function changeNotes($uid, $pid, $notes)
{
if (!canViewPuzzle($uid, $pid)) {
utilsError("You do not have permission to modify this puzzle.");
}
$purifier = new HTMLPurifier();
mysql_query('START TRANSACTION');
$oldNotes = getNotes($pid);
$cleanNotes = $purifier->purify($notes);
$cleanNotes = htmlspecialchars($cleanNotes);
updateNotes($uid, $pid, $oldNotes, $cleanNotes);
mysql_query('COMMIT');
}
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
// $Id: editNotes.php,v 1.9 2005/10/30 22:37:19 atrommer Exp $
checkUser($_SESSION['USERTYPE'], 2);
// check for postback
if ($_POST['isPostback']) {
updateNotes($_POST['hdEvent'], sanitizeInput($_POST['taComments']));
redirect('editSched.php?area=' . $_POST['area']);
}
if (isset($_REQUEST['event'])) {
$oEvent = getEventDetails($_REQUEST['event']);
// if we don't have a month set, pull it from area
if (strlen($oEvent->event_comments)) {
$sNotes = $oEvent->event_comments;
} else {
$sNotes = getAreaTempl($_REQUEST['area']);
}
} else {
accessDenied("Please choose an event to edit first using Manage Schedules");
}
doHeader("Editing notes for " . $oEvent->event_name, 'taComments');
?>
