[AppDB] editAppFamily
Jonathan Ernst
Jonathan at ErnstFamily.ch
Tue Dec 14 05:43:40 CST 2004
This patch let supermaintainers edit an application family they are
supermaintaining.
As a side effect, this patch fixes /admin/editAppFamily.php and appView
problems since the introduction of register_globals=0.
CHANGELOG:
- added a button for admins and app maintainer that let them edit an
application
- replaced global vars with superglobals equivalent
File changed:
- admin/editAppFamily.php
- appview.php
-------------- next part --------------
Index: appview.php
===================================================================
RCS file: /home/wine/appdb/appview.php,v
retrieving revision 1.16
diff -u -r1.16 appview.php
--- appview.php 14 Dec 2004 04:30:41 -0000 1.16
+++ appview.php 14 Dec 2004 11:40:38 -0000
@@ -27,10 +27,10 @@
$m = new htmlmenu("Admin");
if($_REQUEST[versionId]) {
- $m->add("Add Note", $apidb_root."admin/addAppNote.php?appId=$appId&versionId=".$_REQUEST['versionId']);
+ $m->add("Add Note", $apidb_root."admin/addAppNote.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']);
$m->addmisc(" ");
- $m->add("Edit Version", $apidb_root."admin/editAppVersion.php?appId=$appId&versionId=".$_REQUEST['versionId']);
+ $m->add("Edit Version", $apidb_root."admin/editAppVersion.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']);
$url = $apidb_root."admin/deleteAny.php?what=appVersion&versionId=".$_REQUEST['versionId']."&confirmed=yes";
$m->add("Delete Version", "javascript:deleteURL(\"Are you sure?\", \"".$url."\")");
@@ -60,16 +60,16 @@
* Get a random image for a particular version of an app.
* If the version is not set, get a random app image
*/
-function get_screenshot_img($appId, $versionId="")
+function get_screenshot_img($int_appId, $int_versionId="")
{
global $apidb_root;
- if($versionId)
+ if($int_versionId)
{
- $result = mysql_query("SELECT *, RAND() AS rand FROM appData WHERE appId = $appId AND versionId = $versionId AND type = 'image' ORDER BY rand");
+ $result = mysql_query("SELECT *, RAND() AS rand FROM appData WHERE appId = $int_appId AND versionId = $int_versionId AND type = 'image' ORDER BY rand");
}
else {
- $result = mysql_query("SELECT *, RAND() AS rand FROM appData WHERE appId = $appId AND type = 'image' ORDER BY rand");
+ $result = mysql_query("SELECT *, RAND() AS rand FROM appData WHERE appId = $int_appId AND type = 'image' ORDER BY rand");
}
if(!$result || !mysql_num_rows($result))
@@ -84,7 +84,7 @@
}
$img = html_frame_start("",'128','',2);
- $img .= "<a href='screenshots.php?appId=$appId&versionId=$versionId'>$imgFile</a>";
+ $img .= "<a href='screenshots.php?appId=$int_appId&versionId=$int_versionId'>$imgFile</a>";
$img .= html_frame_end()."<br />";
return $img;
@@ -94,9 +94,9 @@
/**
* TODO: what does it do ?
*/
-function display_catpath($catId)
+function display_catpath($int_catId)
{
- $cat = new Category($catId);
+ $cat = new Category($int_catId);
$catFullPath = make_cat_path($cat->getCategoryPath());
echo html_frame_start("",'98%','',2);
@@ -108,10 +108,10 @@
/**
* display the SUB apps that belong to this app
*/
-function display_bundle($appId)
+function display_bundle($int_appId)
{
$result = mysql_query("SELECT appFamily.appId, appName, description FROM appBundle, appFamily ".
- "WHERE bundleId = $appId AND appBundle.appId = appFamily.appId");
+ "WHERE bundleId = $int_appId AND appBundle.appId = appFamily.appId");
if(!$result || mysql_num_rows($result) == 0)
{
return; // do nothing
@@ -151,10 +151,10 @@
/**
* display the notes for the app
*/
-function display_notes($appId, $versionId = 0)
+function display_notes($int_appId, $int_versionId = 0)
{
$result = mysql_query("SELECT noteId,noteTitle FROM appNotes ".
- "WHERE appId = $appId AND versionId = $versionId");
+ "WHERE appId = $int_appId AND versionId = $int_versionId");
if(!$result || mysql_num_rows($result) == 0)
{
@@ -171,16 +171,16 @@
if ($ob->noteTitle == "NONAME" || $ob->noteTitle == "WARNING" || $ob->noteTitle == "HOWTO") { continue; }
// set link for version
- if ($versionId != 0)
+ if ($int_versionId != 0)
{
- $versionLink = "&versionId=$versionId";
+ $versionLink = "&versionId=$int_versionId";
}
// display row
- if (havepriv("admin") || isMaintainer($appId,$versionId) )
- echo " <a href='admin/editAppNote.php?noteId=".$ob->noteId."&appId=$appId".$versionLink."'> $c. ".substr(stripslashes($ob->noteTitle),0,30)."</a><br>\n";
+ if (havepriv("admin") || isMaintainer($int_appId,$int_versionId) )
+ echo " <a href='admin/editAppNote.php?noteId=".$ob->noteId."&appId=$int_appId".$versionLink."'> $c. ".substr(stripslashes($ob->noteTitle),0,30)."</a><br>\n";
else
- echo " <a href='noteview.php?noteId=".$ob->noteId."&appId=$appId".$versionLink."'> $c. ".substr(stripslashes($ob->noteTitle),0,30)."</a><br>\n";
+ echo " <a href='noteview.php?noteId=".$ob->noteId."&appId=$int_appId".$versionLink."'> $c. ".substr(stripslashes($ob->noteTitle),0,30)."</a><br>\n";
$c++;
}
@@ -190,9 +190,9 @@
/**
* display the versions
*/
-function display_versions($appId, $versions)
+function display_versions($int_appId, $arr_versions)
{
- if ($versions)
+ if ($arr_versions)
{
echo html_frame_start("","98%","",0);
echo "<table width='100%' border=0 cellpadding=3 cellspacing=1>\n\n";
@@ -206,7 +206,7 @@
echo "</tr>\n\n";
$c = 0;
- while(list($idx, $ver) = each($versions))
+ while(list($idx, $ver) = each($arr_versions))
{
//set row color
$bgcolor = ($c % 2 == 0) ? "color0" : "color1";
@@ -221,11 +221,11 @@
$r_fake = rating_stars_for_version($ver->versionId, "fake");
//count comments
- $r_count = count_comments($appId,$ver->versionId);
+ $r_count = count_comments($int_appId,$ver->versionId);
//display row
echo "<tr class=$bgcolor>\n";
- echo " <td><a href='appview.php?appId=$appId&versionId=$ver->versionId'>".$ver->versionName."</a></td>\n";
+ echo " <td><a href='appview.php?appId=$int_appId&versionId=$ver->versionId'>".$ver->versionName."</a></td>\n";
echo " <td>$desc </td>\n";
echo " <td align=center>$r_win</td>\n";
echo " <td align=center>$r_fake</td>\n";
@@ -241,21 +241,18 @@
}
-$appId = $_REQUEST['appId'];
-$versionId = $_REQUEST['versionId'];
-
/**
* We want to see an application family (=no version)
*/
-if(!is_numeric($appId))
+if(!is_numeric($_REQUEST['appId']))
{
errorpage("Something went wrong with the IDs");
exit;
}
-if($appId && !$versionId)
+if($_REQUEST['appId'] && !isset($_REQUEST['versionId']))
{
- $app = new Application($appId);
+ $app = new Application($_REQUEST['appId']);
$data = $app->data;
if(!$data)
{
@@ -269,7 +266,7 @@
apidb_sidebar_add("vote_menu");
// show Admin Menu
- if(loggedin() && (havepriv("admin") || $_SESSION['current']->ownsApp($appId)))
+ if(loggedin() && (havepriv("admin") || $_SESSION['current']->ownsApp($_REQUEST['appId'])))
apidb_sidebar_add("admin_menu");
// header
@@ -300,13 +297,13 @@
echo " </td></tr>\n";
// display notes
- display_notes($appId);
+ display_notes($_REQUEST['appId']);
// main URL
echo " <tr class=color1 valign=top><td align=right> <b>URL</b></td><td>".$appLinkURL."</td></tr>\n";
// optional links
- $result = mysql_query("SELECT * FROM appData WHERE appId = $appId AND type = 'url'");
+ $result = mysql_query("SELECT * FROM appData WHERE appId = ".$_REQUEST['appId']." AND type = 'url'");
if($result && mysql_num_rows($result) > 0)
{
echo " <tr class=color1><td valign=top align=right> <b>Links</b></td><td>\n";
@@ -318,11 +315,11 @@
}
// image
- $img = get_screenshot_img($appId);
+ $img = get_screenshot_img($_REQUEST['appId']);
echo "<tr><td align=center colspan=2>$img</td></tr>\n";
// display app owner
- $result = mysql_query("SELECT * FROM appOwners WHERE appId = $appId");
+ $result = mysql_query("SELECT * FROM appOwners WHERE appId = ".$_REQUEST['appId']);
if($result && mysql_num_rows($result) > 0)
{
echo " <tr class=color0><td valign=top align=right> <b>Owner</b></td>\n";
@@ -346,7 +343,7 @@
// Display all supermaintainers maintainers of this application
echo " <table class=color4 width=250 border=1>\n";
echo " <tr><td align=left><b>Super maintainers:</b></td></tr>\n";
- $other_maintainers = getSuperMaintainersUserIdsFromAppId($appId);
+ $other_maintainers = getSuperMaintainersUserIdsFromAppId($_REQUEST['appId']);
if($other_maintainers)
{
while(list($index, list($userIdValue)) = each($other_maintainers))
@@ -360,33 +357,39 @@
}
// Display the app maintainer button
- echo " <tr><td><center>\n";
+ echo " <tr><td align=\"center\">\n";
if(loggedin())
{
- /* are we already a maintainer? */
- if(isSuperMaintainer($appId, $versionId)) /* yep */
+ // are we already a maintainer?
+ if(isSuperMaintainer($_REQUEST['appId'])) /* yep */
{
- echo ' <form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a super maintainer" class=button>';
+ echo ' <form method="post" name="message" action="maintainerdelete.php"><input type=submit value="Remove yourself as a super maintainer" class=button>';
} else /* nope */
{
- echo ' <form method=post name=message action="maintainersubmit.php"><input type=submit value="Be a super maintainer of this app" class=button>';
+ echo ' <form method="post" name="message" action="maintainersubmit.php"><input type=submit value="Be a super maintainer of this app" class=button>';
}
-
- echo " <input type=hidden name='appId' value=$appId>";
- echo " <input type=hidden name='versionId' value=$versionId>";
- echo " <input type=hidden name='superMaintainer' value=1>"; /* set superMaintainer to 1 because we are at the appFamily level */
+ echo " <input type=\"hidden\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />";
+ echo " <input type=\"hidden\" name=\"superMaintainer\" value=\"1\" />"; /* set superMaintainer to 1 because we are at the appFamily level */
echo " </form>";
+
+ // edit application info
+ if(havepriv("admin") || isSuperMaintainer($_REQUEST['appId'])) /* yep */
+ {
+ echo '<form method="post" name="message" action="admin/editAppFamily.php?appId='.$_REQUEST['appId'].'">';
+ echo '<input type="submit" value="Edit Application Info" class="button" />';
+ echo '</form>';
+ }
} else
{
- echo ' <input type=submit value="Log in to become a super maintainer" class=button>';
+ echo ' <input type=\"submit\" value="Log in to become a super maintainer" class=\"button\" />';
}
- echo " </center></td></tr>\n";
+ echo " </td></tr>\n";
echo " </table>\n"; /* close of super maintainers table */
echo " </td></tr>\n";
- echo " <tr><td>\n";
- echo " <center><a href='appsubmit.php?appId=$data->appId&apptype=2'> Submit New Version </a> <center>\n";
+ echo " <tr><td align=\"center\">\n";
+ echo " <a href='appsubmit.php?appId=$data->appId&apptype=2'> Submit New Version </a> \n";
echo " </td></tr>\n";
echo " </td></tr>\n";
@@ -403,21 +406,21 @@
echo html_frame_end("For more details and user comments, view the versions of this application.");
// display versions
- display_versions($appId,$app->getAppVersionList());
+ display_versions($_REQUEST['appId'],$app->getAppVersionList());
// display bundle
- display_bundle($appId);
+ display_bundle($_REQUEST['appId']);
// disabled for now
- //log_application_visit($appId);
+ //log_application_visit($_REQUEST['appId']);
}
-#######################################
-# We want to see a particular version #
-#######################################
-else if($appId && $versionId)
+/*
+ * We want to see a particular version
+ */
+else if($_REQUEST['appId'] && $_REQUEST['versionId'])
{
- $app = new Application($appId);
+ $app = new Application($_REQUEST['appId']);
$data = $app->data;
if(!$data)
{
@@ -426,7 +429,7 @@
exit;
}
- $ver = $app->getAppVersion($versionId);
+ $ver = $app->getAppVersion($_REQUEST['versionId']);
if(!$ver)
{
// Oops! Version not found or other error. do something
@@ -465,23 +468,23 @@
echo "<tr class=color0 valign=top><td> <b>URL</b></td><td>".stripslashes($appLinkURL)."</td></tr>\n";
// rating Area
- $r_win = rating_stars_for_version($versionId, "windows");
- $r_fake = rating_stars_for_version($versionId, "fake");
+ $r_win = rating_stars_for_version($_REQUEST['versionId'], "windows");
+ $r_fake = rating_stars_for_version($_REQUEST['versionId'], "fake");
echo "<tr class=color1 valign=top><td> <b>Rating</b></td><td> $r_win \n";
echo "<br> $r_fake </td></tr>\n";
// notes
- display_notes($appId, $versionId);
+ display_notes($_REQUEST['appId'], $_REQUEST['versionId']);
// image
- $img = get_screenshot_img($appId, $versionId);
+ $img = get_screenshot_img($_REQUEST['appId'], $_REQUEST['versionId']);
echo "<tr><td align=center colspan=2>$img</td></tr>\n";
// display all maintainers of this application
echo "<tr class=color0><td align=left colspan=2><b>Maintainers of this application:</b>\n";
echo "<table width=250 border=0>";
- $other_maintainers = getMaintainersUserIdsFromAppIdVersionId($appId, $versionId);
+ $other_maintainers = getMaintainersUserIdsFromAppIdVersionId($_REQUEST['appId'], $_REQUEST['versionId']);
if($other_maintainers)
{
while(list($index, list($userIdValue)) = each($other_maintainers))
@@ -497,19 +500,19 @@
echo "</table></td></tr>";
// display the app maintainer button
- echo "<tr><td colspan = 2><center>";
+ echo "<tr><td colspan=\"2\" align=\"center\">";
if(loggedin())
{
/* is this user a maintainer of this version by virtue of being a super maintainer */
/* of this app family? */
- if(isSuperMaintainer($appId) && !isMaintainer($appId, $versionId))
+ if(isSuperMaintainer($_REQUEST['appId']) && !isMaintainer($_REQUEST['appId'], $_REQUEST['versionId']))
{
echo '<form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a supermaintainer" class=button>';
echo "<input type=hidden name='superMaintainer' value=1>";
} else
{
/* are we already a maintainer? */
- if(isMaintainer($appId, $versionId)) /* yep */
+ if(isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])) /* yep */
{
echo '<form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a maintainer" class=button>';
echo "<input type=hidden name='superMaintainer' value=0>";
@@ -519,8 +522,8 @@
}
}
- echo "<input type=hidden name='appId' value=$appId>";
- echo "<input type=hidden name='versionId' value=$versionId>";
+ echo "<input type=\"hidden\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />";
+ echo "<input type=\"hidden\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />";
echo "</form>";
} else
{
@@ -529,28 +532,28 @@
echo '</form>';
}
- echo "</center></td></tr>";
+ echo "</td></tr>";
- if (loggedin() && (havepriv("admin") || isMaintainer($appId, $versionId)))
+ if (loggedin() && (havepriv("admin") || isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])))
{
- echo "<tr><td colspan = 2><center>";
- echo '<form method=post name=message action=admin/editAppVersion.php?appId='.$appId.'&versionId='.$versionId.'>';
- echo '<input type=submit value="Edit Version Info" class=button>';
+ echo "<tr><td colspan=\"2\" align=\"center\">";
+ echo '<form method="post" name="message" action="admin/editAppVersion.php?appId='.$_REQUEST['appId'].'&versionId='.$_REQUEST['versionId'].'">';
+ echo '<input type="submit" value="Edit Version Info" class="button" />';
echo '</form>';
- echo '<form method=post name=message action=admin/addAppNote.php?appId='.$appId.'&versionId='.$versionId.'>';
+ echo '<form method="post" name="message" action="admin/addAppNote.php?appId='.$_REQUEST['appId'].'&versionId='.$_REQUEST['versionId'].'">';
echo '<input type=submit value="Add Note" class=button>';
echo '</form>';
echo '</form>';
- echo '<form method=post name=message action=admin/addAppNote.php?appId='.$appId.'&versionId='.$versionId.'>';
- echo '<input type=hidden name="noteTitle" value="HOWTO">';
- echo '<input type=submit value="Add How To" class=button>';
+ echo '<form method=post name=message action=admin/addAppNote.php?appId='.$_REQUEST['appId'].'&versionId='.$_REQUEST['versionId'].'>';
+ echo '<input type="hidden" name="noteTitle" value="HOWTO" />';
+ echo '<input type="submit" value="Add How To" class="button" />';
echo '</form>';
echo '</form>';
- echo '<form method=post name=message action=admin/addAppNote.php?appId='.$appId.'&versionId='.$versionId.'>';
- echo '<input type=hidden name="noteTitle" value="WARNING">';
- echo '<input type=submit value="Add Warning" class=button>';
+ echo '<form method="post" name="message" action="admin/addAppNote.php?appId='.$_REQUEST['appId'].'&versionId='.$_REQUEST['versionId'].'">';
+ echo '<input type="hidden" name="noteTitle" value="WARNING" />';
+ echo '<input type="submit" value="Add Warning" class="button" />';
echo '</form>';
- echo "</center></td></tr>";
+ echo '</td></tr>';
}
echo "</table><td class=color2 valign=top width='100%'>\n";
@@ -566,7 +569,7 @@
echo html_frame_end();
//Show Warnings
- $result = mysql_query("SELECT * FROM appNotes WHERE appId = $appId and versionId = $versionId and noteTitle = 'WARNING'");
+ $result = mysql_query("SELECT * FROM appNotes WHERE appId = ".$_REQUEST['appId']." and versionId = ".$_REQUEST['versionId']." and noteTitle = 'WARNING'");
if($result && mysql_num_rows($result))
{
while($ob = mysql_fetch_object($result))
@@ -579,11 +582,11 @@
echo add_br(stripslashes($ob->noteDesc));
echo "</td></tr>\n";
- if (loggedin() && (havepriv("admin") || isMaintainer($appId, $versionId)))
+ if (loggedin() && (havepriv("admin") || isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])))
{
echo "<tr width='100%' class=color1 align=center valign=top><td>";
- echo '<form method=post name=message action=admin/editAppNote.php?noteId='.$ob->noteId.'&appId='.$appId.'&versionId='.$versionId.'>';
- echo '<input type=submit value="Edit Warning Info" class=button>';
+ echo '<form method="post" name="message" action="admin/editAppNote.php?noteId='.$ob->noteId.'&appId='.$_REQUEST['appId'].'&versionId='.$_REQUEST['appId'].'">';
+ echo '<input type="submit" value="Edit Warning Info" class="button" />';
echo '</form></td></tr>';
}
echo "</table>\n";
@@ -592,7 +595,7 @@
}
// show How tos
- $result = mysql_query("SELECT * FROM appNotes WHERE appId = $appId and versionId = $versionId and noteTitle = 'HOWTO'");
+ $result = mysql_query("SELECT * FROM appNotes WHERE appId = ".$_REQUEST['appId']." and versionId = ".$_REQUEST['versionId']." and noteTitle = 'HOWTO'");
if($result && mysql_num_rows($result))
{
while($ob = mysql_fetch_object($result))
@@ -605,11 +608,11 @@
echo add_br(stripslashes($ob->noteDesc));
echo "</td></tr>\n";
- if (loggedin() && (havepriv("admin") || isMaintainer($appId, $versionId)))
+ if (loggedin() && (havepriv("admin") || isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])))
{
echo "<tr width='100%' class=color1 align=center valign=top><td>";
- echo '<form method=post name=message action=admin/editAppNote.php?noteId='.$ob->noteId.'&appId='.$appId.'&versionId='.$versionId.'>';
- echo '<input type=submit value="Edit How to Info" class=button>';
+ echo '<form method="post" name="message" action="admin/editAppNote.php?noteId='.$ob->noteId.'&appId='.$_REQUEST['appId'].'&versionId='.$_REQUEST['versionId'].'">';
+ echo '<input type="submit" value="Edit How to Info" class="button" />';
echo '</form></td></tr>';
}
echo "</table>\n";
@@ -617,13 +620,13 @@
}
}
//TODO: code to view/add user experience record
- // if(!$versionId)
+ // if(!$_REQUEST['versionId'])
// {
- // $versionId = 0;
+ // $_REQUEST['versionId'] = 0;
// }
// Comments Section
- view_app_comments($appId, $versionId);
+ view_app_comments($_REQUEST['appId'], $_REQUEST['versionId']);
} else
{
Index: admin/editAppFamily.php
===================================================================
RCS file: /home/wine/appdb/admin/editAppFamily.php,v
retrieving revision 1.6
diff -u -r1.6 editAppFamily.php
--- admin/editAppFamily.php 12 Dec 2004 03:51:51 -0000 1.6
+++ admin/editAppFamily.php 14 Dec 2004 11:32:52 -0000
@@ -8,47 +8,47 @@
global $apidb_root;
-if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->ownsApp($appId)) )
+if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->ownsApp($_REQUEST['appId'])) )
{
errorpage("Insufficient Privileges!");
exit;
}
-if($HTTP_POST_VARS)
+if($_REQUEST)
{
- $statusMessage = '';
+ $str_status_message = '';
// commit changes of form to database
- if($submit1 == "Update Database")
+ if($_REQUEST['submit1'] == "Update Database")
{
- $statusMessage = '';
- $appName = addslashes($appName);
- $description = addslashes($description);
- $webPage = addslashes($webPage);
- if (!mysql_query("UPDATE appFamily SET appName = '".$appName."', ".
- "vendorId = $vendorId, keywords = '".$keywords."', ".
- "description = '".$description."', ".
- "webPage = '".$webPage."', ".
- "catId = $catId".
- " WHERE appId = $appId"))
+ $str_status_message = '';
+ $str_appName = addslashes($_REQUEST['appName']);
+ $str_description = addslashes($_REQUEST['description']);
+ $str_webPage = addslashes($_REQUEST['webPage']);
+ if (!mysql_query("UPDATE appFamily SET appName = '".$str_appName."', ".
+ "vendorId = '".$_REQUEST['vendorId']."', keywords = '".$_REQUEST['keywords']."', ".
+ "description = '".$str_description."', ".
+ "webPage = '".$str_webPage."', ".
+ "catId = '".$_REQUEST['catId']."'".
+ " WHERE appId = '".$_REQUEST['appId']."'"))
{
- $statusMessage = "<p><b>Database Error!<br>".mysql_error()."</b></p>\n";
- addmsg($statusMessage, "red");
+ $str_status_message = "<p><b>Database Error!<br>".mysql_error()."</b></p>\n";
+ addmsg($str_status_message, "red");
}
else
addmsg("Database Updated", "green");
}
- else if($submit1 == "Update URL")
+ else if($_REQUEST['submit1'] == "Update URL")
{
//process added URL
- if(debugging()) { echo "<p align=center><b>$url:</b> $url_desc </p>"; }
+ if(debugging()) { echo "<p align=center><b>".$_REQUEST['url'].":</b> ".$_REQUEST['url_desc']." </p>"; }
- if ($url_desc && $url )
+ if ($_REQUEST['url_desc'] && $_REQUEST['url'])
{
- $query = "INSERT INTO appData VALUES (null, $appId, 0, 'url','$url_desc', '$url')";
+ $str_query = "INSERT INTO appData VALUES (null, ".$_REQUEST['appId'].", 0, 'url','".$_REQUEST['url_desc']."', '".$_REQUEST['url']."')";
- if(debugging()) { echo "<p align=center><b>query:</b> $query </p>"; }
+ if(debugging()) { echo "<p align=center><b>query:</b> $str_query </p>"; }
- if (mysql_query($query))
+ if (mysql_query($str_query))
{
//success
addmsg("The URL was successfully added into the database", "green");
@@ -56,11 +56,11 @@
else
{
//error
- $statusMessage = "<p><b>Database Error!<br>".mysql_error()."</b></p>\n";
- addmsg($statusMessage, "red");
+ $str_status_message = "<p><b>Database Error!<br>".mysql_error()."</b></p>\n";
+ addmsg($str_status_message, "red");
}
}
- else if ($url_desc != $url) // not both blank
+ else if ($_REQUEST['url_desc'] != $_REQUEST['$url']) // not both blank
{
addmsg("The URL or description was blank. URL not added into the database", "red");
}
@@ -73,19 +73,19 @@
if ($adelete[$i] == "on")
{
if(debugging()) { echo "<p align=center><b>$adescription[$i]:</b> $aURL[$i]: $adelete[$i] : $aId[$i] : $aOldDesc[$i] : $aOldURL[$i]</p>"; }
- $result = mysql_query("DELETE FROM appData WHERE id = '$aId[$i]'");
+ $res_result = mysql_query("DELETE FROM appData WHERE id = '$aId[$i]'");
- if(!$result)
+ if(!$res_result)
{
//error
- $statusMessage = "<p><b>Database Error!<br>".mysql_error()." deleting URL ".$aOldDesc[$i]." (".$aOldURL[$i].")</b></p>\n";
- addmsg($statusMessage, "red");
+ $str_status_message = "<p><b>Database Error!<br>".mysql_error()." deleting URL ".$aOldDesc[$i]." (".$aOldURL[$i].")</b></p>\n";
+ addmsg($str_status_message, "red");
$i = $rows+1;
}
else
{
- $statusMessage = "<p><b>Successfully deleted URL ".$aOldDesc[$i]." (".$aOldURL[$i].")</b></p>\n";
- addmsg($statusMessage, "green");
+ $str_status_message = "<p><b>Successfully deleted URL ".$aOldDesc[$i]." (".$aOldURL[$i].")</b></p>\n";
+ addmsg($str_status_message, "green");
}
}
else if( $aURL[$i] != $aOldURL[$i] || $adescription[$i] != $aOldDesc[$i])
@@ -101,61 +101,61 @@
" WHERE Id = $aId[$i]"))
{
//error
- $statusMessage = "<p><b>Database Error!<br>".mysql_error()." updateing URL ".$aOldDesc[$i]." (".$aOldURL[$i].")</b></p>\n";
- addmsg($statusMessage, "red");
+ $str_status_message = "<p><b>Database Error!<br>".mysql_error()." updateing URL ".$aOldDesc[$i]." (".$aOldURL[$i].")</b></p>\n";
+ addmsg($str_status_message, "red");
$i = $rows+1;
}
else
{
- $statusMessage = "<p><b>Successfully updated ".$aOldDesc[$i]." (".$aOldURL[$i].")</b></p>\n";
- addmsg($statusMessage, "green");
+ $str_status_message = "<p><b>Successfully updated ".$aOldDesc[$i]." (".$aOldURL[$i].")</b></p>\n";
+ addmsg($str_status_message, "green");
}
}
}
}
}
}
-//Show the form for editing the Application Family
+// Show the form for editing the Application Family
{
$family = new TableVE("edit");
$result = mysql_query("SELECT appId, appName, vendorId, keywords, ".
"description, webPage, catId from appFamily WHERE ".
- "appId = '$appId'");
+ "appId = '".$_REQUEST['appId']."'");
if(!$result)
{
errorpage("You must be logged in to edit preferences");
exit;
}
- list($appId, $appName, $vendorId, $keywords, $description, $webPage, $catId) = mysql_fetch_row($result);
- if(debugging()) { echo "<p align=center><b>appName:</b> $appName </p>"; }
+ list($int_appId, $str_appName, $int_vendorId, $str_keywords, $str_description, $str_webPage, $int_catId) = mysql_fetch_row($result);
+ if(debugging()) { echo "<p align=center><b>appName:</b> $str_appName </p>"; }
// show edit app family form
- $table = "appFamily";
- $query = "SELECT * FROM $table WHERE appId = $appId";
+ $str_table = "appFamily";
+ $str_query = "SELECT * FROM $str_table WHERE appId = ".$int_appId;
- if(debugging()) { echo "<p align=center><b>query:</b> $query </p>"; }
+ if(debugging()) { echo "<p align=center><b>query:</b> $str_query </p>"; }
apidb_header("Edit Application Family");
echo "<form method=post action='editAppFamily.php'>\n";
- echo html_frame_start("Data for Application ID $appId", "90%","",0);
+ echo html_frame_start("Data for Application ID $int_appId", "90%","",0);
echo html_table_begin("width='100%' border=0 align=left cellpadding=6 cellspacing=0 class='box-body'");
- echo '<input type=hidden name="appId" value='.$appId.'>';
- echo '<tr><td class=color1>Name</td><td class=color0><input size=80% type="text" name="appName" type="text" value="'.$appName.'"></td></tr>',"\n";
+ echo '<input type=hidden name="appId" value='.$int_appId.'>';
+ echo '<tr><td class=color1>Name</td><td class=color0><input size=80% type="text" name="appName" type="text" value="'.$str_appName.'" /></td></tr>',"\n";
echo '<tr><td class=color4>Vendor</td><td class=color0>';
- $family->make_option_list("vendorId", $vendorId, "vendor", "vendorId", "vendorName");
+ $family->make_option_list("vendorId", $int_vendorId, "vendor", "vendorId", "vendorName");
echo '</td></tr>',"\n";
- echo '<tr><td class=color1>Keywords</td><td class=color0><input size=80% type="text" name="keywords" value="'.$keywords.'"></td></tr>',"\n";
+ echo '<tr><td class=color1>Keywords</td><td class=color0><input size=80% type="text" name="keywords" value="'.$str_keywords.'" /></td></tr>',"\n";
echo '<tr><td class=color4>Description</td><td class=color0>', "\n";
- echo '<textarea cols=$50 rows=10 name="description">'.stripslashes($description).'</textarea></td></tr>',"\n";
- echo '<tr><td class=color1>Web Page</td><td class=color0><input size=80% type="text" name="webPage" value="'.$webPage.'"></td></tr>',"\n";
+ echo '<textarea cols=$50 rows=10 name="description">'.stripslashes($str_description).'</textarea></td></tr>',"\n";
+ echo '<tr><td class=color1>Web Page</td><td class=color0><input size=80% type="text" name="webPage" value="'.$str_webPage.'"></td></tr>',"\n";
echo '<tr><td class=color4>Category</td><td class=color0>';
- $family->make_option_list("catId", $catId, "appCategory", "catId", "catName");
+ $family->make_option_list("catId", $int_catId, "appCategory", "catId", "catName");
echo '</td></tr>',"\n";
- echo '<tr><td colspan=2 align=center class=color3><input type="submit" name=submit1 value="Update Database"></td></tr>',"\n";
+ echo '<tr><td colspan=2 align=center class=color3><input type="submit" name="submit1" value="Update Database" /></td></tr>',"\n";
echo html_table_end();
echo html_frame_end();
@@ -167,12 +167,12 @@
echo '<table border=0 cellpadding=6 cellspacing=0 width="100%">',"\n";
$i = 0;
- $result = mysql_query("SELECT * FROM appData WHERE appId = $appId AND type = 'url' AND versionId = 0");
- if($result && mysql_num_rows($result) > 0)
+ $result = mysql_query("SELECT * FROM appData WHERE appId = $int_appId AND type = 'url' AND versionId = 0");
+ if($res_result && mysql_num_rows($res_result) > 0)
{
echo '<tr><td class=color1><b>Delete</b></td><td class=color1>',"\n";
echo '<b>Description</b></td><td class=color1><b>URL</b></td></tr>',"\n";
- while($ob = mysql_fetch_object($result))
+ while($ob = mysql_fetch_object($res_result))
{
$temp0 = "adelete[".$i."]";
$temp1 = "adescription[".$i."]";
@@ -204,7 +204,7 @@
echo '</table>',"\n";
echo html_frame_end();
- echo html_back_link(1,$apidb_root."appview.php?appId=$appId");
+ echo html_back_link(1,$apidb_root."appview.php?appId=$int_appId");
}
More information about the wine-patches
mailing list