$sanitizer = new TextSanitizer();
$details = $sanitizer->SanitizeHtml($details);
$result = db_query_params("UPDATE news_bytes SET is_approved=$1, summary=$2,
-details=$3 WHERE id=$4 AND group_id=$5", array($status, htmlspecialchars($summary), $details, $id, $group_id));
+details=$3 WHERE id=$4 AND group_id=$5", array($status, htmlspecialchars($summary), addslashes($details), $id, $group_id));
if (!$result || db_affected_rows($result) < 1) {
$feedback .= _('Error On Update:');
} else {
$feedback .= _('NewsByte Updated.');
+ // No notification if news is deleted.
+// if ($status != 4)
+// send_news_notification_email($id);
}
/*
Show the list_queue
<strong>'._('Subject').'</strong><br />
<input type="text" name="summary" value="'.db_result($result,0,'summary').'" size="30" maxlength="60" /><br />
- <strong>'._('Details').'</strong>'.notepad_button('document.forms[1].details').'<br />';
+ <strong>'._('Details').'</strong>'.notepad_button('document.forms[2].details').'<br />';
$GLOBALS['editor_was_set_up']=false;
$params = array () ;
<ul>';
for ($i=0; $i<$rows; $i++) {
echo '
- <li>'.util_make_link ('/news/admin/?approve=1&id='.db_result($result,$i,'id').'&group_id='.db_result($result,$i,'group_id'),db_result($result,$i,'summary')).'</li>';
+ <li>'.util_make_link ('/news/admin/?approve=1&id='.db_result($result,$i,'id').'&group_id='.db_result($result,$i,'group_id'),db_result($result,$i,'summary')).'</li>';
}
echo '</ul>';
}
$sanitizer = new TextSanitizer();
$details = $sanitizer->SanitizeHtml($details);
$result=db_query_params("UPDATE news_bytes SET is_approved='1', post_date=$1,
-summary=$2, details=$3 WHERE id=$4", array(time(), htmlspecialchars($summary), $details, $id));
+summary=$2, details=$3 WHERE id=$4", array(time(), htmlspecialchars($summary), addslashes($details), $id));
if (!$result || db_affected_rows($result) < 1) {
$feedback .= _('Error On Update:');
} else {
if (db_numrows($result) < 1) {
exit_error(_('Error'), _('NewsByte not found'));
}
+ if (db_result($result,0,'is_approved') == 4) {
+ exit_error(_('Error'), _('NewsByte deleted'));
+ }
$group =& group_get_object(db_result($result,0,'group_id'));
$user =& user_get_object(db_result($result,0,'submitted_by'));
*/
$old_date = time()-60*60*24*30;
- $sql_pending= "
- SELECT groups.group_id,id,post_date,summary,
+ $qpa_pending = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
group_name,unix_group_name
FROM news_bytes,groups
WHERE is_approved=0
AND news_bytes.group_id=groups.group_id
- AND post_date > '$old_date'
+ AND post_date > $1
AND groups.is_public=1
- AND groups.status='A'
- ORDER BY post_date
- ";
+ AND groups.status=$2
+ ORDER BY post_date', array ($old_date, 'A')) ;
$old_date = time()-(60*60*24*7);
- $sql_rejected = "
- SELECT groups.group_id,id,post_date,summary,
+ $qpa_rejected = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
group_name,unix_group_name
FROM news_bytes,groups
WHERE is_approved=2
AND news_bytes.group_id=groups.group_id
- AND post_date > '$old_date'
- ORDER BY post_date
- ";
+ AND post_date > $1
+ ORDER BY post_date', array ($old_date)) ;
- $sql_approved = "
- SELECT groups.group_id,id,post_date,summary,
+ $qpa_approved = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
group_name,unix_group_name
FROM news_bytes,groups
WHERE is_approved=1
AND news_bytes.group_id=groups.group_id
- AND post_date > '$old_date'
- ORDER BY post_date
- ";
+ AND post_date > $1
+ ORDER BY post_date', array ($old_date)) ;
show_news_approve_form(
- $sql_pending,
- $sql_rejected,
- $sql_approved
+ $qpa_pending,
+ $qpa_rejected,
+ $qpa_approved
);
}