*
* Copyright 1999-2001 (c) VA Linux Systems
* Copyright 2002-2004 (c) GForge Team
+ * Copyright (C) 2010 Alain Peyrat - Alcatel-Lucent
* http://fusionforge.org/
*
* This file is part of FusionForge.
$status=0;
}
- //foundry stuff - remove this news from the foundry so it has to be re-approved by the admin
- db_query_params ('DELETE FROM foundry_news WHERE news_id=$1',
- array($id));
-
if (!$summary) {
$summary='(none)';
}
$details='(none)';
}
- $sanitizer = new TextSanitizer();
- $details = $sanitizer->SanitizeHtml($details);
+ if (getStringFromRequest('_details_content_type') == 'html') {
+ $details = TextSanitizer::purify($details);
+ } else {
+ $details = htmlspecialchars($details);
+ }
$result = db_query_params("UPDATE news_bytes SET is_approved=$1, summary=$2,
details=$3 WHERE id=$4 AND group_id=$5", array($status, htmlspecialchars($summary), $details, $id, $group_id));
echo notepad_func();
echo '
- <h1>'.sprintf(_('Approve a NewsByte For Project: %1$s'), $group->getPublicName()).'</h1>
<p />
<form id="newsadminform" action="'.getStringFromServer('PHP_SELF').'" method="post">
<input type="hidden" name="group_id" value="'.db_result($result,0,'group_id').'" />
$rows=db_numrows($result);
$group = group_get_object($group_id);
- echo '<h1>'._('List of News Submitted for Project').': '.$group->getPublicName().'</h1>';
if ($rows < 1) {
echo '
<p class="warning_msg">'._('No Queued Items Found').'</p>';
/*
Update the db so the item shows on the home page
*/
- $sanitizer = new TextSanitizer();
- $details = $sanitizer->SanitizeHtml($details);
+ if (getStringFromRequest('_details_content_type') == 'html') {
+ $details = TextSanitizer::purify($details);
+ } else {
+ $details = htmlspecialchars($details);
+ }
$result=db_query_params("UPDATE news_bytes SET is_approved='1', post_date=$1,
summary=$2, details=$3 WHERE id=$4", array(time(), htmlspecialchars($summary), $details, $id));
if (!$result || db_affected_rows($result) < 1) {
$user =& user_get_object(db_result($result,0,'submitted_by'));
echo '
- <h1>'.sprintf(_('Approve a NewsByte For Project: %1$s'), $group->getPublicName()).'</h1>
<p />
<form action="'.getStringFromServer('PHP_SELF').'" method="post">
<input type="hidden" name="for_group" value="'.db_result($result,0,'group_id').'" />