[geeklog-cvs] Geeklog-1.x/plugins/calendar functions.inc, 1.86, 1.87
Dirk Haun
dhaun at qs1489.pair.com
Thu May 22 13:01:56 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/plugins/calendar
In directory qs1489.pair.com:/tmp/cvs-serv43032/plugins/calendar
Modified Files:
functions.inc
Log Message:
More CSRF protection; also fixed some E_ALL warnings and some cosmetic issues
Index: functions.inc
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/plugins/calendar/functions.inc,v
retrieving revision 1.86
retrieving revision 1.87
diff -C2 -d -r1.86 -r1.87
*** functions.inc 22 May 2008 13:59:45 -0000 1.86
--- functions.inc 22 May 2008 17:01:54 -0000 1.87
***************
*** 436,442 ****
}
// check ok, proceed to saving
! $A['end_year'] = COM_applyFilter ($A['end_year'], true);
! $A['end_month'] = COM_applyFilter ($A['end_month'], true);
! $A['end_day'] = COM_applyFilter ($A['end_day'], true);
$A['datestart'] = sprintf ('%4d-%02d-%02d',
--- 436,448 ----
}
// check ok, proceed to saving
! if (isset($A['end_year'])) {
! $A['end_year'] = COM_applyFilter($A['end_year'], true);
! }
! if (isset($A['end_month'])) {
! $A['end_month'] = COM_applyFilter($A['end_month'], true);
! }
! if (isset($A['end_day'])) {
! $A['end_day'] = COM_applyFilter($A['end_day'], true);
! }
$A['datestart'] = sprintf ('%4d-%02d-%02d',
***************
*** 458,461 ****
--- 464,478 ----
}
+ $A['title'] = (isset($A['title']) ? $A['title'] : '');
+ $A['url'] = (isset($A['url']) ? $A['url'] : '');
+ $A['location'] = (isset($A['location']) ? $A['location'] : '');
+ $A['address1'] = (isset($A['address1']) ? $A['address1'] : '');
+ $A['address2'] = (isset($A['address2']) ? $A['address2'] : '');
+ $A['city'] = (isset($A['city']) ? $A['city'] : '');
+ $A['zipcode'] = (isset($A['zipcode']) ? $A['zipcode'] : '');
+ $A['state'] = (isset($A['state']) ? $A['state'] : '');
+ $A['description'] = (isset($A['description']) ? $A['description'] : '');
+ $A['event_type'] = (isset($A['event_type']) ? $A['event_type'] : '');
+
// pseudo-formatted event description for the spam check
$spamcheck = COM_createLink($A['title'], $A['url']) . '<br' . XHTML . '>'
***************
*** 773,776 ****
--- 790,801 ----
$eventform->set_var('lang_submit', $LANG_CAL_1[45]);
$eventform->set_var('mode', $mode);
+ if ($mode == 'personal') {
+ $token = SEC_createToken();
+ $hidden_fields = '<input type="hidden" name="' . CSRF_TOKEN
+ . "\" value=\"{$token}\"" . XHTML . ">";
+ $eventform->set_var('hidden_fields', $hidden_fields);
+ } else {
+ $eventform->set_var('hidden_fields', '');
+ }
$eventform->set_var('xhtml', XHTML);
$eventform->parse('theform', 'eventform');
***************
*** 897,903 ****
$listoptions = array('chkdelete' => true, 'chkfield' => 'eid');
$retval .= ADMIN_createMenu($menu_arr, $LANG_CAL_ADMIN[27] . $usr_time . "$desc", plugin_geticon_calendar());
$retval .= ADMIN_list('calendar', 'plugin_getListField_calendar',
$header_arr, $text_arr, $query_arr,
! $defsort_arr, '', '', $listoptions);
return $retval;
--- 922,932 ----
$listoptions = array('chkdelete' => true, 'chkfield' => 'eid');
$retval .= ADMIN_createMenu($menu_arr, $LANG_CAL_ADMIN[27] . $usr_time . "$desc", plugin_geticon_calendar());
+
+ $token = SEC_createToken();
+ $form_arr['bottom'] = "<input type=\"hidden\" name=\"" . CSRF_TOKEN
+ . "\" value=\"{$token}\"" . XHTML . ">";
$retval .= ADMIN_list('calendar', 'plugin_getListField_calendar',
$header_arr, $text_arr, $query_arr,
! $defsort_arr, '', '', $listoptions, $form_arr);
return $retval;
More information about the geeklog-cvs
mailing list