Fixed revision 11 - which was an incomplete commit for some reason

Brianetta · Feb 16, 2007 · e00201e · e00201e
1 parent 6e405ac
commit e00201e
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 7 deletions.
diff --git a/news.php b/news.php
@@ -78,6 +78,14 @@ function newsitem($news_headline, $news_body, $news_topic, $news_date, $name, $u
 {
    global $topiclist;
    global $lang;
+   $news_body = strip_tags($news_body,$allowed_tags);
+   preg_match_all('/IMAGE[0-9]*HERE/',$news_body,$news_images);
+   foreach($news_images[0] as $key => $value)
+   {
+      $news_images[0][$key] = str_replace('IMAGE','<img src="fetchfile.php?fileid=',$news_images[0][$key]);
+      $news_images[0][$key] = str_replace('HERE','">',$news_images[0][$key]);
+      $news_body = preg_replace('/IMAGE[0-9]*HERE/',$news_images[0][$key],$news_body,1);
+   }
    $news_date = date($lang['date_format'], $news_date);
    print("<table>\n");
    print("<tr>");
@@ -94,7 +102,7 @@ function newsitem($news_headline, $news_body, $news_topic, $news_date, $name, $u
    print("<tr>\n");
    print("<td colspan=3>\n");
    print("<h1>".strip_tags($news_headline)."</h1>");
-   print(nl2br(strip_tags($news_body,"<b><i><span>")));
+   print(nl2br(strip_tags($news_body,"$allowed_tags<img>")));
    if(($url<>"") and ($url<>"http://"))
       print("<br>\n<br>\n".$lang['related_link'].": <a href=\"$url\">$url</a>");
    print("<br>\n<br>\n<i>".$lang['submitted_by']." $name</i><br>\n<br>\n");
@@ -113,7 +121,7 @@ function newsitem($news_headline, $news_body, $news_topic, $news_date, $name, $u
 }
 $module[$lang['all_news_articles']]="newsarchive.inc";
 if(!(isset($callmodule)))
-   $callmodule=$lang['latest_news'];
+   $callmodule=$lang['all_news_articles'];
 ?>
 
       <table border="0" cellpadding="0" cellspacing="1" width="100%">

diff --git a/newsadmin.inc b/newsadmin.inc
@@ -44,7 +44,7 @@ function newshead($news_headline, $news_date, $name, $url, $authed=FALSE)
    print("<table>\n");
    print("<tr>");
    print("<th class=\"headline\" width=\"35%\">\n");
-   print(strip_tags($news_headline,"<i>"));
+   print(strip_tags($news_headline));
    print("</th>\n");
    print("<th class=\"headline\">\n");
    if($authed) print("<i>[");
@@ -66,6 +66,14 @@ function newsitem($news_headline, $news_body, $news_topic, $news_date, $name, $u
 {
    global $topiclist;
    global $lang;
+   $news_body = strip_tags($news_body,$allowed_tags);
+   preg_match_all('/IMAGE[0-9]*HERE/',$news_body,$news_images);
+   foreach($news_images[0] as $key => $value)
+   {
+      $news_images[0][$key] = str_replace('IMAGE','<img src="fetchfile.php?fileid=',$news_images[0][$key]);
+      $news_images[0][$key] = str_replace('HERE','">',$news_images[0][$key]);
+      $news_body = preg_replace('/IMAGE[0-9]*HERE/',$news_images[0][$key],$news_body,1);
+   }
    $news_date = date($lang['date_format'], $news_date);
    print("<table>\n");
    print("<tr>");
@@ -81,11 +89,13 @@ function newsitem($news_headline, $news_body, $news_topic, $news_date, $name, $u
    print("</tr>\n");
    print("<td colspan=\"2\">\n");
    print("<h1>".strip_tags($news_headline)."</h1>");
-   print(nl2br(strip_tags($news_body,"<b><i><span>")));
+   print(nl2br(strip_tags($news_body,"$allowed_tags<img>")));
    if(($url<>"") and ($url<>"http://"))
       print("<br>\n<br>\n".$lang['related_link'].": <a href=\"$url\">$url</a>");
    print("<br>\n<br>\n<i>".$lang['submitted_by']." $name</i><br>\n<br>\n");
    print("\n</td>\n");
+   print("</tr>\n");
+   print("</table>\n");
    return(true);
 }
 
@@ -178,7 +188,7 @@ if(isset($select))
                if($row["sticky"]=="y" and !(isset($newnews)))
                   print("checked ");
             print("name=\"stickycheck\"><br><br>");
-            print($lang['article_text'].":<br><textarea name=\"body\" rows=\"20\" cols=\"60\">".strip_tags(stripslashes($row["body"]),"<b><i><span>")."</textarea>");
+            print($lang['article_text'].":<br><textarea name=\"body\" rows=\"20\" cols=\"60\">".strip_tags(stripslashes($row["body"]),$allowed_tags)."</textarea>");
             print("<br>\n".$lang['optional_url'].":<br><input name=\"url\" type=\"text\" size=\"60\" value=\"$url\">");
             print("\n</td>\n");
             print("</tr>\n");

diff --git a/viewcalldetail.inc b/viewcalldetail.inc
@@ -141,7 +141,15 @@ if(@ mysql_num_rows($result) != 0)
    print("<th class=\"detail\" colspan=\"2\">".$lang['call_content'].":</th>");
    print("</tr>\n<tr>\n");
    print("<td class=\"detail\" colspan=\"2\">");
-   print(nl2br(strip_tags($call["description"],"<b><i>")));
+   $call["description"] = strip_tags($call["description"],$allowed_tags);
+   preg_match_all('/IMAGE[0-9]*HERE/',$call["description"],$call_images);
+   foreach($call_images[0] as $key => $value)
+   {
+      $call_images[0][$key] = str_replace('IMAGE','<img src="fetchfile.php?fileid=',$call_images[0][$key]);
+      $call_images[0][$key] = str_replace('HERE','">',$call_images[0][$key]);
+      $call["description"] = preg_replace('/IMAGE[0-9]*HERE/',$call_images[0][$key],$call["description"],1);
+   }
+   print(nl2br(strip_tags($call["description"],"$allowed_tags<img>")));
    print("</td>\n");
    print("</tr>\n");
    print("</table>\n");
@@ -238,6 +246,13 @@ if(@ mysql_num_rows($result) != 0)
          $highlight="";
          if($row["system"]=='y')
             $highlight="_highlight";
+         preg_match_all('/IMAGE[0-9]*HERE/',$row["body"],$call_images);
+         foreach($call_images[0] as $key => $value)
+         {
+            $call_images[0][$key] = str_replace('IMAGE','<img src="fetchfile.php?fileid=',$call_images[0][$key]);
+            $call_images[0][$key] = str_replace('HERE','">',$call_images[0][$key]);
+            $row["body"] = preg_replace('/IMAGE[0-9]*HERE/',$call_images[0][$key],$row["body"],1);
+         }
          print("<td class=\"list$highlight\">".nl2br($row["body"])."</td>\n");
          print("<td class=\"list$highlight\">".$userhash[$row["userid"]]."</td>\n");
          print("<td class=\"list$highlight\">".date($lang['long_date_format'],$row["histdate"])."</td>\n");

diff --git a/viewcalls.inc b/viewcalls.inc
@@ -141,7 +141,7 @@ if(isset($modify_call) AND isset($callid))
    {
       if ($mod_history!="")
       {
-         $sql = "INSERT INTO history (callid, userid, histdate, body) VALUES ($callid, $userid, ".time().", '".safe_escape(strip_tags($mod_history,"<b><i>"))."')";
+         $sql = "INSERT INTO history (callid, userid, histdate, body) VALUES ($callid, $userid, ".time().", '".safe_escape(strip_tags($mod_history,$allowed_tags))."')";
          $result = @ mysql_query($sql, $intranet_db);
          if (mysql_error())
             showerror();