require_once $gfcommon.'include/TextSanitizer.class.php'; // to make the HTML input by the user safe to store
$group_id = getIntFromRequest('group_id');
+if (!$group_id) {
+ exit_no_group();
+}
+$group=group_get_object($group_id);
+if (!$group || !is_object($group)) {
+ exit_no_group();
+} elseif ($group->isError()) {
+ exit_error($group->getErrorMessage(),'news');
+}
+
+$summary = getStringFromRequest('summary');
+$details = getStringFromRequest('details');
if (session_loggedin()) {
exit_permission_denied(_('You cannot submit news for a project unless you are an admin on that project'),'home');
}
- $group_id = getIntFromRequest('group_id');
-
if ($group_id == forge_get_config('news_group')) {
exit_permission_denied(_('Submitting news from the news group is not allowed.'),'home');
}
if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit('news');
}
- $summary = getStringFromRequest('summary');
- $details = getStringFromRequest('details');
//check to make sure both fields are there
if ($summary && $details) {
- $sanitizer = new TextSanitizer();
- $details = $sanitizer->purify($details);
+ if (getStringFromRequest('_details_content_type') == 'html') {
+ $details = TextSanitizer::purify($details);
+ } else {
+ $details = htmlspecialchars($details);
+ }
/*
- Insert the row into the db if it's a generic message
- OR this person is an admin for the group involved
+ create a new discussion forum without a default msg
+ if one isn't already there
*/
-
- /*
- create a new discussion forum without a default msg
- if one isn't already there
- */
-
- db_begin();
- $f=new Forum(group_get_object(forge_get_config('news_group')));
- if (!$f->create(ereg_replace('[^_\.0-9a-z-]','-', strtolower($summary)),$details,1,'',0,0)) {
- db_rollback();
- exit_error($f->getErrorMessage(),'news');
- }
- $new_id=$f->getID();
- $sql='INSERT INTO news_bytes (group_id,submitted_by,is_approved,post_date,forum_id,summary,details)
+
+ db_begin();
+ $f = new Forum($group);
+ if (!$f->create(preg_replace('/[^_\.0-9a-z-]/','-', strtolower($summary)),$details,1,'',0,0)) {
+ db_rollback();
+ exit_error($f->getErrorMessage(),'news');
+ }
+ $group->normalizeAllRoles();
+ $new_id=$f->getID();
+ $sql='INSERT INTO news_bytes (group_id,submitted_by,is_approved,post_date,forum_id,summary,details)
VALUES ($1, $2, $3, $4, $5, $6, $7)';
- $result=db_query_params($sql,
- array($group_id, user_getid(), 0, time(), $new_id, htmlspecialchars($summary), $details));
- if (!$result) {
- db_rollback();
- form_release_key(getStringFromRequest('form_key'));
- $error_msg = _('ERROR doing insert');
- } else {
- db_commit();
- $feedback = _('News Added.');
- }
+ $result=db_query_params($sql,
+ array($group_id, user_getid(), 0, time(), $new_id, htmlspecialchars($summary), $details));
+ if (!$result) {
+ db_rollback();
+ form_release_key(getStringFromRequest('form_key'));
+ $error_msg = _('ERROR doing insert');
+ } else {
+ db_commit();
+ $feedback = _('News Added.');
+ }
} else {
form_release_key(getStringFromRequest('form_key'));
$error_msg = _('ERROR - both subject and body are required');
if (!$group_id) {
exit_no_group();
}
+
+ html_use_tooltips();
+
/*
Show the submit form
*/
- news_header(array('title'=>_('Submit News')));
- echo '<h1>' . _('Submit News') . '</h1>';
+ $group = group_get_object($group_id);
+ news_header(array('title'=>_('Submit News for Project: ').' '.$group->getPublicName()));
$jsfunc = notepad_func();
- $group = group_get_object($group_id);
+
echo '
<p>
'. sprintf(_('You can post news about your project if you are an admin on your project. You may also post "help wanted" notes if your project needs help.</p><p>All posts <b>for your project</b> will appear instantly on your project summary page. Posts that are of special interest to the community will have to be approved by a member of the %1$s news team before they will appear on the %1$s home page.</p><p>You may include URLs, but not HTML in your submissions.</p><p>URLs that start with http:// are made clickable.'), forge_get_config ('forge_name')) .'</p>' . $jsfunc .
<p><strong>'._('For project').' '.$group->getPublicName().'</strong></p>
<p>
<strong>'._('Subject').':</strong>'.utils_requiredField().'<br />
- <input type="text" name="summary" value="" size="60" maxlength="60" /></p>
+ <input type="text" name="summary" value="'.$summary.'" size="60" maxlength="60" /></p>
<p>
<strong>'._('Details').':</strong>'.notepad_button('document.forms.newssubmitform.details').utils_requiredField().'</p>';
$params['name'] = 'details';
$params['width'] = "800";
$params['height'] = "500";
- $params['body'] = "";
+ $params['body'] = $details;
$params['group'] = $group_id;
plugin_hook("text_editor",$params);
if (!$GLOBALS['editor_was_set_up']) {
//if we don't have any plugin for text editor, display a simple textarea edit box
- echo '<textarea name="details" rows="5" cols="50"></textarea><br />';
+ echo '<textarea name="details" rows="5" cols="50">'.$details.'</textarea><br />';
}
unset($GLOBALS['editor_was_set_up']);
echo '<div><input type="submit" name="submit" value="'._('Submit').'" />