function changeNotes($uid, $pid, $notes) { if (!canViewPuzzle($uid, $pid)) { utilsError("You do not have permission to modify this puzzle."); } $purifier = new HTMLPurifier(); mysql_query('START TRANSACTION'); $oldNotes = getNotes($pid); $cleanNotes = $purifier->purify($notes); $cleanNotes = htmlspecialchars($cleanNotes); updateNotes($uid, $pid, $oldNotes, $cleanNotes); mysql_query('COMMIT'); }
* (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ // $Id: editNotes.php,v 1.9 2005/10/30 22:37:19 atrommer Exp $ checkUser($_SESSION['USERTYPE'], 2); // check for postback if ($_POST['isPostback']) { updateNotes($_POST['hdEvent'], sanitizeInput($_POST['taComments'])); redirect('editSched.php?area=' . $_POST['area']); } if (isset($_REQUEST['event'])) { $oEvent = getEventDetails($_REQUEST['event']); // if we don't have a month set, pull it from area if (strlen($oEvent->event_comments)) { $sNotes = $oEvent->event_comments; } else { $sNotes = getAreaTempl($_REQUEST['area']); } } else { accessDenied("Please choose an event to edit first using Manage Schedules"); } doHeader("Editing notes for " . $oEvent->event_name, 'taComments'); ?>