<?php
/**
- *
- * SourceForge News Facility
- *
- * SourceForge: Breaking Down the Barriers to Open Source Development
- * Copyright 1999-2001 (c) VA Linux Systems
- * http://sourceforge.net
- *
- * @version $Id$
- *
- */
-
-
-require_once('pre.php');
-require_once('news_admin_utils.php');
+ * GForge News Facility
+ *
+ * Copyright 1999-2001 (c) VA Linux Systems
+ * The rest Copyright 2002-2004 (c) GForge Team
+ * http://gforge.org/
+ *
+ * This file is part of GForge.
+ *
+ * GForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+require_once('../../env.inc.php');
+require_once $gfwww.'include/pre.php';
+require_once $gfwww.'include/note.php';
+require_once $gfwww.'news/admin/news_admin_utils.php';
+require_once $gfwww.'news/news_utils.php';
//common forum tools which are used during the creation/editing of news items
-require_once('www/forum/forum_utils.php');
+require_once $gfcommon.'forum/Forum.class.php';
+require_once $gfcommon.'include/TextSanitizer.class.php'; // to make the HTML input by the user safe to store
+
+$group_id = getIntFromRequest('group_id');
+$post_changes = getStringFromRequest('post_changes');
+$approve = getStringFromRequest('approve');
+$status = getIntFromRequest('status');
+$summary = getStringFromRequest('summary');
+$details = getStringFromRequest('details');
+$id = getIntFromRequest('id');
+
+$feedback = '';
if ($group_id && $group_id != $sys_news_group && user_ismember($group_id,'A')) {
+ $status = getIntFromRequest('status');
+ $summary = getStringFromRequest('summary');
+ $details = getStringFromRequest('details');
+
/*
Per-project admin pages.
Shows their own news items so they can edit/update.
- If their news is on the homepage, and they edit, it is removed from
+ If their news is on the homepage, and they edit, it is removed from
sf.net homepage.
*/
}
//foundry stuff - remove this news from the foundry so it has to be re-approved by the admin
- db_query("DELETE FROM foundry_news WHERE news_id='$id'");
+ db_query_params ('DELETE FROM foundry_news WHERE news_id=$1',
+ array($id));
if (!$summary) {
$summary='(none)';
if (!$details) {
$details='(none)';
}
-
- $sql="UPDATE news_bytes SET is_approved='$status', summary='".htmlspecialchars($summary)."', ".
- "details='".htmlspecialchars($details)."' WHERE id='$id' AND group_id='$group_id'";
- $result=db_query($sql);
+
+ $sanitizer = new TextSanitizer();
+ $details = $sanitizer->SanitizeHtml($details);
+ $result = db_query_params("UPDATE news_bytes SET is_approved=$1, summary=$2,
+details=$3 WHERE id=$4 AND group_id=$5", array($status, htmlspecialchars($summary), addslashes($details), $id, $group_id));
if (!$result || db_affected_rows($result) < 1) {
- $feedback .= ' ERROR doing group update ';
+ $feedback .= _('Error On Update:');
} else {
- $feedback .= ' Project NewsByte Updated. ';
+ $feedback .= _('NewsByte Updated.');
+ // No notification if news is deleted.
+// if ($status != 4)
+// send_news_notification_email($id);
}
/*
Show the list_queue
}
}
- news_header(array('title'=>'NewsBytes','pagename'=>'news_admin'));
+ news_header(array('title'=>_('News admin')));
if ($approve) {
/*
Show the submit form
*/
- $sql="SELECT * FROM news_bytes WHERE id='$id' AND group_id='$group_id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM news_bytes WHERE id=$1 AND group_id=$2", array($id, $group_id));
if (db_numrows($result) < 1) {
- exit_error('Error','Error - none found');
+ exit_error(_('Error'), _('NewsByte not found'));
}
+
+ $group =& group_get_object($group_id);
+
+ echo notepad_func();
+ echo '
+ <h3>'.sprintf(_('Approve a NewsByte For Project: %1$s'), $group->getPublicName()).'</h3>
+ <p />
+ <form action="'.getStringFromServer('PHP_SELF').'" method="post">
+ <input type="hidden" name="group_id" value="'.db_result($result,0,'group_id').'" />
+ <input type="hidden" name="id" value="'.db_result($result,0,'id').'" />';
+
+ $user =& user_get_object(db_result($result,0,'submitted_by'));
echo '
- <H3>Approve a NewsByte For Project: '.group_getname($group_id).'</H3>
- <P>
- <FORM ACTION="'.$PHP_SELF.'" METHOD="POST">
- <INPUT TYPE="HIDDEN" NAME="group_id" VALUE="'.db_result($result,0,'group_id').'">
- <INPUT TYPE="HIDDEN" NAME="id" VALUE="'.db_result($result,0,'id').'">
-
- <B>Submitted by:</B> '.user_getname(db_result($result,0,'submitted_by')).'<BR>
- <INPUT TYPE="HIDDEN" NAME="approve" VALUE="y">
- <INPUT TYPE="HIDDEN" NAME="post_changes" VALUE="y">
-
- <B>Status:</B><BR>
- <INPUT TYPE="RADIO" NAME="status" VALUE="0" CHECKED> Displayed<BR>
- <INPUT TYPE="RADIO" NAME="status" VALUE="4"> Delete<BR>
-
- <B>Subject:</B><BR>
- <INPUT TYPE="TEXT" NAME="summary" VALUE="'.db_result($result,0,'summary').'" SIZE="30" MAXLENGTH="60"><BR>
- <B>Details:</B><BR>
- <TEXTAREA NAME="details" ROWS="5" COLS="50" WRAP="SOFT">'.db_result($result,0,'details').'</TEXTAREA><P>
- <B>If this item is on the SourceForge home page and you edit it, it will be removed from the home page.</B><BR>
- <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="SUBMIT">
- </FORM>';
+ <strong>'._('Submitted by').':</strong> '.$user->getRealName().'<br />
+ <input type="hidden" name="approve" value="y" />
+ <input type="hidden" name="post_changes" value="y" />
+
+ <strong>'._('Status').'</strong><br />
+ <input type="radio" name="status" value="0" checked="checked" /> '._('Displayed').'<br />
+ <input type="radio" name="status" value="4" /> '._('Delete').'<br />
+
+ <strong>'._('Subject').'</strong><br />
+ <input type="text" name="summary" value="'.db_result($result,0,'summary').'" size="30" maxlength="60" /><br />
+ <strong>'._('Details').'</strong>'.notepad_button('document.forms[2].details').'<br />';
+
+ $GLOBALS['editor_was_set_up']=false;
+ $params = array () ;
+ $params['name'] = 'details';
+ $params['width'] = "600";
+ $params['height'] = "300";
+ $params['group'] = $group_id;
+ $params['body'] = db_result($result,0,'details');
+ plugin_hook("text_editor",$params);
+ if (!$GLOBALS['editor_was_set_up']) {
+ //if we don't have any plugin for text editor, display a simple textarea edit box
+ echo '<textarea name="details" rows="5" cols="50">'.db_result($result,0,'details').'</textarea><br />';
+ }
+ unset($GLOBALS['editor_was_set_up']);
+
+ echo '<p>
+ <strong>'.sprintf(_('If this item is on the %1$s home page and you edit it, it will be removed from the home page.'), $GLOBALS['sys_name']).'</strong><br /></p>
+ <input type="submit" name="submit" value="'._('Submit').'" />
+ </form>';
} else {
/*
Show list of waiting news items
*/
- $sql="SELECT * FROM news_bytes WHERE is_approved <> 4 AND group_id='$group_id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM news_bytes WHERE is_approved <> 4 AND group_id=$1", array($group_id));
$rows=db_numrows($result);
+ $group =& group_get_object($group_id);
+
if ($rows < 1) {
echo '
- <H4>No Queued Items Found For Project: '.group_getname($group_id).'</H1>';
+ <h4>'._('No Queued Items Found').': '.$group->getPublicName().'</h4>';
} else {
echo '
- <H4>These News Items Were Submitted For Project: '.group_getname($group_id).'</H4>
- <P>';
+ <h4>'._('List of News Submitted for Project').': '.$group->getPublicName().'</h4>
+ <ul>';
for ($i=0; $i<$rows; $i++) {
echo '
- <A HREF="/news/admin/?approve=1&id='.db_result($result,$i,'id').'&group_id='.
- db_result($result,$i,'group_id').'">'.
- db_result($result,$i,'summary').'</A><BR>';
+ <li>'.util_make_link ('/news/admin/?approve=1&id='.db_result($result,$i,'id').'&group_id='.db_result($result,$i,'group_id'),db_result($result,$i,'summary')).'</li>';
}
+ echo '</ul>';
}
}
/*
Update the db so the item shows on the home page
*/
- $sql="UPDATE news_bytes SET is_approved='1', date='".time()."', ".
- "summary='".htmlspecialchars($summary)."', details='".htmlspecialchars($details)."' WHERE id='$id'";
- $result=db_query($sql);
+ $sanitizer = new TextSanitizer();
+ $details = $sanitizer->SanitizeHtml($details);
+ $result=db_query_params("UPDATE news_bytes SET is_approved='1', post_date=$1,
+summary=$2, details=$3 WHERE id=$4", array(time(), htmlspecialchars($summary), addslashes($details), $id));
if (!$result || db_affected_rows($result) < 1) {
- $feedback .= ' ERROR doing update ';
+ $feedback .= _('Error On Update:');
} else {
- $feedback .= ' NewsByte Updated. ';
+ $feedback .= _('NewsByte Updated.');
}
} else if ($status==2) {
/*
Move msg to deleted status
*/
- $sql="UPDATE news_bytes SET is_approved='2' WHERE id='$id'";
- $result=db_query($sql);
+ $result=db_query_params("UPDATE news_bytes SET is_approved='2' WHERE id=$1", array($id));
if (!$result || db_affected_rows($result) < 1) {
- $feedback .= ' ERROR doing update ';
+ $feedback .= _('Error On Update:');
$feedback .= db_error();
} else {
- $feedback .= ' NewsByte Deleted. ';
+ $feedback .= _('NewsByte Deleted.');
}
}
*/
$approve='';
$list_queue='y';
- } else if ($mass_reject) {
+ } else if (getStringFromRequest('mass_reject')) {
/*
Move msg to rejected status
*/
- $sql="UPDATE news_bytes "
- ."SET is_approved='2' "
- ."WHERE id IN ('".implode($news_id,"','")."')";
- $result=db_query($sql);
+ $news_id = getArrayFromRequest('news_id');
+ $result = db_query_params("UPDATE news_bytes
+SET is_approved='2'
+WHERE id = ANY($1)",array(db_int_array_to_any_clause($news_id)));
if (!$result || db_affected_rows($result) < 1) {
- $feedback .= ' ERROR doing update ';
+ $feedback .= _('Error On Update:');
$feedback .= db_error();
} else {
- $feedback .= ' NewsBytes Rejected. ';
+ $feedback .= _('NewsBytes Rejected.');
}
}
}
- news_header(array('title'=>'NewsBytes','pagename'=>'news_admin'));
+ news_header(array('title'=>_('News admin')));
if ($approve) {
/*
Show the submit form
*/
- $sql="SELECT groups.unix_group_name,news_bytes.* ".
- "FROM news_bytes,groups WHERE id='$id' ".
- "AND news_bytes.group_id=groups.group_id ";
- $result=db_query($sql);
+ $result=db_query_params("SELECT groups.unix_group_name,groups.group_id,news_bytes.*
+FROM news_bytes,groups WHERE id=$1
+AND news_bytes.group_id=groups.group_id ", array($id));
if (db_numrows($result) < 1) {
- exit_error('Error','Error - not found');
+ exit_error(_('Error'), _('NewsByte not found'));
+ }
+ if (db_result($result,0,'is_approved') == 4) {
+ exit_error(_('Error'), _('NewsByte deleted'));
}
+
+ $group =& group_get_object(db_result($result,0,'group_id'));
+ $user =& user_get_object(db_result($result,0,'submitted_by'));
echo '
- <H3>Approve a NewsByte</H3>
- <P>
- <FORM ACTION="'.$PHP_SELF.'" METHOD="POST">
- <INPUT TYPE="HIDDEN" NAME="for_group" VALUE="'.db_result($result,0,'group_id').'">
- <INPUT TYPE="HIDDEN" NAME="id" VALUE="'.db_result($result,0,'id').'">
- <B>Submitted for group:</B> <a href="/projects/'.strtolower(db_result($result,0,'unix_group_name')).'/">'.group_getname(db_result($result,0,'group_id')).'</a><BR>
- <B>Submitted by:</B> '.user_getname(db_result($result,0,'submitted_by')).'<BR>
- <INPUT TYPE="HIDDEN" NAME="approve" VALUE="y">
- <INPUT TYPE="HIDDEN" NAME="post_changes" VALUE="y">
- <INPUT TYPE="RADIO" NAME="status" VALUE="1"> Approve For Front Page<BR>
- <INPUT TYPE="RADIO" NAME="status" VALUE="0"> Do Nothing<BR>
- <INPUT TYPE="RADIO" NAME="status" VALUE="2" CHECKED> Delete<BR>
- <B>Subject:</B><BR>
- <INPUT TYPE="TEXT" NAME="summary" VALUE="'.db_result($result,0,'summary').'" SIZE="30" MAXLENGTH="60"><BR>
- <B>Details:</B><BR>
- <TEXTAREA NAME="details" ROWS="5" COLS="50" WRAP="SOFT">'.db_result($result,0,'details').'</TEXTAREA><BR>
- <INPUT TYPE="SUBMIT" NAME="SUBMIT" VALUE="SUBMIT">
- </FORM>';
+ <h3>'.sprintf(_('Approve a NewsByte For Project: %1$s'), $group->getPublicName()).'</h3>
+ <p />
+ <form action="'.getStringFromServer('PHP_SELF').'" method="post">
+ <input type="hidden" name="for_group" value="'.db_result($result,0,'group_id').'" />
+ <input type="hidden" name="id" value="'.db_result($result,0,'id').'" />
+ <strong>'._('Submitted for group').':</strong> '.
+ util_make_link_g (strtolower(db_result($result,0,'unix_group_name')),db_result($result,0,'group_id'),$group->getPublicName()).'<br />
+ <strong>'._('Submitted by').':</strong> '.$user->getRealName().'<br />
+ <input type="hidden" name="approve" value="y" />
+ <input type="hidden" name="post_changes" value="y" />
+ <input type="radio" name="status" value="1" /> '._('Approve For Front Page').'<br />
+ <input type="radio" name="status" value="0" /> '._('Do Nothing').'<br />
+ <input type="radio" name="status" value="2" checked="checked" /> '._('Reject').'<br />
+ <strong>'._('Subject').':</strong><br />
+ <input type="text" name="summary" value="'.db_result($result,0,'summary').'" size="30" maxlength="60" /><br />
+ <strong>'._('Details').':</strong><br />';
+
+ $GLOBALS['editor_was_set_up']=false;
+ $params = array () ;
+ $params['name'] = 'details';
+ $params['width'] = "600";
+ $params['height'] = "300";
+ $params['group'] = db_result($result,0,'group_id');
+ $params['body'] = db_result($result,0,'details');
+ plugin_hook("text_editor",$params);
+ if (!$GLOBALS['editor_was_set_up']) {
+ //if we don't have any plugin for text editor, display a simple textarea edit box
+ echo '<textarea name="details" rows="5" cols="50">'.db_result($result,0,'details').'</textarea><br />';
+ }
+ unset($GLOBALS['editor_was_set_up']);
+
+
+ echo '<br />
+ <input type="submit" name="submit" value="'._('Submit').'" />
+ </form>';
} else {
Show list of waiting news items
*/
- $old_date = time()-60*60*24*30;
- $sql_pending= "
- SELECT groups.group_id,id,date,summary,
- group_name,unix_group_name
- FROM news_bytes,groups
- WHERE is_approved=0
- AND news_bytes.group_id=groups.group_id
- AND date > '$old_date'
+ $old_date = time()-60*60*24*30;
+ $qpa_pending = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
+ group_name,unix_group_name
+ FROM news_bytes,groups
+ WHERE is_approved=0
+ AND news_bytes.group_id=groups.group_id
+ AND post_date > $1
AND groups.is_public=1
- AND groups.status='A'
- ORDER BY date
- ";
+ AND groups.status=$2
+ ORDER BY post_date', array ($old_date, 'A')) ;
$old_date = time()-(60*60*24*7);
- $sql_rejected = "
- SELECT groups.group_id,id,date,summary,
- group_name,unix_group_name
- FROM news_bytes,groups
- WHERE is_approved=2
- AND news_bytes.group_id=groups.group_id
- AND date > '$old_date'
- ORDER BY date
- ";
-
- $sql_approved = "
- SELECT groups.group_id,id,date,summary,
- group_name,unix_group_name
- FROM news_bytes,groups
- WHERE is_approved=1
- AND news_bytes.group_id=groups.group_id
- AND date > '$old_date'
- ORDER BY date
- ";
-
+ $qpa_rejected = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
+ group_name,unix_group_name
+ FROM news_bytes,groups
+ WHERE is_approved=2
+ AND news_bytes.group_id=groups.group_id
+ AND post_date > $1
+ ORDER BY post_date', array ($old_date)) ;
+
+ $qpa_approved = db_construct_qpa (false, 'SELECT groups.group_id,id,post_date,summary,
+ group_name,unix_group_name
+ FROM news_bytes,groups
+ WHERE is_approved=1
+ AND news_bytes.group_id=groups.group_id
+ AND post_date > $1
+ ORDER BY post_date', array ($old_date)) ;
show_news_approve_form(
- $sql_pending,
- $sql_rejected,
- $sql_approved
+ $qpa_pending,
+ $qpa_rejected,
+ $qpa_approved
);
}
} else {
- exit_error('Permission Denied.','Permission Denied. You have to be an admin on the project you are editing or a member of the SourceForge News team.');
+ exit_error(_('Permission denied.'),sprintf(_('You have to be an admin on the project you are editing or a member of the %s News team.'), $GLOBALS['sys_name']));
}
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
?>