[geeklog-cvs] Geeklog-1.x/public_html/calendar event.php, 1.28, 1.29 index.php, 1.24, 1.25
Dirk Haun
dhaun at qs1489.pair.com
Thu May 22 13:01:56 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/calendar
In directory qs1489.pair.com:/tmp/cvs-serv43032/public_html/calendar
Modified Files:
event.php index.php
Log Message:
More CSRF protection; also fixed some E_ALL warnings and some cosmetic issues
Index: event.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/calendar/event.php,v
retrieving revision 1.28
retrieving revision 1.29
diff -C2 -d -r1.28 -r1.29
*** event.php 19 Apr 2008 14:56:01 -0000 1.28
--- event.php 22 May 2008 17:01:54 -0000 1.29
***************
*** 62,67 ****
$A = DB_fetchArray($result);
$cal_template = new Template($_CONF['path'] . 'plugins/calendar/templates/');
! $cal_template->set_file (array ('addevent' => 'addevent.thtml'));
! $cal_template->set_var( 'xhtml', XHTML );
$cal_template->set_var('site_url', $_CONF['site_url']);
$cal_template->set_var('site_admin_url', $_CONF['site_admin_url']);
--- 62,67 ----
$A = DB_fetchArray($result);
$cal_template = new Template($_CONF['path'] . 'plugins/calendar/templates/');
! $cal_template->set_file(array('addevent' => 'addevent.thtml'));
! $cal_template->set_var('xhtml', XHTML);
$cal_template->set_var('site_url', $_CONF['site_url']);
$cal_template->set_var('site_admin_url', $_CONF['site_admin_url']);
***************
*** 107,111 ****
$cal_template->set_var('event_id', $eid);
$cal_template->set_var('lang_addtomycalendar', $LANG_CAL_1[9]);
! $cal_template->parse('output','addevent');
$retval .= $cal_template->finish($cal_template->get_var('output'));
$retval .= COM_endBlock ();
--- 107,113 ----
$cal_template->set_var('event_id', $eid);
$cal_template->set_var('lang_addtomycalendar', $LANG_CAL_1[9]);
! $cal_template->set_var('gltoken_name', CSRF_TOKEN);
! $cal_template->set_var('gltoken', SEC_createToken());
! $cal_template->parse('output', 'addevent');
$retval .= $cal_template->finish($cal_template->get_var('output'));
$retval .= COM_endBlock ();
***************
*** 120,124 ****
* Save an event to user's personal calendar
*
! * User has seen the confirmation screen and they still want to
* add this event to their calendar. Actually save it now.
*
--- 122,126 ----
* Save an event to user's personal calendar
*
! * User has seen the confirmation screen and they still wants to
* add this event to their calendar. Actually save it now.
*
***************
*** 297,300 ****
--- 299,304 ----
$cal_templates->set_var ('hour_mode', 12);
}
+ $cal_templates->set_var('gltoken_name', CSRF_TOKEN);
+ $cal_templates->set_var('gltoken', SEC_createToken());
return $cal_templates->parse ('output', 'form');
***************
*** 345,350 ****
switch ($action) {
case 'addevent':
! if (($_CA_CONF['personalcalendars'] == 1) &&
! isset ($_USER['uid']) && ($_USER['uid'] > 1)) {
$display .= COM_siteHeader ();
--- 349,353 ----
switch ($action) {
case 'addevent':
! if (($_CA_CONF['personalcalendars'] == 1) && !COM_isAnonUser()) {
$display .= COM_siteHeader ();
***************
*** 363,367 ****
case 'saveuserevent':
! if ($_CA_CONF['personalcalendars'] == 1) {
$eid = COM_applyFilter ($_POST['eid']);
if (!empty ($eid)) {
--- 366,370 ----
case 'saveuserevent':
! if (($_CA_CONF['personalcalendars'] == 1) && SEC_checkToken()) {
$eid = COM_applyFilter ($_POST['eid']);
if (!empty ($eid)) {
***************
*** 378,385 ****
case $LANG_CAL_1[45]: // save edited personal event
! if (!empty ($LANG_CAL_1[45]) && ($_CA_CONF['personalcalendars'] == 1) &&
(!empty ($_USER['uid']) && ($_USER['uid'] > 1)) &&
(isset ($_POST['calendar_type']) &&
! ($_POST['calendar_type'] == 'personal'))) {
$display = plugin_savesubmission_calendar ($_POST);
} else {
--- 381,388 ----
case $LANG_CAL_1[45]: // save edited personal event
! if (!empty($LANG_CAL_1[45]) && ($_CA_CONF['personalcalendars'] == 1) &&
(!empty ($_USER['uid']) && ($_USER['uid'] > 1)) &&
(isset ($_POST['calendar_type']) &&
! ($_POST['calendar_type'] == 'personal')) && SEC_checkToken()) {
$display = plugin_savesubmission_calendar ($_POST);
} else {
***************
*** 390,394 ****
case 'deleteevent':
case $LANG_CAL_1[51]:
! if ($_CA_CONF['personalcalendars'] == 1) {
$eid = COM_applyFilter ($_REQUEST['eid']);
if (!empty ($eid) && (isset ($_USER['uid']) && ($_USER['uid'] > 1))) {
--- 393,397 ----
case 'deleteevent':
case $LANG_CAL_1[51]:
! if (($_CA_CONF['personalcalendars'] == 1) && SEC_checkToken()) {
$eid = COM_applyFilter ($_REQUEST['eid']);
if (!empty ($eid) && (isset ($_USER['uid']) && ($_USER['uid'] > 1))) {
***************
*** 500,504 ****
$cal_templates->set_var ('lang_backtocalendar', $LANG_CAL_1[15]);
if ($mode == 'personal') {
! $cal_templates->set_var ('calendar_mode', '&mode=personal');
} else {
$cal_templates->set_var ('calendar_mode', '');
--- 503,507 ----
$cal_templates->set_var ('lang_backtocalendar', $LANG_CAL_1[15]);
if ($mode == 'personal') {
! $cal_templates->set_var ('calendar_mode', '?mode=personal');
} else {
$cal_templates->set_var ('calendar_mode', '');
***************
*** 522,526 ****
$currentmonth = '';
! for ($i = 1; $i <= $nrows; $i++) {
$A = DB_fetchArray($result);
if (SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],
--- 525,529 ----
$currentmonth = '';
! for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
if (SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],
***************
*** 541,556 ****
}
$cal_templates->set_var('event_title', $event_title);
! if (!empty ($_USER['uid']) && ($_USER['uid'] > 1) &&
! ($_CA_CONF['personalcalendars'] == 1)) {
! $tmpresult = DB_query("SELECT * FROM {$_TABLES['personal_events']} "
! . "WHERE eid='{$A['eid']}' AND uid={$_USER['uid']}");
$tmpnrows = DB_numRows($tmpresult);
if ($tmpnrows > 0) {
! $addremovelink = $_CONF['site_url'] . '/calendar/event.php?eid='
! . $A['eid'] . '&mode=personal&action=deleteevent';
$addremovetxt = $LANG_CAL_1[10];
} else {
! $addremovelink = $_CONF['site_url'] . '/calendar/event.php?eid='
! . $A['eid'] . '&mode=personal&action=addevent';
$addremovetxt = $LANG_CAL_1[9];
}
--- 544,562 ----
}
$cal_templates->set_var('event_title', $event_title);
! if (($_CA_CONF['personalcalendars'] == 1)
! && !COM_isAnonUser()) {
! $tmpresult = DB_query("SELECT * FROM {$_TABLES['personal_events']} WHERE eid='{$A['eid']}' AND uid={$_USER['uid']}");
$tmpnrows = DB_numRows($tmpresult);
if ($tmpnrows > 0) {
! $token = SEC_createToken();
! $addremovelink = $_CONF['site_url']
! . '/calendar/event.php?eid=' . $A['eid']
! . '&mode=personal&action=deleteevent&'
! . CSRF_TOKEN . '=' . $token;
$addremovetxt = $LANG_CAL_1[10];
} else {
! $addremovelink = $_CONF['site_url']
! . '/calendar/event.php?eid=' . $A['eid']
! . '&mode=personal&action=addevent';
$addremovetxt = $LANG_CAL_1[9];
}
***************
*** 651,690 ****
$cal_templates->set_var ('lang_event_type', $LANG_CAL_1[37]);
$cal_templates->set_var ('event_type', $A['event_type']);
$cal_templates->parse ('event_details', 'details', true);
}
- }
-
- if ($mode == 'personal') {
- $editurl = $_CONF['site_url'] . '/calendar/event.php?action=edit'
- . '&eid=' . $eid;
- $cal_templates->set_var ('event_edit', COM_createLink($LANG01[4], $editurl));
- $img = '<img src="' . $_CONF['layout_url'] . '/images/edit.'
- . $_IMAGE_TYPE . '" alt="' . $LANG01[4] . '" title="'
- . $LANG01[4] . '"' . XHTML . '>';
- $cal_templates->set_var ('edit_icon', COM_createLink($img, $editurl));
- } else if ((SEC_hasAccess ($A['owner_id'], $A['group_id'],
- $A['perm_owner'], $A['perm_group'], $A['perm_members'],
- $A['perm_anon']) == 3) && SEC_hasRights ('calendar.edit')) {
- $editurl = $_CONF['site_admin_url']
- . '/plugins/calendar/index.php?mode=edit&eid=' . $eid;
- $cal_templates->set_var ('event_edit', COM_createLink($LANG01[4], $editurl));
- $img = '<img src="' . $_CONF['layout_url'] . '/images/edit.'
- . $_IMAGE_TYPE . '" alt="' . $LANG01[4] . '" title="'
- . $LANG01[4] . '"' . XHTML . '>';
- $cal_templates->set_var ('edit_icon', COM_createLink($img, $editurl));
- $cal_templates->set_var ('hits_admin',
- COM_numberFormat ($A['hits']));
- $cal_templates->set_var ('lang_hits_admin', $LANG10[30]);
- } else {
- $cal_templates->set_var ('event_edit', '');
- $cal_templates->set_var ('edit_icon', '');
- }
- if ($mode == 'personal') {
- // personal events don't have a hits counter
- $cal_templates->set_var ('lang_hits', '');
- $cal_templates->set_var ('hits', '');
- } else {
- $cal_templates->set_var ('lang_hits', $LANG10[30]);
- $cal_templates->set_var ('hits', COM_numberFormat ($A['hits']));
}
--- 657,702 ----
$cal_templates->set_var ('lang_event_type', $LANG_CAL_1[37]);
$cal_templates->set_var ('event_type', $A['event_type']);
+
+ if ($mode == 'personal') {
+ $editurl = $_CONF['site_url']
+ . '/calendar/event.php?action=edit' . '&eid='
+ . $A['eid'];
+ $cal_templates->set_var('event_edit',
+ COM_createLink($LANG01[4], $editurl));
+ $img = '<img src="' . $_CONF['layout_url'] . '/images/edit.'
+ . $_IMAGE_TYPE . '" alt="' . $LANG01[4] . '" title="'
+ . $LANG01[4] . '"' . XHTML . '>';
+ $cal_templates->set_var('edit_icon',
+ COM_createLink($img, $editurl));
+ } else if ((SEC_hasAccess ($A['owner_id'], $A['group_id'],
+ $A['perm_owner'], $A['perm_group'], $A['perm_members'],
+ $A['perm_anon']) == 3) && SEC_hasRights ('calendar.edit')) {
+ $editurl = $_CONF['site_admin_url']
+ . '/plugins/calendar/index.php?mode=edit&eid='
+ . $A['eid'];
+ $cal_templates->set_var('event_edit',
+ COM_createLink($LANG01[4], $editurl));
+ $img = '<img src="' . $_CONF['layout_url'] . '/images/edit.'
+ . $_IMAGE_TYPE . '" alt="' . $LANG01[4] . '" title="'
+ . $LANG01[4] . '"' . XHTML . '>';
+ $cal_templates->set_var('edit_icon',
+ COM_createLink($img, $editurl));
+ $cal_templates->set_var('hits_admin',
+ COM_numberFormat($A['hits']));
+ $cal_templates->set_var('lang_hits_admin', $LANG10[30]);
+ } else {
+ $cal_templates->set_var('event_edit', '');
+ $cal_templates->set_var('edit_icon', '');
+ }
+ if ($mode == 'personal') {
+ // personal events don't have a hits counter
+ $cal_templates->set_var('lang_hits', '');
+ $cal_templates->set_var('hits', '');
+ } else {
+ $cal_templates->set_var('lang_hits', $LANG10[30]);
+ $cal_templates->set_var('hits', COM_numberFormat($A['hits']));
+ }
$cal_templates->parse ('event_details', 'details', true);
}
}
Index: index.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/calendar/index.php,v
retrieving revision 1.24
retrieving revision 1.25
diff -C2 -d -r1.24 -r1.25
*** index.php 13 Feb 2008 11:29:09 -0000 1.24
--- index.php 22 May 2008 17:01:54 -0000 1.25
***************
*** 9,13 ****
// | Geeklog calendar plugin |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2007 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
--- 9,13 ----
// | Geeklog calendar plugin |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2008 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
***************
*** 35,40 ****
// $Id$
! require_once ('../lib-common.php');
! require_once ($_CONF['path_system'] . 'classes/calendar.class.php');
$display = '';
--- 35,40 ----
// $Id$
! require_once '../lib-common.php';
! require_once $_CONF['path_system'] . 'classes/calendar.class.php';
$display = '';
***************
*** 208,215 ****
* @param string $mode 'personal' for personal events
* @param array $A event permissions and id
* @return string link or empty string
*
*/
! function getDeleteImageLink ($mode, $A)
{
global $_CONF, $LANG_CAL_ADMIN, $LANG_CAL_2, $_IMAGE_TYPE;
--- 208,216 ----
* @param string $mode 'personal' for personal events
* @param array $A event permissions and id
+ * @param string $token security token
* @return string link or empty string
*
*/
! function getDeleteImageLink($mode, $A, $token)
{
global $_CONF, $LANG_CAL_ADMIN, $LANG_CAL_2, $_IMAGE_TYPE;
***************
*** 220,236 ****
. '" alt="' . $LANG_CAL_2[30] . '" title="'
. $LANG_CAL_2[30] . '"' . XHTML . '>';
if ($mode == 'personal') {
! if (SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'],
$A['perm_group'], $A['perm_members'], $A['perm_anon']) > 0) {
$retval = COM_createLink($img, $_CONF['site_url']
. '/calendar/event.php?action=deleteevent&eid='
! . $A['eid']);
}
! } else if (SEC_hasRights ('calendar.edit')) {
! if (SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'],
$A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
$retval = COM_createLink($img, $_CONF['site_admin_url']
. '/plugins/calendar/index.php?mode=' . $LANG_CAL_ADMIN[22]
! . '&eid=' . $A['eid']);
}
}
--- 221,239 ----
. '" alt="' . $LANG_CAL_2[30] . '" title="'
. $LANG_CAL_2[30] . '"' . XHTML . '>';
+
if ($mode == 'personal') {
! if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'],
$A['perm_group'], $A['perm_members'], $A['perm_anon']) > 0) {
$retval = COM_createLink($img, $_CONF['site_url']
. '/calendar/event.php?action=deleteevent&eid='
! . $A['eid'] . '&' . CSRF_TOKEN . '=' . $token);
}
! } else if (SEC_hasRights('calendar.edit')) {
! if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'],
$A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
$retval = COM_createLink($img, $_CONF['site_admin_url']
. '/plugins/calendar/index.php?mode=' . $LANG_CAL_ADMIN[22]
! . '&eid=' . $A['eid'] . '&' . CSRF_TOKEN . '='
! . $token);
}
}
***************
*** 308,320 ****
*
*/
! function getQuickAdd($tpl, $month, $day, $year)
{
global $_CA_CONF, $LANG_CAL_2;
! $tpl->set_var ('month_options', COM_getMonthFormOptions ($month));
! $tpl->set_var ('day_options', COM_getDayFormOptions ($day));
! $tpl->set_var ('year_options', COM_getYearFormOptions ($year));
! $cur_hour = date ('H', time ());
if ($cur_hour >= 12) {
$ampm = 'pm';
--- 311,323 ----
*
*/
! function getQuickAdd($tpl, $month, $day, $year, $token)
{
global $_CA_CONF, $LANG_CAL_2;
! $tpl->set_var('month_options', COM_getMonthFormOptions($month));
! $tpl->set_var('day_options', COM_getDayFormOptions($day));
! $tpl->set_var('year_options', COM_getYearFormOptions($year));
! $cur_hour = date('H', time ());
if ($cur_hour >= 12) {
$ampm = 'pm';
***************
*** 328,351 ****
$cur_hour = 12;
}
! if (isset ($_CA_CONF['hour_mode']) && ($_CA_CONF['hour_mode'] == 24)) {
! $tpl->set_var ('hour_mode', 24);
! $tpl->set_var ('hour_options',
! COM_getHourFormOptions ($cur_hour_24, 24));
} else {
! $tpl->set_var ('hour_mode', 12);
! $tpl->set_var ('hour_options', COM_getHourFormOptions ($cur_hour));
}
! $tpl->set_var ('startampm_selection',
! COM_getAmPmFormSelection ('start_ampm', $ampm));
! $cur_min = intval (date ('i') / 15) * 15;
! $tpl->set_var ('minute_options', COM_getMinuteFormOptions ($cur_min, 15));
! $tpl->set_var ('lang_event', $LANG_CAL_2[32]);
! $tpl->set_var ('lang_date', $LANG_CAL_2[33]);
! $tpl->set_var ('lang_time', $LANG_CAL_2[34]);
! $tpl->set_var ('lang_add', $LANG_CAL_2[31]);
! $tpl->set_var ('lang_quickadd', $LANG_CAL_2[35]);
! $tpl->set_var ('lang_submit', $LANG_CAL_2[36]);
! $tpl->parse ('quickadd_form', 'quickadd', true);
return $tpl;
--- 331,356 ----
$cur_hour = 12;
}
! if (isset($_CA_CONF['hour_mode']) && ($_CA_CONF['hour_mode'] == 24)) {
! $tpl->set_var('hour_mode', 24);
! $tpl->set_var('hour_options',
! COM_getHourFormOptions($cur_hour_24, 24));
} else {
! $tpl->set_var('hour_mode', 12);
! $tpl->set_var('hour_options', COM_getHourFormOptions($cur_hour));
}
! $tpl->set_var('startampm_selection',
! COM_getAmPmFormSelection('start_ampm', $ampm));
! $cur_min = intval(date('i') / 15) * 15;
! $tpl->set_var('minute_options', COM_getMinuteFormOptions($cur_min, 15));
! $tpl->set_var('lang_event', $LANG_CAL_2[32]);
! $tpl->set_var('lang_date', $LANG_CAL_2[33]);
! $tpl->set_var('lang_time', $LANG_CAL_2[34]);
! $tpl->set_var('lang_add', $LANG_CAL_2[31]);
! $tpl->set_var('lang_quickadd', $LANG_CAL_2[35]);
! $tpl->set_var('lang_submit', $LANG_CAL_2[36]);
! $tpl->set_var('gltoken_name', CSRF_TOKEN);
! $tpl->set_var('gltoken', $token);
! $tpl->parse('quickadd_form', 'quickadd', true);
return $tpl;
***************
*** 368,371 ****
--- 373,377 ----
}
+ // MAIN
$mode = '';
if (isset ($_REQUEST['mode'])) {
***************
*** 384,388 ****
// Set mode back to master if user refreshes screen after their session expires
! if (($mode == 'personal') && (!isset ($_USER['uid']) || ($_USER['uid'] <= 1))) {
$mode = '';
}
--- 390,394 ----
// Set mode back to master if user refreshes screen after their session expires
! if (($mode == 'personal') && COM_isAnonUser()) {
$mode = '';
}
***************
*** 430,433 ****
--- 436,445 ----
}
+ $token = '';
+ if ((($view == 'day') || ($view == 'week')) &&
+ (($mode == 'personal') || SEC_hasRights('calendar.edit'))) {
+ $token = SEC_createToken();
+ }
+
// Create new calendar object
$cal = new Calendar();
***************
*** 514,518 ****
$cal_templates->set_var('calendar_toggle', '| '
. COM_createLink($LANG_CAL_2[11], $_CONF['site_url']
! . "/calendar/index.php?view=day&month=$month&day=$day&year=$year")
);
} else {
--- 526,530 ----
$cal_templates->set_var('calendar_toggle', '| '
. COM_createLink($LANG_CAL_2[11], $_CONF['site_url']
! . "/calendar/index.php?view=day&month=$month&day=$day&year=$year") . ']'
);
} else {
***************
*** 521,525 ****
$cal_templates->set_var('calendar_toggle', '| '
. COM_createLink($LANG_CAL_2[12], $_CONF['site_url']
! . "/calendar/index.php?mode=personal&view=day&month=$month&day=$day&year=$year")
);
} else {
--- 533,537 ----
$cal_templates->set_var('calendar_toggle', '| '
. COM_createLink($LANG_CAL_2[12], $_CONF['site_url']
! . "/calendar/index.php?mode=personal&view=day&month=$month&day=$day&year=$year") . ']'
);
} else {
***************
*** 550,571 ****
// Get all day events
! if (count ($alldaydata) > 0) {
! for ($i = 1; $i <= count ($alldaydata); $i++) {
$A = current($alldaydata);
! $cal_templates->set_var ('delete_imagelink',
! getDeleteImageLink ($mode, $A));
$cal_templates->set_var('event_time', $LANG_CAL_2[26]);
$cal_templates->set_var('eid', $A['eid']);
! $cal_templates->set_var('event_title',stripslashes($A['title']));
! if ($i < count($alldaydata)) {
$cal_templates->set_var('br', '<br' . XHTML . '>');
} else {
$cal_templates->set_var('br', '');
}
! $cal_templates->parse('allday_events','event', true);
next($alldaydata);
}
} else {
! $cal_templates->set_var('allday_events',' ');
}
--- 562,584 ----
// Get all day events
! $alldaycount = count($alldaydata);
! if ($alldaycount > 0) {
! for ($i = 1; $i <= $alldaycount; $i++) {
$A = current($alldaydata);
! $cal_templates->set_var('delete_imagelink',
! getDeleteImageLink($mode, $A, $token));
$cal_templates->set_var('event_time', $LANG_CAL_2[26]);
$cal_templates->set_var('eid', $A['eid']);
! $cal_templates->set_var('event_title', stripslashes($A['title']));
! if ($i < $alldaycount) {
$cal_templates->set_var('br', '<br' . XHTML . '>');
} else {
$cal_templates->set_var('br', '');
}
! $cal_templates->parse('allday_events', 'event', true);
next($alldaydata);
}
} else {
! $cal_templates->set_var('allday_events', ' ');
}
***************
*** 584,589 ****
. strftime ($_CONF['timeonly'], strtotime ($A['dateend']
. ' ' . $A['timeend'])));
! $cal_templates->set_var ('delete_imagelink',
! getDeleteImageLink ($mode, $A));
$cal_templates->set_var('eid', $A['eid']);
$cal_templates->set_var('event_title', stripslashes($A['title']));
--- 597,602 ----
. strftime ($_CONF['timeonly'], strtotime ($A['dateend']
. ' ' . $A['timeend'])));
! $cal_templates->set_var('delete_imagelink',
! getDeleteImageLink($mode, $A, $token));
$cal_templates->set_var('eid', $A['eid']);
$cal_templates->set_var('event_title', stripslashes($A['title']));
***************
*** 607,611 ****
if ($mode == 'personal') {
! $cal_templates = getQuickAdd($cal_templates, $month, $day, $year);
} else {
$cal_templates->set_var('quickadd_form','');
--- 620,624 ----
if ($mode == 'personal') {
! $cal_templates = getQuickAdd($cal_templates, $month, $day, $year, $token);
} else {
$cal_templates->set_var('quickadd_form','');
***************
*** 630,634 ****
$cal_templates->set_var('calendar_toggle', '| '
. COM_createLink($LANG_CAL_2[11], $_CONF['site_url']
! . "/calendar/index.php?view=week&month=$month&day=$day&year=$year")
);
} else {
--- 643,647 ----
$cal_templates->set_var('calendar_toggle', '| '
. COM_createLink($LANG_CAL_2[11], $_CONF['site_url']
! . "/calendar/index.php?view=week&month=$month&day=$day&year=$year") . ']'
);
} else {
***************
*** 637,641 ****
$cal_templates->set_var('calendar_toggle', '| '
. COM_createLink($LANG_CAL_2[12], $_CONF['site_url']
! . "/calendar/index.php?mode=personal&view=week&month=$month&day=$day&year=$year")
);
} else {
--- 650,654 ----
$cal_templates->set_var('calendar_toggle', '| '
. COM_createLink($LANG_CAL_2[12], $_CONF['site_url']
! . "/calendar/index.php?mode=personal&view=week&month=$month&day=$day&year=$year") . ']'
);
} else {
***************
*** 644,648 ****
}
if ($mode == 'personal') {
! $cal_templates = getQuickAdd($cal_templates, $month, $day, $year);
} else {
$cal_templates->set_var('quickadd_form','');
--- 657,661 ----
}
if ($mode == 'personal') {
! $cal_templates = getQuickAdd($cal_templates, $month, $day, $year, $token);
} else {
$cal_templates->set_var('quickadd_form','');
***************
*** 763,768 ****
);
// Provide delete event link if user has access
! $cal_templates->set_var ('delete_imagelink',
! getDeleteImageLink ($mode, $A));
$cal_templates->parse ('events_day' . $i, 'events', true);
}
--- 776,781 ----
);
// Provide delete event link if user has access
! $cal_templates->set_var('delete_imagelink',
! getDeleteImageLink($mode, $A, $token));
$cal_templates->parse ('events_day' . $i, 'events', true);
}
***************
*** 783,792 ****
case 'addentry':
! $display .= plugin_submit_calendar($mode);
! $display .= COM_siteFooter();
break;
case 'savepersonal':
! $display = plugin_savesubmission_calendar($_POST);
break;
--- 796,813 ----
case 'addentry':
! if (SEC_checkToken()) {
! $display .= plugin_submit_calendar($mode);
! $display .= COM_siteFooter();
! } else {
! $display = COM_refresh($_CONF['site_url'] . '/calendar/index.php');
! }
break;
case 'savepersonal':
! if (SEC_checkToken()) {
! $display = plugin_savesubmission_calendar($_POST);
! } else {
! $display = COM_refresh($_CONF['site_url'] . '/calendar/index.php');
! }
break;
More information about the geeklog-cvs
mailing list