<?php
/**
- * GForge News Facility
+ * FusionForge News Facility
*
- * Copyright 1999-2001 (c) VA Linux Systems
- * The rest Copyright 2002-2004 (c) GForge Team
- * http://gforge.org/
+ * Copyright (C) 1999-2001 VA Linux Systems
+ * Copyright (C) 2002-2004 GForge Team
+ * Copyright (C) 2008-2009 Alcatel-Lucent
*
- * @version $Id$
+ * http://fusionforge.org/
*
* This file is part of GForge.
*
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
-require_once('pre.php');
-require_once('note.php');
-require_once('www/news/news_utils.php');
-require_once('common/forum/Forum.class');
+/*
+ * Standard Alcatel-Lucent disclaimer for contributing to open source
+ *
+ * "The Style Sheet ("Contribution") has not been tested and/or
+ * validated for release as or in products, combinations with products or
+ * other commercial use. Any use of the Contribution is entirely made at
+ * the user's own responsibility and the user can not rely on any features,
+ * functionalities or performances Alcatel-Lucent has attributed to the
+ * Contribution.
+ *
+ * THE CONTRIBUTION BY ALCATEL-LUCENT IS PROVIDED AS IS, WITHOUT WARRANTY
+ * OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
+ * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, COMPLIANCE,
+ * NON-INTERFERENCE AND/OR INTERWORKING WITH THE SOFTWARE TO WHICH THE
+ * CONTRIBUTION HAS BEEN MADE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL
+ * ALCATEL-LUCENT BE LIABLE FOR ANY DAMAGES OR OTHER LIABLITY, WHETHER IN
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * CONTRIBUTION OR THE USE OR OTHER DEALINGS IN THE CONTRIBUTION, WHETHER
+ * TOGETHER WITH THE SOFTWARE TO WHICH THE CONTRIBUTION RELATES OR ON A STAND
+ * ALONE BASIS."
+ */
+
+require_once('../env.inc.php');
+require_once $gfwww.'include/pre.php';
+require_once $gfwww.'include/note.php';
+require_once $gfwww.'news/news_utils.php';
+require_once $gfcommon.'forum/Forum.class.php';
+require_once $gfcommon.'include/TextSanitizer.class.php'; // to make the HTML input by the user safe to store
$group_id = getIntFromRequest('group_id');
if (session_loggedin()) {
if (!user_ismember($group_id,'A')) {
- exit_permission_denied($Language->getText('news_submit','cannot'));
+ exit_permission_denied(_('You cannot submit news for a project unless you are an admin on that project'));
}
$group_id = getIntFromRequest('group_id');
if ($group_id == $sys_news_group) {
- exit_permission_denied($Language->getText('news_submit','cannotadmin'));
+ exit_permission_denied(_('Submitting news from the news group is not allowed.'));
}
if (getStringFromRequest('post_changes')) {
+ if (!form_key_is_valid(getStringFromRequest('form_key'))) {
+ exit_form_double_submit();
+ }
$summary = getStringFromRequest('summary');
$details = getStringFromRequest('details');
//check to make sure both fields are there
if ($summary && $details) {
+ $sanitizer = new TextSanitizer();
+ $details = $sanitizer->purify($details);
+
/*
Insert the row into the db if it's a generic message
OR this person is an admin for the group involved
exit_error('Error',$f->getErrorMessage());
}
$new_id=$f->getID();
- $sql="INSERT INTO news_bytes (group_id,submitted_by,is_approved,post_date,forum_id,summary,details) ".
- " VALUES ('$group_id','".user_getid()."','0','".time()."','$new_id','".htmlspecialchars($summary)."','".htmlspecialchars($details)."')";
- $result=db_query($sql);
+
+ $sql='INSERT INTO news_bytes (group_id,submitted_by,is_approved,post_date,forum_id,summary,details)
+ VALUES ($1, $2, $3, $4, $5, $6, $7)';
+ $result=db_query_params($sql,
+ array($group_id, user_getid(), 0, time(), $new_id, htmlspecialchars($summary), $details));
if (!$result) {
db_rollback();
- $feedback .= ' '.$Language->getText('news_submit', 'errorinsert').' ';
+ form_release_key(getStringFromRequest('form_key'));
+ $feedback = ' '._('ERROR doing insert').' ';
} else {
db_commit();
- $feedback .= ' '.$Language->getText('news_submit', 'newsadded').' ';
+ $feedback = ' '._('News Added.').' ';
}
} else {
- $feedback .= ' '.$Language->getText('news_submit', 'errorboth').' ';
+ form_release_key(getStringFromRequest('form_key'));
+ $feedback = ' '._('ERROR - both subject and body are required').' ';
}
}
/*
Show the submit form
*/
- news_header(array('title'=>$Language->getText('news', 'title'),'pagename'=>'news_submit','titlevals'=>array(group_getname($group_id))));
+ news_header(array('title'=>_('News')));
$jsfunc = notepad_func();
$group = group_get_object($group_id);
echo '
<p>
- '. $Language->getText('news_submit', 'post_blurb', $GLOBALS['sys_name']) .'</p>' . $jsfunc .
- '<p>
+ '. sprintf(_('You can post news about your project if you are an admin on your project. You may also post "help wanted" notes if your project needs help.</p><p>All posts <b>for your project</b> will appear instantly on your project summary page. Posts that are of special interest to the community will have to be approved by a member of the %1$s news team before they will appear on the %1$s home page.</p><p>You may include URLs, but not HTML in your submissions.</p><p>URLs that start with http:// are made clickable.'), $GLOBALS['sys_name']) .'</p>' . $jsfunc .
+ '
<form action="'.getStringFromServer('PHP_SELF').'" method="post">
<input type="hidden" name="group_id" value="'.$group_id.'" />
- <strong>'.$Language->getText('news_submit', 'forproject').': '.$group->getPublicName().'</strong>
- <input type="hidden" name="post_changes" value="y" /></p>
+ <input type="hidden" name="post_changes" value="y" />
+ <input type="hidden" name="form_key" value="'. form_generate_key() .'" />
+ <p><strong>'._('For project').' '.$group->getPublicName().'</strong></p>
<p>
- <strong>'.$Language->getText('news_submit', 'subject').':</strong>'.utils_requiredField().'<br />
- <input type="text" name="summary" value="" size="30" maxlength="60" /></p>
+ <strong>'._('Subject').':</strong>'.utils_requiredField().'<br />
+ <input type="text" name="summary" value="" size="60" maxlength="60" /></p>
<p>
- <strong>'.$Language->getText('news_submit', 'details').':</strong>'.notepad_button('document.forms[1].details').utils_requiredField().'<br />
- <textarea name="details" rows="5" cols="50" wrap="soft"></textarea><br />
- <input type="submit" name="submit" value="'.$Language->getText('general', 'submit').'" />
- </form></p>';
+ <strong>'._('Details').':</strong>'.notepad_button('document.forms[2].details').utils_requiredField().'<br />';
+
+ $GLOBALS['editor_was_set_up']=false;
+ $params = array() ;
+ $params['name'] = 'details';
+ $params['width'] = "800";
+ $params['height'] = "500";
+ $params['body'] = "";
+ $params['group'] = $group_id;
+ plugin_hook("text_editor",$params);
+ if (!$GLOBALS['editor_was_set_up']) {
+ //if we don't have any plugin for text editor, display a simple textarea edit box
+ echo '<textarea name="details" rows="5" cols="50"></textarea><br />';
+ }
+ unset($GLOBALS['editor_was_set_up']);
+ echo '<input type="submit" name="submit" value="'._('Submit').'" />
+ </p></form>';
news_footer(array());
exit_not_logged_in();
}
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
?>