Strip slashes of draft titles, XHTML and formatting updates.

git-svn-id: http://svn.automattic.com/wordpress/trunk@198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
saxmatt 2003-06-10 19:28:03 +00:00
parent 1aaef103e2
commit 69c2ef5a35
2 changed files with 193 additions and 165 deletions

View File

@ -17,7 +17,8 @@ switch($action) {
$form_pingback = '';
}
if ($use_trackback) {
$form_trackback = '<p><label for="trackback"><strong>TrackBack</strong> an <acronym title="Uniform Resource Locator">URL</acronym>:</label> (Seperate multiple URLs with commas.)<br /><input type="text" name="trackback_url" style="width: 415px" id="trackback" /></p>';
$form_trackback = '<p><label for="trackback"><strong>TrackBack</strong> an <acronym title="Uniform Resource Locator">URL</acronym>:</label> (Seperate multiple <acronym title="Uniform Resource Locator">URL</acronym>s with commas.)<br />
<input type="text" name="trackback_url" style="width: 415px" id="trackback" /></p>';
} else {
$form_trackback = '';
}
@ -25,7 +26,7 @@ switch($action) {
break;
case "edit":
$submitbutton_text = 'Edit this!';
$toprow_title = 'Editing Post #' . $postdata["ID"];
$toprow_title = 'Editing Post #' . $postdata['ID'];
$form_action = 'editpost';
$form_extra = "' />\n<input type='hidden' name='post_ID' value='$post";
$colspan = 2;
@ -35,7 +36,7 @@ switch($action) {
break;
case "editcomment":
$submitbutton_text = 'Edit this!';
$toprow_title = 'Editing Comment # '.$commentdata["comment_ID"];
$toprow_title = 'Editing Comment # '.$commentdata['comment_ID'];
$form_action = 'editedcomment';
$form_extra = "' />\n<input type='hidden' name='comment_ID' value='$comment' />\n<input type='hidden' name='comment_post_ID' value='".$commentdata["comment_post_ID"];
$colspan = 3;
@ -46,7 +47,7 @@ switch($action) {
?>
<form name="post" action="b2edit.php" method="POST">
<form name="post" action="b2edit.php" method="post">
<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
@ -56,33 +57,40 @@ switch($action) {
<table>
<tr>
<td width="210"> <label for="title">Title:</label> <br /> <input type="text" name="post_title" size="25" tabindex="1" style="width: 190px;" value="<?php echo $edited_post_title; ?>" id="title" />
<td width="210">
<label for="title">Title:</label><br />
<input type="text" name="post_title" size="25" tabindex="1" style="width: 190px;" value="<?php echo $edited_post_title; ?>" id="title" />
</td>
<td> <label for="category">Category :</label> <br />
<td>
<label for="category">Category:</label><br />
<?php dropdown_categories(); ?>
</td>
<td><label for="post_status">Post Status:</label><br />
<td>
<label for="post_status">Post Status:</label><br />
<select name="post_status" id="post_status">
<option value="publish"<?php selected($post_status, 'publish'); ?>>Publish</option>
<option value="draft"<?php selected($post_status, 'draft'); ?>>Draft</option>
<option value="private"<?php selected($post_status, 'private'); ?>>Private</option>
</select> </td>
<td><label for="comment_status">Comments:</label><br />
</select>
</td>
<td>
<label for="comment_status">Comments:</label><br />
<select name="comment_status" id="comment_status">
<option value="open"<?php selected($comment_status, 'open'); ?>>Open</option>
<option value="closed"<?php selected($comment_status, 'closed'); ?>>Closed</option>
</select> </td>
<td><label for="ping_status">Pings:</label><br />
</select>
</td>
<td>
<label for="ping_status">Pings:</label><br />
<select name="ping_status" id="ping_status">
<option value="open"<?php selected($ping_status, 'open'); ?>>Open</option>
<option value="closed"<?php selected($ping_status, 'open'); ?>>Closed</option>
</select></td>
<td><label for="post_password">Post Password:</label>
<br />
<input name="post_password" type="text" id="post_password" value="<?php echo $post_password ?>" /> </td>
</select>
</td>
<td>
<label for="post_password">Post Password:</label><br />
<input name="post_password" type="text" id="post_password" value="<?php echo $post_password ?>" />
</td>
</tr>
</table>
<?php
@ -94,17 +102,16 @@ switch($action) {
<table>
<tr>
<td>
<label for="name">Name:</label>
<br />
<input type="text" name="newcomment_author" size="22" value="<?php echo format_to_edit($commentdata["comment_author"]) ?>" tabindex="1" id="name" /></td>
<label for="name">Name:</label><br />
<input type="text" name="newcomment_author" size="22" value="<?php echo format_to_edit($commentdata['comment_author']) ?>" tabindex="1" id="name" /></td>
<td>
<label for="email">E-mail:</label>
<br />
<input type="text" name="newcomment_author_email" size="30" value="<?php echo format_to_edit($commentdata["comment_author_email"]) ?>" tabindex="2" id="email" /></td>
<label for="email">E-mail:</label><br />
<input type="text" name="newcomment_author_email" size="30" value="<?php echo format_to_edit($commentdata['comment_author_email']) ?>" tabindex="2" id="email" />
</td>
<td>
<label for="URL">URL:</label>
<br />
<input type="text" name="newcomment_author_url" size="35" value="<?php echo format_to_edit($commentdata["comment_author_url"]) ?>" tabindex="3" id="URL" /></td>
<label for="URL">URL:</label><br />
<input type="text" name="newcomment_author_url" size="35" value="<?php echo format_to_edit($commentdata['comment_author_url']) ?>" tabindex="3" id="URL" />
</td>
</tr>
</table>
<?php
@ -115,9 +122,10 @@ switch($action) {
<?php
if ($action != 'editcomment') {
echo '<label for="excerpt">Excerpt:</label>';
echo '<p><label for="excerpt">Excerpt:</label><br />';
?>
<p><textarea rows="3" cols="40" style="width:100%" name="excerpt" tabindex="4" wrap="virtual" id="excerpt"><?php echo $excerpt ?></textarea></p>
<textarea rows="3" cols="40" style="width:100%" name="excerpt" tabindex="4" wrap="virtual" id="excerpt"><?php echo $excerpt ?></textarea></p>
<?php
} // if not a comment
@ -129,7 +137,7 @@ if ($action != 'editcomment') {
if ($action != 'editcomment') {
echo '<label for="content">Post:</label>';
} else {
echo '<br /><label for="content">Comment:</label>';
echo '<label for="content">Comment:</label>';
}
?>
</td>

View File

@ -42,39 +42,43 @@ switch($action) {
$standalone = 1;
require_once('b2header.php');
$post_pingback = intval($HTTP_POST_VARS["post_pingback"]);
$content = balanceTags($HTTP_POST_VARS["content"]);
$post_pingback = intval($HTTP_POST_VARS['post_pingback']);
$content = balanceTags($HTTP_POST_VARS['content']);
$content = format_to_post($content);
$excerpt = balanceTags($HTTP_POST_VARS["excerpt"]);
$excerpt = balanceTags($HTTP_POST_VARS['excerpt']);
$excerpt = format_to_post($excerpt);
$post_title = addslashes($HTTP_POST_VARS["post_title"]);
$post_category = intval($HTTP_POST_VARS["post_category"]);
$post_title = addslashes($HTTP_POST_VARS['post_title']);
$post_category = intval($HTTP_POST_VARS['post_category']);
$post_status = $HTTP_POST_VARS['post_status'];
$comment_status = $HTTP_POST_VARS['comment_status'];
$ping_status = $HTTP_POST_VARS['ping_status'];
$post_password = addslashes($HTTP_POST_VARS['post_password']);
if ($user_level == 0)
die ("Cheatin' uh ?");
die ('Cheatin&#8217; uh?');
if (($user_level > 4) && (!empty($HTTP_POST_VARS["edit_date"]))) {
$aa = $HTTP_POST_VARS["aa"];
$mm = $HTTP_POST_VARS["mm"];
$jj = $HTTP_POST_VARS["jj"];
$hh = $HTTP_POST_VARS["hh"];
$mn = $HTTP_POST_VARS["mn"];
$ss = $HTTP_POST_VARS["ss"];
if (($user_level > 4) && (!empty($HTTP_POST_VARS['edit_date']))) {
$aa = $HTTP_POST_VARS['aa'];
$mm = $HTTP_POST_VARS['mm'];
$jj = $HTTP_POST_VARS['jj'];
$hh = $HTTP_POST_VARS['hh'];
$mn = $HTTP_POST_VARS['mn'];
$ss = $HTTP_POST_VARS['ss'];
$jj = ($jj > 31) ? 31 : $jj;
$hh = ($hh > 23) ? $hh - 24 : $hh;
$mn = ($mn > 59) ? $mn - 60 : $mn;
$ss = ($ss > 59) ? $ss - 60 : $ss;
$now = "$aa-$mm-$jj $hh:$mn:$ss";
} else {
$now = date("Y-m-d H:i:s", (time() + ($time_difference * 3600)));
$now = date('Y-m-d H:i:s', (time() + ($time_difference * 3600)));
}
$query = "INSERT INTO $tableposts (ID, post_author, post_date, post_content, post_title, post_category, post_excerpt, post_status, comment_status, ping_status, post_password) VALUES ('0','$user_ID','$now','$content','$post_title','$post_category','$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password')";
$result = $wpdb->query($query);
$result = $wpdb->query("
INSERT INTO $tableposts
(ID, post_author, post_date, post_content, post_title, post_category, post_excerpt, post_status, comment_status, ping_status, post_password)
VALUES
('0','$user_ID','$now','$content','$post_title','$post_category','$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password')
");
$post_ID = $wpdb->get_var("SELECT ID FROM $tableposts ORDER BY ID DESC LIMIT 1");
@ -102,20 +106,20 @@ switch($action) {
}
} // end if publish
if (!empty($HTTP_POST_VARS["mode"])) {
switch($HTTP_POST_VARS["mode"]) {
case "bookmarklet":
$location="b2bookmarklet.php?a=b";
if (!empty($HTTP_POST_VARS['mode'])) {
switch($HTTP_POST_VARS['mode']) {
case 'bookmarklet':
$location = 'b2bookmarklet.php?a=b';
break;
case "sidebar":
$location="b2sidebar.php?a=b";
case 'sidebar':
$location = 'b2sidebar.php?a=b';
break;
default:
$location="b2edit.php";
$location = 'b2edit.php';
break;
}
} else {
$location="b2edit.php";
$location = 'b2edit.php';
}
header("Location: $location");
exit();
@ -129,7 +133,7 @@ switch($action) {
$post = $HTTP_GET_VARS['post'];
if ($user_level > 0) {
$postdata = get_postdata($post);
$authordata = get_userdata($postdata["Author_ID"]);
$authordata = get_userdata($postdata['Author_ID']);
if ($user_level < $authordata->user_level)
die ('You don&#8217;t have the right to edit <strong>'.$authordata[1].'</strong>&#8217;s posts.');
@ -146,48 +150,48 @@ switch($action) {
include('b2edit.form.php');
} else {
?>
<p>Since you're a newcomer, you'll have to wait for an admin to raise your level to 1,
<p>Since you&#8217;re a newcomer, you&#8217;ll have to wait for an admin to raise your level to 1,
in order to be authorized to post.<br />
You can also <a href="mailto:<?php echo $admin_email ?>?subject=b2-promotion">e-mail the admin</a>
You can also <a href="mailto:<?php echo $admin_email ?>?subject=Promotion?">e-mail the admin</a>
to ask for a promotion.<br />
When you're promoted, just reload this page and you'll be able to blog. :)
When you&#8217;re promoted, just reload this page and you&#8217;ll be able to blog. :)
</p>
<?php
}
break;
case "editpost":
case 'editpost':
$standalone = 1;
require_once("./b2header.php");
require_once('./b2header.php');
if ($user_level == 0)
die ("Cheatin' uh ?");
die ('Cheatin&#8217; uh?');
if (!isset($blog_ID)) {
$blog_ID = 1;
}
$post_ID = $HTTP_POST_VARS["post_ID"];
$post_category = intval($HTTP_POST_VARS["post_category"]);
$post_autobr = intval($HTTP_POST_VARS["post_autobr"]);
$content = balanceTags($HTTP_POST_VARS["content"]);
$post_ID = $HTTP_POST_VARS['post_ID'];
$post_category = intval($HTTP_POST_VARS['post_category']);
$post_autobr = intval($HTTP_POST_VARS['post_autobr']);
$content = balanceTags($HTTP_POST_VARS['content']);
$content = format_to_post($content);
$excerpt = balanceTags($HTTP_POST_VARS["excerpt"]);
$excerpt = balanceTags($HTTP_POST_VARS['excerpt']);
$excerpt = format_to_post($excerpt);
$post_title = addslashes($HTTP_POST_VARS["post_title"]);
$post_title = addslashes($HTTP_POST_VARS['post_title']);
$post_status = $HTTP_POST_VARS['post_status'];
$prev_status = $HTTP_POST_VARS['prev_status'];
$comment_status = $HTTP_POST_VARS['comment_status'];
$ping_status = $HTTP_POST_VARS['ping_status'];
$post_password = addslashes($HTTP_POST_VARS['post_password']);
if (($user_level > 4) && (!empty($HTTP_POST_VARS["edit_date"]))) {
$aa = $HTTP_POST_VARS["aa"];
$mm = $HTTP_POST_VARS["mm"];
$jj = $HTTP_POST_VARS["jj"];
$hh = $HTTP_POST_VARS["hh"];
$mn = $HTTP_POST_VARS["mn"];
$ss = $HTTP_POST_VARS["ss"];
if (($user_level > 4) && (!empty($HTTP_POST_VARS['edit_date']))) {
$aa = $HTTP_POST_VARS['aa'];
$mm = $HTTP_POST_VARS['mm'];
$jj = $HTTP_POST_VARS['jj'];
$hh = $HTTP_POST_VARS['hh'];
$mn = $HTTP_POST_VARS['mn'];
$ss = $HTTP_POST_VARS['ss'];
$jj = ($jj > 31) ? 31 : $jj;
$hh = ($hh > 23) ? $hh - 24 : $hh;
$mn = ($mn > 59) ? $mn - 60 : $mn;
@ -197,14 +201,24 @@ switch($action) {
$datemodif = '';
}
$query = "UPDATE $tableposts SET post_content='$content', post_excerpt='$excerpt', post_title='$post_title', post_category='$post_category'".$datemodif.", post_status='$post_status', comment_status='$comment_status', ping_status='$ping_status', post_password='$post_password' WHERE ID = $post_ID";
$result = $wpdb->query($query);
$result = $wpdb->query("
UPDATE $tableposts SET
post_content = '$content',
post_excerpt = '$excerpt',
post_title = '$post_title',
post_category = '$post_category'".$datemodif.",
post_status = '$post_status',
comment_status = '$comment_status',
ping_status = '$ping_status',
post_password = '$post_password'
WHERE ID = $post_ID
");
if (isset($sleep_after_edit) && $sleep_after_edit > 0) {
sleep($sleep_after_edit);
}
// are we going from draft/private to publishd?
// are we going from draft/private to published?
if ((($prev_status == 'draft') || ($prev_status == 'private')) && ($post_status == 'publish')) {
pingWeblogs($blog_ID);
pingCafelog($cafelogID, $post_title, $post_ID);
@ -229,28 +243,26 @@ switch($action) {
header ($location);
break;
case "delete":
case 'delete':
$standalone = 1;
require_once("./b2header.php");
require_once('./b2header.php');
if ($user_level == 0)
die ("Cheatin' uh ?");
die ('Cheatin&#8217; uh?');
$post = $HTTP_GET_VARS['post'];
$postdata=get_postdata($post) or die("Oops, no post with this ID. <a href=\"b2edit.php\">Go back</a> !");
$authordata = get_userdata($postdata["Author_ID"]);
$postdata = get_postdata($post) or die('Oops, no post with this ID. <a href="b2edit.php">Go back</a>!');
$authordata = get_userdata($postdata['Author_ID']);
if ($user_level < $authordata->user_level)
die ("You don't have the right to delete <b>".$authordata[1]."</b>'s posts.");
die ('You don&#8217;t have the right to delete <strong>'.$authordata[1].'</strong>&#8217;s posts.');
$query = "DELETE FROM $tableposts WHERE ID=$post";
$result = $wpdb->query($query);
$result = $wpdb->query("DELETE FROM $tableposts WHERE ID=$post");
if (!$result)
die("Error in deleting... contact the <a href=\"mailto:$admin_email\">webmaster</a>...");
die('Error in deleting... contact the <a href="mailto:$admin_email">webmaster</a>.');
$query = "DELETE FROM $tablecomments WHERE comment_post_ID=$post";
$result = $wpdb->query($query);
$result = $wpdb->query("DELETE FROM $tablecomments WHERE comment_post_ID=$post");
if (isset($sleep_after_edit) && $sleep_after_edit > 0) {
sleep($sleep_after_edit);
@ -282,32 +294,31 @@ switch($action) {
break;
case "deletecomment":
case 'deletecomment':
$standalone = 1;
require_once("./b2header.php");
require_once('./b2header.php');
if ($user_level == 0)
die ("Cheatin' uh ?");
die ('Cheatin&#8217; uh?');
$comment = $HTTP_GET_VARS['comment'];
$p = $HTTP_GET_VARS['p'];
$commentdata=get_commentdata($comment) or die("Oops, no comment with this ID. <a href=\"b2edit.php\">Go back</a> !");
$commentdata = get_commentdata($comment) or die('Oops, no comment with this ID. <a href="b2edit.php">Go back</a>!');
$query = "DELETE FROM $tablecomments WHERE comment_ID=$comment";
$result = $wpdb->query($query);
$result = $wpdb->query("DELETE FROM $tablecomments WHERE comment_ID=$comment");
header ("Location: b2edit.php?p=$p&c=1#comments"); //?a=dc");
header ("Location: b2edit.php?p=$p&c=1#comments");
break;
case "editedcomment":
case 'editedcomment':
$standalone = 1;
require_once("./b2header.php");
require_once('./b2header.php');
if ($user_level == 0)
die ("Cheatin' uh ?");
die ('Cheatin&#8217; uh?');
$comment_ID = $HTTP_POST_VARS['comment_ID'];
$comment_post_ID = $HTTP_POST_VARS['comment_post_ID'];
@ -318,35 +329,41 @@ switch($action) {
$newcomment_author_email = addslashes($newcomment_author_email);
$newcomment_author_url = addslashes($newcomment_author_url);
if (($user_level > 4) && (!empty($HTTP_POST_VARS["edit_date"]))) {
$aa = $HTTP_POST_VARS["aa"];
$mm = $HTTP_POST_VARS["mm"];
$jj = $HTTP_POST_VARS["jj"];
$hh = $HTTP_POST_VARS["hh"];
$mn = $HTTP_POST_VARS["mn"];
$ss = $HTTP_POST_VARS["ss"];
if (($user_level > 4) && (!empty($HTTP_POST_VARS['edit_date']))) {
$aa = $HTTP_POST_VARS['aa'];
$mm = $HTTP_POST_VARS['mm'];
$jj = $HTTP_POST_VARS['jj'];
$hh = $HTTP_POST_VARS['hh'];
$mn = $HTTP_POST_VARS['mn'];
$ss = $HTTP_POST_VARS['ss'];
$jj = ($jj > 31) ? 31 : $jj;
$hh = ($hh > 23) ? $hh - 24 : $hh;
$mn = ($mn > 59) ? $mn - 60 : $mn;
$ss = ($ss > 59) ? $ss - 60 : $ss;
$datemodif = ", comment_date=\"$aa-$mm-$jj $hh:$mn:$ss\"";
$datemodif = ", comment_date = 'aa-$mm-$jj $hh:$mn:$ss'";
} else {
$datemodif = "";
$datemodif = '';
}
$content = balanceTags($content);
$content = format_to_post($content);
$query = "UPDATE $tablecomments SET comment_content=\"$content\", comment_author=\"$newcomment_author\", comment_author_email=\"$newcomment_author_email\", comment_author_url=\"$newcomment_author_url\"".$datemodif." WHERE comment_ID=$comment_ID";
$result = $wpdb->query($query);
$result = $wpdb->query("
UPDATE $tablecomments SET
comment_content = '$content',
comment_author = '$newcomment_author',
comment_author_email = '$newcomment_author_email',
comment_author_url = '$newcomment_author_url'".$datemodif."
WHERE comment_ID = $comment_ID"
);
header ("Location: b2edit.php?p=$comment_post_ID&c=1#comments"); //?a=ec");
header ("Location: b2edit.php?p=$comment_post_ID&c=1#comments");
break;
default:
$standalone = 0;
require_once ("./b2header.php");
require_once ('./b2header.php');
if ($user_level > 0) {
if ((!$withcomments) && (!$c)) {
@ -362,6 +379,7 @@ switch($action) {
$i = 0;
foreach ($drafts as $draft) {
if (0 != $i) echo ', ';
$draft->post_title = stripslashes($draft->post_title);
echo "<a href='b2edit.php?action=edit&amp;post=$draft->ID' title='Edit this draft'>$draft->post_title</a>";
++$i;
}
@ -369,8 +387,8 @@ switch($action) {
</div>
<?php
}
include("b2edit.form.php");
echo "<br /><br />";
include('b2edit.form.php');
echo '<br /><br />';
}
@ -379,15 +397,17 @@ switch($action) {
?>
<div class="wrap">
<p>Since you're a newcomer, you'll have to wait for an admin to raise your level to 1, in order to be authorized to post.<br />You can also <a href="mailto:<?php echo $admin_email ?>?subject=b2-promotion">e-mail the admin</a> to ask for a promotion.<br />When you're promoted, just reload this page and you'll be able to blog. :)</p>
<p>Since you&#8217;re a newcomer, you&#8217;ll have to wait for an admin to raise your level to 1, in order to be authorized to post.<br />
You can also <a href="mailto:<?php echo $admin_email ?>?subject=b2-promotion">e-mail the admin</a> to ask for a promotion.<br />
When you&#8217;re promoted, just reload this page and you&#8217;ll be able to blog. :)</p>
</div>
<?php
}
include("b2edit.showposts.php");
include('b2edit.showposts.php');
break;
} // end switch
/* </Edit> */
include("b2footer.php");
include('b2footer.php');
?>