1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
<?php
require_once('include/datetime.php');
require_once('include/event.php');
function events_post(&$a) {
if(! local_user())
return;
$event_id = ((x($_POST,'event_id')) ? intval($_POST['event_id']) : 0);
$uid = local_user();
$start = strip_tags($_POST['start']);
$finish = strip_tags($_POST['finish']);
$desc = escape_tags($_POST['desc']);
$location = escape_tags($_POST['location']);
$type = 'event';
$adjust = intval($_POST['adjust']);
$str_group_allow = perms2str($_POST['group_allow']);
$str_contact_allow = perms2str($_POST['contact_allow']);
$str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']);
if($event_id) {
$r = q("UPDATE `event` SET
`edited` = '%s',
`start` = '%s',
`finish` = '%s',
`desc` = '%s',
`location` = '%s',
`type` = '%s',
`adjust` = %d,
`allow_cid` = '%s',
`allow_gid` = '%s',
`deny_cid` = '%s',
`deny_gid` = '%s'
WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc(datetime_convert()),
dbesc($start),
dbesc($finish),
dbesc($desc),
dbesc($location),
dbesc($type),
intval($adjust),
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
dbesc($str_group_deny),
intval($event_id),
intval($local_user())
);
}
else {
$uri = item_new_uri($a->get_hostname(),local_user());
$r = q("INSERT INTO `event` ( `uid`,`uri`,`created`,`edited`,`start`,`finish`,`desc`,`location`,`type`,
`adjust`,`allow_cid`,`allow_gid`,`deny_cid`,`deny_gid`)
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s' ) ",
intval(local_user()),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc($start),
dbesc($finish),
dbesc($desc),
dbesc($location),
dbesc($type),
intval($adjust),
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
dbesc($str_group_deny)
);
}
}
|