Create/modify appeal button on Appeal Management page shows up content now when clicked

2025-01-05 16:04:50 -05:00 · 2025-01-05 16:04:50 -05:00 · ba00a86a41
commit ba00a86a41
parent 637c2f748e
7 changed files with 46 additions and 39 deletions
--- a/admin/award_awards.php
+++ b/admin/award_awards.php
@ -27,14 +27,14 @@
 user_auth_required('committee', 'admin');
 require_once('awards.inc.php');
- switch(get_value_from_array($_GET, 'action', 'awardinfo_load')) {
+ switch(get_value_from_array($_GET, 'action')) {
-	
+	 
 case 'awardinfo_load':
 	$id = intval(get_value_from_array($_GET, 'id'));
 	$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$id'");
 	$q->execute();	
 	$ret = $q->fetch(PDO::FETCH_ASSOC);
 	//json_encode NEEDS UTF8 DATA, but we store it in the database as ISO :(
 	foreach($ret AS $k=>$v) {print('sdfs');
 		$ret[$k]=iconv("ISO-8859-1","UTF-8",$v);
@ -54,7 +54,7 @@
 	if($id == -1) {
-		$q = $prepare("INSERT INTO award_awards (year,self_nominate,schedule_judges) 
+		$q = $pdo->prepare("INSERT INTO award_awards (year,self_nominate,schedule_judges) 
 				VALUES ('{$config['FAIRYEAR']}','yes','yes')");
 		$q->execute();
 		$id = $pdo->lastInsertId();
@ -177,7 +177,7 @@
 		$q->execute();
 	} else {
-		$q = $prepare("SELECT * FROM award_prizes WHERE award_awards_id='$id' ORDER BY `order`");
+		$q = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='$id' ORDER BY `order`");
 		$q->execute();
 	}
 	while($r=$q->fetch(PDO::FETCH_ASSOC)) {
@ -254,8 +254,8 @@
 	}
 	$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$id'");
-	$q -> execute();
+	$q->execute();
-	$a = fetch(PDO::FETCH_ASSOC)
+	$a = $q->fetch(PDO::FETCH_ASSOC)
 ?>
 	<h4><?=i18n("Feeder Fairs")?></h4>
 	<form id="feeder_form">
--- a/admin/communication.php
+++ b/admin/communication.php
@ -65,7 +65,7 @@ case 'dialog_choose':
 	<select id="comm_dialog_choose_emails_id">
 		<option value="-1">-- <?=i18n('Choose a Communication')?> --</option>
 	<?
-	$type = $_GET['type'];
+	$type = $pdo->quote( $_GET['type']);
 	$q = $pdo->prepare("SELECT * FROM emails WHERE type='$type'");
 	$q->execute();
 	while($e = $q->fetch(PDO::FETCH_ASSOC)) {
@ -157,15 +157,15 @@ case 'email_save':
 	$subject=iconv("UTF-8","ISO-8859-1//TRANSLIT",$subject);
 	//Now its safe to escape it for the db query
-	$name = stripslashes($name);
+	$name = $pdo->quote(stripslashes($name));
-	$description = stripslashes($description);
+	$description = $pdo->quote(stripslashes($description));
-	$from = stripslashes($from);
+	$from = $pdo->quote(stripslashes($from));
-	$subject = stripslashes($subject);
+	$subject = $pdo->quote(stripslashes($subject));
-	$bodyhtml = stripslashes($bodyhtml);
+	$bodyhtml = $pdo->quote(stripslashes($bodyhtml));
-	$type = $_POST['type'];
+	$type = $pdo->quote($_POST['type']);
-	$key = $_POST['key'];
+	$key = $pdo->quote($_POST['key']);
-	$fcid = $_POST['fcid'];
+	$fcid = $pdo->quote($_POST['fcid']);
 	if($id == 0) {
 		if($key && $name) {
@ -690,7 +690,7 @@ case "email_get_list":
 	$emailq = $pdo->prepare("SELECT * FROM emails WHERE id='$emailid'");
 	$emailq->execute();
-	$email=$emailq.fetch(PDO::FETCH_OBJ);
+	$email=$emailq->fetch(PDO::FETCH_OBJ);
 	$recipq = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link
 						WHERE fundraising_campaigns_id='$fcid'");
@ -747,12 +747,12 @@ case "email_get_list":
 			$q = $pdo->prepare("INSERT INTO emailqueue_recipients (emailqueue_id,toemail,toname,replacements,sent) VALUES (
 				'$emailqueueid',
-				'".$u['email']."',
+				'".$pdo->quote($u['email'])."',
-				'".$u['name']."',
+				'".$pdo->quote($u['name'])."',
-				'".json_encode($replacements."',
+				'".$pdo->quote(json_encode($replacements)."',
 				NULL)"));
 			$q->execute();
-			echo $pdo->erroInfo();
+			show_pdo_errors_if_any($pdo);
 		}
 		$q = $pdo->prepare("UPDATE emails SET lastsent=NOW() WHERE id='$emailid'");
 		$q->execute();
@ -875,14 +875,14 @@ case "email_get_list":
 		$numtotal=$recipq->rowCount();
 		$q = $pdo->prepare("INSERT INTO emailqueue (val,name,users_uid,`from`,subject,body,bodyhtml,`type`,fundraising_campaigns_id,started,finished,numtotal,numsent) VALUES (
-				'".$email->val."',
+				'".$pdo->quote($email->val)."',
-				'".$email->name."',
+				'".$pdo->quote($email->name)."',
-				'".$_SESSION['users_uid']."',
+				'".$pdo->quote($_SESSION['users_uid'])."',
-				'".$email->from."',
+				'".$pdo->quote($email->from)."',
-				'".$email->subject."',
+				'".$pdo->quote($email->subject)."',
-				'".$email->body."',
+				'".$pdo->quote($email->body)."',
-				'".$email->bodyhtml."',
+				'".$pdo->quote($email->bodyhtml)."',
-				'".$email->type."',
+				'".$pdo->quote($email->type)."',
 				NULL,
 				NOW(),
 				NULL,
@ -923,7 +923,7 @@ case "email_get_list":
 				$acq=$pdo->prepare("SELECT accesscode FROM schools WHERE (sciencehead_uid='{$u['uid']}' OR principal_uid='{$u['uid']}') AND `year`='{$config['FAIRYEAR']}'");
 				$acq->execute();
 				show_pdo_errors_if_any($pdo);
-				$acr=$acq->fetch(PDO::FETCH-OBJ);
+				$acr=$acq->fetch(PDO::FETCH_OBJ);
 				$accesscode=$acr->accesscode;
 				$replacements=array(
--- a/admin/fundraising_campaigns.php
+++ b/admin/fundraising_campaigns.php
@ -545,6 +545,7 @@ function save_campaign_info(){
       target='".$_POST['target']."',
       fundraising_goal='".$_POST['fundraising_goal']."'
       WHERE id='$id'");
    $stmt->execute();
 }
 send_header("Appeal Management",
@ -558,8 +559,8 @@ send_header("Appeal Management",
 <script type="text/javascript">
 $(document).ready(function() {
    <?
-    if($_GET['manage_campaign']) {
+    if(get_value_from_array($_GET, 'manage_campaign')) {
-        echo "managecampaign(".intval($_GET['manage_campaign']).");\n";
+        echo "managecampaign(".intval(get_value_from_array($_GET, 'manage_campaign')).");\n";
    }
    else {
        echo "managecampaigns();\n";
@ -755,10 +756,12 @@ function opensendemaildialog(fcid,emails_id) {
 function display_campaign_form($r=null) {
    global $config;
    global $campaign_types;
    global $pdo;
 ?>    
 		<tr>
 			<td><?=i18n("Name")?></td>
-			<td colspan="3"><input size="40" type="text" name="name" value="<?=$r->name?>"></td>
+			<td colspan="3"><input size="40" type="text" name="name" value="<?=get_value_property_or_default($r, 'name')?>"></td>
            <td><?=i18n("Type")?></td><td>
            <select name="type">
            <option value=""><?=i18n("Choose")?></option>
@ -772,16 +775,16 @@ function display_campaign_form($r=null) {
            </td>
        </tr>
        <?
-        if($r->startdate) $sd=$r->startdate;
+        if(get_value_property_or_default($r, 'startdate')) $sd=$r->startdate;
        else $sd=date("Y-m-d");
        ?>
        <tr>
 			<td><?=i18n("Start Date")?></td><td><input type="text" name="startdate" class="date" value="<?=$sd?>" /></td>
-			<td><?=i18n("Follow-Up Date")?></td><td><input type="text" name="followupdate" class="date" value="<?=$r->followupdate?>" /></td>
+			<td><?=i18n("Follow-Up Date")?></td><td><input type="text" name="followupdate" class="date" value="<?=get_value_property_or_default($r, 'followupdate')?>" /></td>
-			<td><?=i18n("End Date")?></td><td><input type="text" name="enddate" class="date" value="<?=$r->enddate?>" /></td>
+			<td><?=i18n("End Date")?></td><td><input type="text" name="enddate" class="date" value="<?=get_value_property_or_default($r, 'enddate')?>" /></td>
        </tr>
        <tr>
-			<td><?=i18n("Target")?></td><td>$<input type="text" id="target" name="target" size="10" value="<?=$r->target?>" /></td>
+			<td><?=i18n("Target")?></td><td>$<input type="text" id="target" name="target" size="10" value="<?=get_value_property_or_default($r,'target')?>" /></td>
 			<td><?=i18n("Default Purpose")?></td><td colspan="3">
            <?
            $fgq=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
--- a/admin/winners.php
+++ b/admin/winners.php
@ -465,6 +465,7 @@ while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 {
 	global $config, $auth_type;
 	global $pdo;
 //	echo "fair=$fairs_id";
--- a/config/subdivisions.php
+++ b/config/subdivisions.php
@ -73,7 +73,7 @@
 		{
 			$idq=$pdo->prepare("SELECT MAX(id) AS id FROM projectsubdivisions");
 			$idq->execute();
-			$idr=$idq->fetch(PDO::fETCH_OBJ);
+			$idr=$idq->fetch(PDO::FETCH_OBJ);
 			$newid=$idr->id+1;
 		}
--- a/projects.inc.php
+++ b/projects.inc.php
@ -25,6 +25,7 @@
 function getProjectsEligibleForAward($award_id)
 {
 	global $config;
 	global $pdo;
 	$prjq=$pdo->prepare("SELECT
 				award_awards.id,
@ -229,6 +230,7 @@ function getNominatedForNoSpecialAwardsForProject($projectid)
 function getProjectsNominatedForSpecialAward($award_id)
 {
 	global $config;
 	global $pdo;
 	//if they dont use special award nominations, then we will instead get all of the projects that
 	//are eligible for the award, instead of nominated for it.
--- a/user.inc.php
+++ b/user.inc.php
@ -202,7 +202,8 @@ function user_load($user, $uid = false)
 		$id = intval($user);
 		$query .= "	`users`.`id`='$id'";
 	}
-	$q=$pdo->query($query);
+	$q=$pdo->prepare($query);
 	$q->execute();
 	if($q->rowCount()!=1) {
 		echo "Query [$query] returned ".$q->rowCount()." rows\n";