From 78438193cceedc1f533c0bb3a1836c9fa3940b23 Mon Sep 17 00:00:00 2001
From: Michael R Sweet
";
+
+ $col = 0;
+ break;
+
+ case "\r" :
+ break;
+
+ case "\t" :
+ if ($col == 0)
+ $qtext .= " ";
+ else
+ $qtext .= " ";
+ break;
+
+ case " " :
+ if ($col == 0 || $text[$i + 1] == " ")
+ $qtext .= " ";
+ else if ($col > 65 && $quote)
+ {
+ $qtext .= "\n> ";
+ $col = 0;
+ }
+ else
+ $qtext .= " ";
+
+ if ($col > 0)
+ $col ++;
+ break;
+
+ case 'f' :
+ case 'h' :
+ if (substr($text, $i, 7) == "http://" ||
+ substr($text, $i, 8) == "https://" ||
+ substr($text, $i, 6) == "ftp://")
+ {
+ // Extract the URL and make this a link...
+ for ($j = $i; $j < $len; $j ++)
+ if ($text[$j] == " " || $text[$j] == "\n" || $text[$j] == "\r" ||
+ $text[$j] == "\t" || $text[$j] == "\'" || $text[$j] == "'")
+ break;
+
+ $count = $j - $i;
+ $url = substr($text, $i, $count);
+ $qtext .= "$url";
+ $col += $count;
+ $i = $j - 1;
+ break;
+ }
+
+ default :
+ $col ++;
+ $qtext .= $text[$i];
+ break;
+ }
+ }
+
+ return $qtext;
+}
+
+
+//
+// 'sanitize_email()' - Convert an email address to something a SPAMbot
+// can't read...
+//
+
+function // O - Sanitized email
+sanitize_email($email, // I - Email address
+ $html = 1) // I - HTML format?
+{
+ $nemail = "";
+ $len = strlen($email);
+
+ for ($i = 0; $i < $len; $i ++)
+ {
+ switch ($email[$i])
+ {
+ case '@' :
+ if ($i > 0)
+ $i = $len;
+ else if ($html)
+ $nemail .= " at ";
+ else
+ $nemail .= " at ";
+ break;
+
+ case '<' :
+ if ($i > 0)
+ $i = $len;
+ break;
+
+ case '>' :
+ break;
+
+ case '&' ;
+ $nemail .= "&";
+ break;
+
+ default :
+ $nemail .= $email[$i];
+ break;
+ }
+ }
+
+ return trim($nemail);
+}
+
+
+//
+// 'sanitize_text()' - Sanitize text.
+//
+
+function // O - Sanitized text
+sanitize_text($text) // I - Original text
+{
+ $len = strlen($text);
+ $word = "";
+ $qtext = "";
+
+ for ($i = 0; $i < $len; $i ++)
+ {
+ switch ($text[$i])
+ {
+ case "\n" :
+ if (!strncmp($word, "http://", 7) ||
+ !strncmp($word, "https://", 8) ||
+ !strncmp($word, "ftp://", 6))
+ $qtext .= "$word";
+ else if (strchr($word, '@'))
+ $qtext .= sanitize_email($word);
+ else
+ $qtext .= quote_text($word);
+
+ $qtext .= "
";
+ $word = "";
+ break;
+
+ case "\r" :
+ break;
+
+ case "\t" :
+ case " " :
+ if (!strncmp($word, "http://", 7) ||
+ !strncmp($word, "https://", 8) ||
+ !strncmp($word, "ftp://", 6))
+ $qtext .= "$word";
+ else if (strchr($word, '@'))
+ $qtext .= sanitize_email($word);
+ else
+ $qtext .= quote_text($word);
+
+ if ($word)
+ $qtext .= " ";
+ else
+ $qtext .= " ";
+
+ $word = "";
+ break;
+
+ default :
+ $word .= $text[$i];
+ break;
+ }
+ }
+
+ if (!strncmp($word, "http://", 7) ||
+ !strncmp($word, "https://", 8) ||
+ !strncmp($word, "ftp://", 6))
+ $qtext .= "$word";
+ else if (strchr($word, '@'))
+ $qtext .= sanitize_email($word);
+ else
+ $qtext .= quote_text($word);
+
+ return $qtext;
+}
+
+
+//
+// End of "$Id: common.php,v 1.1 2004/05/17 03:23:06 mike Exp $".
+//
+?>
diff --git a/www/phplib/db.php b/www/phplib/db.php
index 9d79b68..23425b8 100644
--- a/www/phplib/db.php
+++ b/www/phplib/db.php
@@ -1,6 +1,6 @@
$SQL_QUERY
[ " ."Home | " ."Documentation | " @@ -114,7 +114,7 @@ function html_footer() { print(" | |||||||||||||||
Copyright 2003-2004 by Michael Sweet. This library is free "
."software; you can redistribute it and/or modify it "
."under the terms of the GNU Library General Public "
diff --git a/www/str.php b/www/str.php
index 1942817..b281109 100644
--- a/www/str.php
+++ b/www/str.php
@@ -2,6 +2,7 @@
// Standard stuff...
include_once "phplib/html.php";
+include_once "phplib/common.php";
include_once "phplib/db.php";
// STR constants...
@@ -110,13 +111,14 @@ $scope_long = array(
);
// Global web vars...
-global $PHP_SELF;
-global $HTTP_COOKIE_VARS;
-global $HTTP_POST_FILES;
-global $HTTP_POST_VARS;
-global $REMOTE_USER;
-global $REQUEST_METHOD;
-global $SERVER_NAME;
+global $_COOKIE, $_FILES, $_POST, $_SERVER;
+
+$argc = $_SERVER["argc"];
+$argv = $_SERVER["argv"];
+$PHP_SELF = $_SERVER["PHP_SELF"];
+$REMOTE_USER = $_SERVER["PHP_AUTH_USER"];
+$REQUEST_METHOD = $_SERVER["REQUEST_METHOD"];
+$SERVER_NAME = $_SERVER["SERVER_NAME"];
// Function to abbreviate long strings...
function abbreviate($text, $maxlen = 32)
@@ -140,31 +142,31 @@ function notify_creator($id, $what = "updated", $contents = "")
{
$contents = wordwrap($contents);
$row = db_next($result);
- $prtext = $priority_long[$row->priority];
- $sttext = $status_long[$row->status];
- $sctext = $scope_long[$row->scope];
+ $prtext = $priority_long[$row['priority']];
+ $sttext = $status_long[$row['status']];
+ $sctext = $scope_long[$row['scope']];
- if ($row->subsystem != "")
- $subsystem = $row->subsystem;
+ if ($row['subsystem'] != "")
+ $subsystem = $row['subsystem'];
else
$subsystem = "Unassigned";
- if ($row->fix_version != "")
- $fix_version = $row->fix_version;
+ if ($row['fix_version'] != "")
+ $fix_version = $row['fix_version'];
else
$fix_version = "Unassigned";
- if ($row->create_email != $row->modify_email &&
- $row->create_email != $manager)
- mail($row->create_email, "Mini-XML STR #$id $what",
+ if ($row['create_email'] != $row['modify_email'] &&
+ $row['create_email'] != $manager)
+ mail($row['create_email'], "Mini-XML STR #$id $what",
"Your software trouble report #$id has been $what. You can check\n"
."the status of the report and add additional comments and/or files\n"
."at the following URL:\n"
."\n"
." http://www.easysw.com/str.php?L$id\n"
."\n"
- ." Summary: $row->summary\n"
- ." Version: $row->str_version\n"
+ ." Summary: $row[summary]\n"
+ ." Version: $row[str_version]\n"
." Status: $sttext\n"
." Priority: $prtext\n"
." Scope: $sctext\n"
@@ -187,8 +189,8 @@ function notify_creator($id, $what = "updated", $contents = "")
."\n"
." http://www.easysw.com/str.php?L$id\n"
."\n"
- ." Summary: $row->summary\n"
- ." Version: $row->str_version\n"
+ ." Summary: $row[summary]\n"
+ ." Version: $row[str_version]\n"
." Status: $sttext\n"
." Priority: $prtext\n"
." Scope: $sctext\n"
@@ -203,12 +205,12 @@ function notify_creator($id, $what = "updated", $contents = "")
db_free($ccresult);
}
- if ($row->manager_email != "")
- $manager = $row->manager_email;
+ if ($row['manager_email'] != "")
+ $manager = $row['manager_email'];
else
$manager = "mxml";
- if ($row->modify_email != $manager)
+ if ($row['modify_email'] != $manager)
mail($manager, "Mini-XML STR #$id $what",
"The software trouble report #$id assigned to you has been $what.\n"
."You can manage the report and add additional comments and/or files\n"
@@ -216,8 +218,8 @@ function notify_creator($id, $what = "updated", $contents = "")
."\n"
." http://www.easysw.com/private/str.php?L$id\n"
."\n"
- ." Summary: $row->summary\n"
- ." Version: $row->str_version\n"
+ ." Summary: $row[summary]\n"
+ ." Version: $row[str_version]\n"
." Status: $sttext\n"
." Priority: $prtext\n"
." Scope: $sctext\n"
@@ -261,11 +263,6 @@ $search = "";
$index = 0;
$femail = 0;
-global $argc, $argv;
-
-print(" argc=$argc \n"); -print("argv=$argv \n"); - if ($argc) { $op = $argv[0][0]; @@ -353,16 +350,16 @@ else if ($REQUEST_METHOD == "POST") { - if (array_key_exists("FPRIORITY", $HTTP_POST_VARS)) - $priority = (int)$HTTP_POST_VARS["FPRIORITY"]; - if (array_key_exists("FSTATUS", $HTTP_POST_VARS)) - $status = (int)$HTTP_POST_VARS["FSTATUS"]; - if (array_key_exists("FSCOPE", $HTTP_POST_VARS)) - $scope = (int)$HTTP_POST_VARS["FSCOPE"]; - if (array_key_exists("FEMAIL", $HTTP_POST_VARS)) - $femail = (int)$HTTP_POST_VARS["FEMAIL"]; - if (array_key_exists("SEARCH", $HTTP_POST_VARS)) - $search = $HTTP_POST_VARS["SEARCH"]; + if (array_key_exists("FPRIORITY", $_POST)) + $priority = (int)$_POST["FPRIORITY"]; + if (array_key_exists("FSTATUS", $_POST)) + $status = (int)$_POST["FSTATUS"]; + if (array_key_exists("FSCOPE", $_POST)) + $scope = (int)$_POST["FSCOPE"]; + if (array_key_exists("FEMAIL", $_POST)) + $femail = (int)$_POST["FEMAIL"]; + if (array_key_exists("SEARCH", $_POST)) + $search = $_POST["SEARCH"]; } $options = "+P$priority+S$status+C$scope+I$index+E$femail+Q" . urlencode($search); @@ -385,20 +382,20 @@ switch ($op) break; } - if (array_key_exists("STATUS", $HTTP_POST_VARS) && - ($HTTP_POST_VARS["STATUS"] != "" || - $HTTP_POST_VARS["PRIORITY"] != "" || - $HTTP_POST_VARS["MANAGER_EMAIL"] != "" || - $HTTP_POST_VARS["MESSAGE"] != "")) + if (array_key_exists("STATUS", $_POST) && + ($_POST["STATUS"] != "" || + $_POST["PRIORITY"] != "" || + $_POST["MANAGER_EMAIL"] != "" || + $_POST["MESSAGE"] != "")) { $time = time(); - $manager_email = db_escape_string($HTTP_POST_VARS["MANAGER_EMAIL"]); - $modify_email = db_escape_string($managers[$REMOTE_USER]); - $message = $HTTP_POST_VARS["MESSAGE"]; + $manager_email = db_escape($_POST["MANAGER_EMAIL"]); + $modify_email = db_escape($managers[$REMOTE_USER]); + $message = $_POST["MESSAGE"]; if ($message != "") { - $contents = db_escape_string($messages[$message]); + $contents = db_escape($messages[$message]); $mailmsg = $messages[$message] . "\n\n"; } else @@ -409,15 +406,15 @@ switch ($op) $query = "modify_date = $time, modify_email = '$modify_email'"; - if ($HTTP_POST_VARS["STATUS"] != "") - $query .= ", status = $HTTP_POST_VARS[STATUS]"; - if ($HTTP_POST_VARS["PRIORITY"] != "") - $query .= ", priority = $HTTP_POST_VARS[PRIORITY]"; + if ($_POST["STATUS"] != "") + $query .= ", status = $_POST[STATUS]"; + if ($_POST["PRIORITY"] != "") + $query .= ", priority = $_POST[PRIORITY]"; if ($manager_email != "") $query .= ", manager_email = '$manager_email'"; - reset($HTTP_POST_VARS); - while (list($key, $val) = each($HTTP_POST_VARS)) + reset($_POST); + while (list($key, $val) = each($_POST)) if (substr($key, 0, 3) == "ID_") { $id = (int)substr($key, 3); @@ -426,7 +423,7 @@ switch ($op) if ($contents != "") { - db_query("INSERT INTO strtext VALUES(0,$id,1,$time," + db_query("INSERT INTO strtext VALUES(NULL,$id,1,$time," ."'$modify_email','$contents')"); notify_creator($id, "updated", $mailmsg); @@ -455,7 +452,7 @@ switch ($op) print("" ."[ Return to STR List"); - if ($row->status >= $STR_STATUS_ACTIVE) + if ($row['status'] >= $STR_STATUS_ACTIVE) print(" | Post Text" ." | Post File"); @@ -464,15 +461,15 @@ switch ($op) print(" ] \n"); - $create_email = sanitize_email($row->create_email); - $manager_email = sanitize_email($row->manager_email); - $subsystem = $row->subsystem; - $summary = htmlspecialchars($row->summary, ENT_QUOTES); - $prtext = $priority_long[$row->priority]; - $sttext = $status_long[$row->status]; - $sctext = $scope_long[$row->scope]; - $str_version = $row->str_version; - $fix_version = $row->fix_version; + $create_email = sanitize_email($row['create_email']); + $manager_email = sanitize_email($row['manager_email']); + $subsystem = $row['subsystem']; + $summary = htmlspecialchars($row['summary'], ENT_QUOTES); + $prtext = $priority_long[$row['priority']]; + $sttext = $status_long[$row['status']]; + $sctext = $scope_long[$row['scope']]; + $str_version = $row['str_version']; + $fix_version = $row['fix_version']; if ($manager_email == "") $manager_email = "Unassigned"; @@ -485,12 +482,12 @@ switch ($op) print("
Trouble Report Dialog:"); - if ($row->status >= $STR_STATUS_ACTIVE) + if ($row['status'] >= $STR_STATUS_ACTIVE) print(" [ Post Text ]"); print(" \n"); @@ -579,27 +573,24 @@ switch ($op) { print("
|