width: 415px" id="trackback" /></p>';
} else { } else {
$form_trackback = ''; $form_trackback = '';
} }
@ -25,7 +26,7 @@ switch($action) {
break; break;
case "edit": case "edit":
$submitbutton_text = 'Edit this!'; $submitbutton_text = 'Edit this!';
$toprow_title = 'Editing Post #' . $postdata["ID"]; $toprow_title = 'Editing Post #' . $postdata['ID'];
$form_action = 'editpost'; $form_action = 'editpost';
$form_extra = "' />\n<input type='hidden' name='post_ID' value='$post"; $form_extra = "' />\n<input type='hidden' name='post_ID' value='$post";
$colspan = 2; $colspan = 2;
@ -35,7 +36,7 @@ switch($action) {
break; break;
case "editcomment": case "editcomment":
$submitbutton_text = 'Edit this!'; $submitbutton_text = 'Edit this!';
$toprow_title = 'Editing Comment # '.$commentdata["comment_ID"]; $toprow_title = 'Editing Comment # '.$commentdata['comment_ID'];
$form_action = 'editedcomment'; $form_action = 'editedcomment';
$form_extra = "' />\n<input type='hidden' name='comment_ID' value='$comment' />\n<input type='hidden' name='comment_post_ID' value='".$commentdata["comment_post_ID"]; $form_extra = "' />\n<input type='hidden' name='comment_ID' value='$comment' />\n<input type='hidden' name='comment_post_ID' value='".$commentdata["comment_post_ID"];
$colspan = 3; $colspan = 3;
@ -46,7 +47,7 @@ switch($action) {
?> ?>
<form name="post" action="b2edit.php" method="POST"> <form name="post" action="b2edit.php" method="post">
<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" /> <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' /> <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
@ -55,37 +56,44 @@ switch($action) {
?> ?>
<table> <table>
<tr> <tr>
<td width="210"> <label for="title">Title:</label> <br /> <input type="text" name="post_title" size="25" tabindex="1" style="width: 190px;" value="<?php echo $edited_post_title; ?>" id="title" /> <td width="210">
</td> <label for="title">Title:</label><br />
<td> <label for="category">Category :</label> <br /> <input type="text" name="post_title" size="25" tabindex="1" style="width: 190px;" value="<?php echo $edited_post_title; ?>" id="title" />
<?php dropdown_categories(); ?> </td>
</td> <td>
<td><label for="post_status">Post Status:</label><br /> <label for="category">Category:</label><br />
<?php dropdown_categories(); ?>
<select name="post_status" id="post_status"> </td>
<option value="publish"<?php selected($post_status, 'publish'); ?>>Publish</option> <td>
<option value="draft"<?php selected($post_status, 'draft'); ?>>Draft</option> <label for="post_status">Post Status:</label><br />
<option value="private"<?php selected($post_status, 'private'); ?>>Private</option> <select name="post_status" id="post_status">
</select> </td> <option value="publish"<?php selected($post_status, 'publish'); ?>>Publish</option>
<td><label for="comment_status">Comments:</label><br /> <option value="draft"<?php selected($post_status, 'draft'); ?>>Draft</option>
<option value="private"<?php selected($post_status, 'private'); ?>>Private</option>
<select name="comment_status" id="comment_status"> </select>
<option value="open"<?php selected($comment_status, 'open'); ?>>Open</option> </td>
<option value="closed"<?php selected($comment_status, 'closed'); ?>>Closed</option> <td>
</select> </td> <label for="comment_status">Comments:</label><br />
<td><label for="ping_status">Pings:</label><br /> <select name="comment_status" id="comment_status">
<option value="open"<?php selected($comment_status, 'open'); ?>>Open</option>
<select name="ping_status" id="ping_status"> <option value="closed"<?php selected($comment_status, 'closed'); ?>>Closed</option>
<option value="open"<?php selected($ping_status, 'open'); ?>>Open</option> </select>
<option value="closed"<?php selected($ping_status, 'open'); ?>>Closed</option> </td>
</select></td> <td>
<td><label for="post_password">Post Password:</label> <label for="ping_status">Pings:</label><br />
<br /> <select name="ping_status" id="ping_status">
<input name="post_password" type="text" id="post_password" value="<?php echo $post_password ?>" /> </td> <option value="open"<?php selected($ping_status, 'open'); ?>>Open</option>
</tr> <option value="closed"<?php selected($ping_status, 'open'); ?>>Closed</option>
</table> </select>
<?php </td>
<td>
<label for="post_password">Post Password:</label><br />
<input name="post_password" type="text" id="post_password" value="<?php echo $post_password ?>" />
</td>
</tr>
</table>
<?php
} else { } else {
@ -94,30 +102,30 @@ switch($action) {
<table> <table>
<tr> <tr>
<td> <td>
<label for="name">Name:</label> <label for="name">Name:</label><br />
<br /> <input type="text" name="newcomment_author" size="22" value="<?php echo format_to_edit($commentdata['comment_author']) ?>" tabindex="1" id="name" /></td>
<input type="text" name="newcomment_author" size="22" value="<?php echo format_to_edit($commentdata["comment_author"]) ?>" tabindex="1" id="name" /></td>
<td> <td>
<label for="email">E-mail:</label> <label for="email">E-mail:</label><br />
<br /> <input type="text" name="newcomment_author_email" size="30" value="<?php echo format_to_edit($commentdata['comment_author_email']) ?>" tabindex="2" id="email" />
<input type="text" name="newcomment_author_email" size="30" value="<?php echo format_to_edit($commentdata["comment_author_email"]) ?>" tabindex="2" id="email" /></td> </td>
<td> <td>
<label for="URL">URL:</label> <label for="URL">URL:</label><br />
<br /> <input type="text" name="newcomment_author_url" size="35" value="<?php echo format_to_edit($commentdata['comment_author_url']) ?>" tabindex="3" id="URL" />
<input type="text" name="newcomment_author_url" size="35" value="<?php echo format_to_edit($commentdata["comment_author_url"]) ?>" tabindex="3" id="URL" /></td> </td>
</tr> </tr>
</table> </table>
<?php <?php
} // end else comment editing } // end else comment editing
?> ?>
<?php <?php
if ($action != 'editcomment') { if ($action != 'editcomment') {
echo '<label for="excerpt">Excerpt:</label>'; echo '<p><label for="excerpt">Excerpt:</label><br />';
?> ?>
<p><textarea rows="3" cols="40" style="width:100%" name="excerpt" tabindex="4" wrap="virtual" id="excerpt"><?php echo $excerpt ?></textarea></p>
<textarea rows="3" cols="40" style="width:100%" name="excerpt" tabindex="4" wrap="virtual" id="excerpt"><?php echo $excerpt ?></textarea></p>
<?php <?php
} // if not a comment } // if not a comment
@ -129,7 +137,7 @@ if ($action != 'editcomment') {
if ($action != 'editcomment') { if ($action != 'editcomment') {
echo '<label for="content">Post:</label>'; echo '<label for="content">Post:</label>';
} else { } else {
echo '<br /><label for="content">Comment:</label>'; echo '<label for="content">Comment:</label>';
} }
?> ?>
</td> </td>

248
wp-admin/b2edit.php
View File

@ -39,42 +39,46 @@ switch($action) {
case 'post': case 'post':
$standalone = 1; $standalone = 1;
require_once('b2header.php'); require_once('b2header.php');
$post_pingback = intval($HTTP_POST_VARS["post_pingback"]); $post_pingback = intval($HTTP_POST_VARS['post_pingback']);
$content = balanceTags($HTTP_POST_VARS["content"]); $content = balanceTags($HTTP_POST_VARS['content']);
$content = format_to_post($content); $content = format_to_post($content);
$excerpt = balanceTags($HTTP_POST_VARS["excerpt"]); $excerpt = balanceTags($HTTP_POST_VARS['excerpt']);
$excerpt = format_to_post($excerpt); $excerpt = format_to_post($excerpt);
$post_title = addslashes($HTTP_POST_VARS["post_title"]); $post_title = addslashes($HTTP_POST_VARS['post_title']);
$post_category = intval($HTTP_POST_VARS["post_category"]); $post_category = intval($HTTP_POST_VARS['post_category']);
$post_status = $HTTP_POST_VARS['post_status']; $post_status = $HTTP_POST_VARS['post_status'];
$comment_status = $HTTP_POST_VARS['comment_status']; $comment_status = $HTTP_POST_VARS['comment_status'];
$ping_status = $HTTP_POST_VARS['ping_status']; $ping_status = $HTTP_POST_VARS['ping_status'];
$post_password = addslashes($HTTP_POST_VARS['post_password']); $post_password = addslashes($HTTP_POST_VARS['post_password']);
if ($user_level == 0) if ($user_level == 0)
die ("Cheatin' uh ?"); die ('Cheatin&#8217; uh?');
if (($user_level > 4) && (!empty($HTTP_POST_VARS["edit_date"]))) { if (($user_level > 4) && (!empty($HTTP_POST_VARS['edit_date']))) {
$aa = $HTTP_POST_VARS["aa"]; $aa = $HTTP_POST_VARS['aa'];
$mm = $HTTP_POST_VARS["mm"]; $mm = $HTTP_POST_VARS['mm'];
$jj = $HTTP_POST_VARS["jj"]; $jj = $HTTP_POST_VARS['jj'];
$hh = $HTTP_POST_VARS["hh"]; $hh = $HTTP_POST_VARS['hh'];
$mn = $HTTP_POST_VARS["mn"]; $mn = $HTTP_POST_VARS['mn'];
$ss = $HTTP_POST_VARS["ss"]; $ss = $HTTP_POST_VARS['ss'];
$jj = ($jj > 31) ? 31 : $jj; $jj = ($jj > 31) ? 31 : $jj;
$hh = ($hh > 23) ? $hh - 24 : $hh; $hh = ($hh > 23) ? $hh - 24 : $hh;
$mn = ($mn > 59) ? $mn - 60 : $mn; $mn = ($mn > 59) ? $mn - 60 : $mn;
$ss = ($ss > 59) ? $ss - 60 : $ss; $ss = ($ss > 59) ? $ss - 60 : $ss;
$now = "$aa-$mm-$jj $hh:$mn:$ss"; $now = "$aa-$mm-$jj $hh:$mn:$ss";
} else { } else {
$now = date("Y-m-d H:i:s", (time() + ($time_difference * 3600))); $now = date('Y-m-d H:i:s', (time() + ($time_difference * 3600)));
} }
$query = "INSERT INTO $tableposts (ID, post_author, post_date, post_content, post_title, post_category, post_excerpt, post_status, comment_status, ping_status, post_password) VALUES ('0','$user_ID','$now','$content','$post_title','$post_category','$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password')"; $result = $wpdb->query("
$result = $wpdb->query($query); INSERT INTO $tableposts
(ID, post_author, post_date, post_content, post_title, post_category, post_excerpt, post_status, comment_status, ping_status, post_password)
VALUES
('0','$user_ID','$now','$content','$post_title','$post_category','$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password')
");
$post_ID = $wpdb->get_var("SELECT ID FROM $tableposts ORDER BY ID DESC LIMIT 1"); $post_ID = $wpdb->get_var("SELECT ID FROM $tableposts ORDER BY ID DESC LIMIT 1");
@ -92,7 +96,7 @@ switch($action) {
} }
if (!empty($HTTP_POST_VARS['trackback_url'])) { if (!empty($HTTP_POST_VARS['trackback_url'])) {
$excerpt = (strlen(strip_tags($content)) > 255) ? substr(strip_tags($content), 0, 252).'...' : strip_tags($content); $excerpt = (strlen(strip_tags($content)) > 255) ? substr(strip_tags($content), 0, 252) . '...' : strip_tags($content);
$excerpt = stripslashes($excerpt); $excerpt = stripslashes($excerpt);
$trackback_urls = explode(',', $HTTP_POST_VARS['trackback_url']); $trackback_urls = explode(',', $HTTP_POST_VARS['trackback_url']);
foreach($trackback_urls as $tb_url) { foreach($trackback_urls as $tb_url) {
@ -102,20 +106,20 @@ switch($action) {
} }
} // end if publish } // end if publish
if (!empty($HTTP_POST_VARS["mode"])) { if (!empty($HTTP_POST_VARS['mode'])) {
switch($HTTP_POST_VARS["mode"]) { switch($HTTP_POST_VARS['mode']) {
case "bookmarklet": case 'bookmarklet':
$location="b2bookmarklet.php?a=b"; $location = 'b2bookmarklet.php?a=b';
break; break;
case "sidebar": case 'sidebar':
$location="b2sidebar.php?a=b"; $location = 'b2sidebar.php?a=b';
break; break;
default: default:
$location="b2edit.php"; $location = 'b2edit.php';
break; break;
} }
} else { } else {
$location="b2edit.php"; $location = 'b2edit.php';
} }
header("Location: $location"); header("Location: $location");
exit(); exit();
@ -128,16 +132,16 @@ switch($action) {
$post = $HTTP_GET_VARS['post']; $post = $HTTP_GET_VARS['post'];
if ($user_level > 0) { if ($user_level > 0) {
$postdata = get_postdata($post); $postdata = get_postdata($post);
$authordata = get_userdata($postdata["Author_ID"]); $authordata = get_userdata($postdata['Author_ID']);
if ($user_level < $authordata->user_level) if ($user_level < $authordata->user_level)
die ('You don&#8217;t have the right to edit <strong>'.$authordata[1].'</strong>&#8217;s posts.'); die ('You don&#8217;t have the right to edit <strong>'.$authordata[1].'</strong>&#8217;s posts.');
$content = $postdata['Content']; $content = $postdata['Content'];
$content = format_to_edit($content); $content = format_to_edit($content);
$excerpt = $postdata['Excerpt']; $excerpt = $postdata['Excerpt'];
$excerpt = format_to_edit($excerpt); $excerpt = format_to_edit($excerpt);
$edited_post_title = format_to_edit($postdata['Title']); $edited_post_title = format_to_edit($postdata['Title']);
$post_status = $postdata['post_status']; $post_status = $postdata['post_status'];
$comment_status = $postdata['comment_status']; $comment_status = $postdata['comment_status'];
$ping_status = $postdata['ping_status']; $ping_status = $postdata['ping_status'];
@ -146,48 +150,48 @@ switch($action) {
include('b2edit.form.php'); include('b2edit.form.php');
} else { } else {
?> ?>
<p>Since you're a newcomer, you'll have to wait for an admin to raise your level to 1, <p>Since you&#8217;re a newcomer, you&#8217;ll have to wait for an admin to raise your level to 1,
in order to be authorized to post.<br /> in order to be authorized to post.<br />
You can also <a href="mailto:<?php echo $admin_email ?>?subject=b2-promotion">e-mail the admin</a> You can also <a href="mailto:<?php echo $admin_email ?>?subject=Promotion?">e-mail the admin</a>
to ask for a promotion.<br /> to ask for a promotion.<br />
When you're promoted, just reload this page and you'll be able to blog. :) When you&#8217;re promoted, just reload this page and you&#8217;ll be able to blog. :)
</p> </p>
<?php <?php
} }
break; break;
case "editpost": case 'editpost':
$standalone = 1; $standalone = 1;
require_once("./b2header.php"); require_once('./b2header.php');
if ($user_level == 0) if ($user_level == 0)
die ("Cheatin' uh ?"); die ('Cheatin&#8217; uh?');
if (!isset($blog_ID)) { if (!isset($blog_ID)) {
$blog_ID = 1; $blog_ID = 1;
} }
$post_ID = $HTTP_POST_VARS["post_ID"]; $post_ID = $HTTP_POST_VARS['post_ID'];
$post_category = intval($HTTP_POST_VARS["post_category"]); $post_category = intval($HTTP_POST_VARS['post_category']);
$post_autobr = intval($HTTP_POST_VARS["post_autobr"]); $post_autobr = intval($HTTP_POST_VARS['post_autobr']);
$content = balanceTags($HTTP_POST_VARS["content"]); $content = balanceTags($HTTP_POST_VARS['content']);
$content = format_to_post($content); $content = format_to_post($content);
$excerpt = balanceTags($HTTP_POST_VARS["excerpt"]); $excerpt = balanceTags($HTTP_POST_VARS['excerpt']);
$excerpt = format_to_post($excerpt); $excerpt = format_to_post($excerpt);
$post_title = addslashes($HTTP_POST_VARS["post_title"]); $post_title = addslashes($HTTP_POST_VARS['post_title']);
$post_status = $HTTP_POST_VARS['post_status']; $post_status = $HTTP_POST_VARS['post_status'];
$prev_status = $HTTP_POST_VARS['prev_status']; $prev_status = $HTTP_POST_VARS['prev_status'];
$comment_status = $HTTP_POST_VARS['comment_status']; $comment_status = $HTTP_POST_VARS['comment_status'];
$ping_status = $HTTP_POST_VARS['ping_status']; $ping_status = $HTTP_POST_VARS['ping_status'];
$post_password = addslashes($HTTP_POST_VARS['post_password']); $post_password = addslashes($HTTP_POST_VARS['post_password']);
if (($user_level > 4) && (!empty($HTTP_POST_VARS["edit_date"]))) { if (($user_level > 4) && (!empty($HTTP_POST_VARS['edit_date']))) {
$aa = $HTTP_POST_VARS["aa"]; $aa = $HTTP_POST_VARS['aa'];
$mm = $HTTP_POST_VARS["mm"]; $mm = $HTTP_POST_VARS['mm'];
$jj = $HTTP_POST_VARS["jj"]; $jj = $HTTP_POST_VARS['jj'];
$hh = $HTTP_POST_VARS["hh"]; $hh = $HTTP_POST_VARS['hh'];
$mn = $HTTP_POST_VARS["mn"]; $mn = $HTTP_POST_VARS['mn'];
$ss = $HTTP_POST_VARS["ss"]; $ss = $HTTP_POST_VARS['ss'];
$jj = ($jj > 31) ? 31 : $jj; $jj = ($jj > 31) ? 31 : $jj;
$hh = ($hh > 23) ? $hh - 24 : $hh; $hh = ($hh > 23) ? $hh - 24 : $hh;
$mn = ($mn > 59) ? $mn - 60 : $mn; $mn = ($mn > 59) ? $mn - 60 : $mn;
@ -197,14 +201,24 @@ switch($action) {
$datemodif = ''; $datemodif = '';
} }
$query = "UPDATE $tableposts SET post_content='$content', post_excerpt='$excerpt', post_title='$post_title', post_category='$post_category'".$datemodif.", post_status='$post_status', comment_status='$comment_status', ping_status='$ping_status', post_password='$post_password' WHERE ID = $post_ID"; $result = $wpdb->query("
$result = $wpdb->query($query); UPDATE $tableposts SET
post_content = '$content',
post_excerpt = '$excerpt',
post_title = '$post_title',
post_category = '$post_category'".$datemodif.",
post_status = '$post_status',
comment_status = '$comment_status',
ping_status = '$ping_status',
post_password = '$post_password'
WHERE ID = $post_ID
");
if (isset($sleep_after_edit) && $sleep_after_edit > 0) { if (isset($sleep_after_edit) && $sleep_after_edit > 0) {
sleep($sleep_after_edit); sleep($sleep_after_edit);
} }
// are we going from draft/private to publishd? // are we going from draft/private to published?
if ((($prev_status == 'draft') || ($prev_status == 'private')) && ($post_status == 'publish')) { if ((($prev_status == 'draft') || ($prev_status == 'private')) && ($post_status == 'publish')) {
pingWeblogs($blog_ID); pingWeblogs($blog_ID);
pingCafelog($cafelogID, $post_title, $post_ID); pingCafelog($cafelogID, $post_title, $post_ID);
@ -215,7 +229,7 @@ switch($action) {
} }
if (!empty($HTTP_POST_VARS['trackback_url'])) { if (!empty($HTTP_POST_VARS['trackback_url'])) {
$excerpt = (strlen(strip_tags($content)) > 255) ? substr(strip_tags($content), 0, 252).'...' : strip_tags($content); $excerpt = (strlen(strip_tags($content)) > 255) ? substr(strip_tags($content), 0, 252) . '...' : strip_tags($content);
$excerpt = stripslashes($excerpt); $excerpt = stripslashes($excerpt);
$trackback_urls = explode(',', $HTTP_POST_VARS['trackback_url']); $trackback_urls = explode(',', $HTTP_POST_VARS['trackback_url']);
foreach($trackback_urls as $tb_url) { foreach($trackback_urls as $tb_url) {
@ -229,34 +243,32 @@ switch($action) {
header ($location); header ($location);
break; break;
case "delete": case 'delete':
$standalone = 1; $standalone = 1;
require_once("./b2header.php"); require_once('./b2header.php');
if ($user_level == 0) if ($user_level == 0)
die ("Cheatin' uh ?"); die ('Cheatin&#8217; uh?');
$post = $HTTP_GET_VARS['post']; $post = $HTTP_GET_VARS['post'];
$postdata=get_postdata($post) or die("Oops, no post with this ID. <a href=\"b2edit.php\">Go back</a> !"); $postdata = get_postdata($post) or die('Oops, no post with this ID. <a href="b2edit.php">Go back</a>!');
$authordata = get_userdata($postdata["Author_ID"]); $authordata = get_userdata($postdata['Author_ID']);
if ($user_level < $authordata->user_level) if ($user_level < $authordata->user_level)
die ("You don't have the right to delete <b>".$authordata[1]."</b>'s posts."); die ('You don&#8217;t have the right to delete <strong>'.$authordata[1].'</strong>&#8217;s posts.');
$query = "DELETE FROM $tableposts WHERE ID=$post"; $result = $wpdb->query("DELETE FROM $tableposts WHERE ID=$post");
$result = $wpdb->query($query);
if (!$result) if (!$result)
die("Error in deleting... contact the <a href=\"mailto:$admin_email\">webmaster</a>..."); die('Error in deleting... contact the <a href="mailto:$admin_email">webmaster</a>.');
$query = "DELETE FROM $tablecomments WHERE comment_post_ID=$post"; $result = $wpdb->query("DELETE FROM $tablecomments WHERE comment_post_ID=$post");
$result = $wpdb->query($query);
if (isset($sleep_after_edit) && $sleep_after_edit > 0) { if (isset($sleep_after_edit) && $sleep_after_edit > 0) {
sleep($sleep_after_edit); sleep($sleep_after_edit);
} }
//pingWeblogs($blog_ID); // pingWeblogs($blog_ID);
header ('Location: b2edit.php'); header ('Location: b2edit.php');
@ -282,32 +294,31 @@ switch($action) {
break; break;
case "deletecomment": case 'deletecomment':
$standalone = 1; $standalone = 1;
require_once("./b2header.php"); require_once('./b2header.php');
if ($user_level == 0) if ($user_level == 0)
die ("Cheatin' uh ?"); die ('Cheatin&#8217; uh?');
$comment = $HTTP_GET_VARS['comment']; $comment = $HTTP_GET_VARS['comment'];
$p = $HTTP_GET_VARS['p']; $p = $HTTP_GET_VARS['p'];
$commentdata=get_commentdata($comment) or die("Oops, no comment with this ID. <a href=\"b2edit.php\">Go back</a> !"); $commentdata = get_commentdata($comment) or die('Oops, no comment with this ID. <a href="b2edit.php">Go back</a>!');
$query = "DELETE FROM $tablecomments WHERE comment_ID=$comment"; $result = $wpdb->query("DELETE FROM $tablecomments WHERE comment_ID=$comment");
$result = $wpdb->query($query);
header ("Location: b2edit.php?p=$p&c=1#comments"); //?a=dc"); header ("Location: b2edit.php?p=$p&c=1#comments");
break; break;
case "editedcomment": case 'editedcomment':
$standalone = 1; $standalone = 1;
require_once("./b2header.php"); require_once('./b2header.php');
if ($user_level == 0) if ($user_level == 0)
die ("Cheatin' uh ?"); die ('Cheatin&#8217; uh?');
$comment_ID = $HTTP_POST_VARS['comment_ID']; $comment_ID = $HTTP_POST_VARS['comment_ID'];
$comment_post_ID = $HTTP_POST_VARS['comment_post_ID']; $comment_post_ID = $HTTP_POST_VARS['comment_post_ID'];
@ -318,40 +329,46 @@ switch($action) {
$newcomment_author_email = addslashes($newcomment_author_email); $newcomment_author_email = addslashes($newcomment_author_email);
$newcomment_author_url = addslashes($newcomment_author_url); $newcomment_author_url = addslashes($newcomment_author_url);
if (($user_level > 4) && (!empty($HTTP_POST_VARS["edit_date"]))) { if (($user_level > 4) && (!empty($HTTP_POST_VARS['edit_date']))) {
$aa = $HTTP_POST_VARS["aa"]; $aa = $HTTP_POST_VARS['aa'];
$mm = $HTTP_POST_VARS["mm"]; $mm = $HTTP_POST_VARS['mm'];
$jj = $HTTP_POST_VARS["jj"]; $jj = $HTTP_POST_VARS['jj'];
$hh = $HTTP_POST_VARS["hh"]; $hh = $HTTP_POST_VARS['hh'];
$mn = $HTTP_POST_VARS["mn"]; $mn = $HTTP_POST_VARS['mn'];
$ss = $HTTP_POST_VARS["ss"]; $ss = $HTTP_POST_VARS['ss'];
$jj = ($jj > 31) ? 31 : $jj; $jj = ($jj > 31) ? 31 : $jj;
$hh = ($hh > 23) ? $hh - 24 : $hh; $hh = ($hh > 23) ? $hh - 24 : $hh;
$mn = ($mn > 59) ? $mn - 60 : $mn; $mn = ($mn > 59) ? $mn - 60 : $mn;
$ss = ($ss > 59) ? $ss - 60 : $ss; $ss = ($ss > 59) ? $ss - 60 : $ss;
$datemodif = ", comment_date=\"$aa-$mm-$jj $hh:$mn:$ss\""; $datemodif = ", comment_date = 'aa-$mm-$jj $hh:$mn:$ss'";
} else { } else {
$datemodif = ""; $datemodif = '';
} }
$content = balanceTags($content); $content = balanceTags($content);
$content = format_to_post($content); $content = format_to_post($content);
$query = "UPDATE $tablecomments SET comment_content=\"$content\", comment_author=\"$newcomment_author\", comment_author_email=\"$newcomment_author_email\", comment_author_url=\"$newcomment_author_url\"".$datemodif." WHERE comment_ID=$comment_ID"; $result = $wpdb->query("
$result = $wpdb->query($query); UPDATE $tablecomments SET
comment_content = '$content',
comment_author = '$newcomment_author',
comment_author_email = '$newcomment_author_email',
comment_author_url = '$newcomment_author_url'".$datemodif."
WHERE comment_ID = $comment_ID"
);
header ("Location: b2edit.php?p=$comment_post_ID&c=1#comments"); //?a=ec"); header ("Location: b2edit.php?p=$comment_post_ID&c=1#comments");
break; break;
default: default:
$standalone=0; $standalone = 0;
require_once ("./b2header.php"); require_once ('./b2header.php');
if ($user_level > 0) { if ($user_level > 0) {
if ((!$withcomments) && (!$c)) { if ((!$withcomments) && (!$c)) {
$action = 'post'; $action = 'post';
get_currentuserinfo(); get_currentuserinfo();
$drafts = $wpdb->get_results("SELECT ID, post_title FROM $tableposts WHERE post_status = 'draft' AND post_author = $user_ID"); $drafts = $wpdb->get_results("SELECT ID, post_title FROM $tableposts WHERE post_status = 'draft' AND post_author = $user_ID");
if ($drafts) { if ($drafts) {
@ -362,6 +379,7 @@ switch($action) {
$i = 0; $i = 0;
foreach ($drafts as $draft) { foreach ($drafts as $draft) {
if (0 != $i) echo ', '; if (0 != $i) echo ', ';
$draft->post_title = stripslashes($draft->post_title);
echo "<a href='b2edit.php?action=edit&amp;post=$draft->ID' title='Edit this draft'>$draft->post_title</a>"; echo "<a href='b2edit.php?action=edit&amp;post=$draft->ID' title='Edit this draft'>$draft->post_title</a>";
++$i; ++$i;
} }
@ -369,8 +387,8 @@ switch($action) {
</div> </div>
<?php <?php
} }
include("b2edit.form.php"); include('b2edit.form.php');
echo "<br /><br />"; echo '<br /><br />';
} }
@ -379,15 +397,17 @@ switch($action) {
?> ?>
<div class="wrap"> <div class="wrap">
<p>Since you're a newcomer, you'll have to wait for an admin to raise your level to 1, in order to be authorized to post.<br />You can also <a href="mailto:<?php echo $admin_email ?>?subject=b2-promotion">e-mail the admin</a> to ask for a promotion.<br />When you're promoted, just reload this page and you'll be able to blog. :)</p> <p>Since you&#8217;re a newcomer, you&#8217;ll have to wait for an admin to raise your level to 1, in order to be authorized to post.<br />
You can also <a href="mailto:<?php echo $admin_email ?>?subject=b2-promotion">e-mail the admin</a> to ask for a promotion.<br />
When you&#8217;re promoted, just reload this page and you&#8217;ll be able to blog. :)</p>
</div> </div>
<?php <?php
} }
include("b2edit.showposts.php"); include('b2edit.showposts.php');
break; break;
} // end switch } // end switch
/* </Edit> */ /* </Edit> */
include("b2footer.php"); include('b2footer.php');
?> ?>