Plugin update:

1. use of sqGetGlobalVar instead of accessing $_POST and $_GET directly
2. event sanitizing update. Storage functions don't sanitize html. Event text
   is sanitized on display
3. fix possible data loss when vertical bar is used in event text
4. updates in README and phpdoc blocks

plugins/calendar/README

@@ -1,28 +1,25 @@
-SQCalendar  $Id$
+SquirrelMail Calendar Plugin
+$Id$
 
 ********** DESCRIPTION ************
 
-Simple calendar plugin for Squirrel Mail (squirrelmail.org). As of now it has
-month view and day view. Events can be created, deleted and updated.
+Simple calendar plugin for Squirrel Mail. As of now it has month view and 
+day view. Events can be created, deleted and updated.
 
 
 ********** REQUIREMENTS  **********
 
-It works with SquirrelMail 1.0.6 and 1.2.0-rc2 which are latest at the time
-of writing
-
-********** INSTALLATION  **********
-
-SEE INSTALL
+SquirrelMail 1.4.3 or later (1.5.0 version excluded)
+Write access to data directory (plugin uses own data files)
 
 *************** TODO **************
 
-- single entry of repetitve events (ex. birthday repeats every year)
+- single entry of recurring events (ex. birthday repeats every year)
 - reminder email/javascript/etc
 - weekly view
 
 
 ************ CREDITS **************
 
-This plugin has been originally created by  Michal Szczotka, and is now
-maintained by the SquirrelMail Project Team.
+This plugin has been originally created by  Michal Szczotka <michal@tuxy.org>, 
+and is now maintained by the SquirrelMail Project Team.

plugins/calendar/calendar.php

@@ -1,57 +1,41 @@
 <?php
 
 /**
- * calendar.php
- *
- * Originally contrubuted by Michal Szczotka <michal@tuxy.org>
- *
  * Displays the main calendar page (month view).
  *
- * @copyright &copy; 2002-2005 The SquirrelMail Project Team
+ * @copyright &copy; 2002-2006 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
  * @subpackage calendar
  */
 
-/**
-*/
+/** @ignore */
 define('SM_PATH','../../');
 
-/* Calender plugin required files. */
-require_once(SM_PATH . 'plugins/calendar/calendar_data.php');
-require_once(SM_PATH . 'plugins/calendar/functions.php');
-
 /* SquirrelMail required files. */
-require_once(SM_PATH . 'include/validate.php');
-require_once(SM_PATH . 'functions/strings.php');
-require_once(SM_PATH . 'functions/date.php');
-require_once(SM_PATH . 'config/config.php');
-require_once(SM_PATH . 'functions/page_header.php');
-require_once(SM_PATH . 'include/load_prefs.php');
-require_once(SM_PATH . 'functions/html.php');
+include_once(SM_PATH . 'include/validate.php');
+/* load date_intl() */
+include_once(SM_PATH . 'functions/date.php');
 
-/* get globals */
-
-// undo rg = on effects
-if (isset($month)) unset($month);
-if (isset($year))  unset($year);
+/* Calendar plugin required files. */
+include_once(SM_PATH . 'plugins/calendar/calendar_data.php');
+include_once(SM_PATH . 'plugins/calendar/functions.php');
 
-if (isset($_GET['month']) && is_numeric($_GET['month'])) {
-    $month = $_GET['month'];
-}
-if (isset($_GET['year']) && is_numeric($_GET['year'])) {
-    $year = $_GET['year'];
-}
-if (isset($_POST['year']) && is_numeric($_POST['year'])) {
-    $year = $_POST['year'];
+/* get globals */
+if (! sqgetGlobalVar('month',$month,SQ_FORM) || ! is_numeric($month)) {
+    unset($month);
 }
-if (isset($_POST['month']) && is_numeric($_POST['month'])) {
-    $month = $_POST['month'];
+if (! sqgetGlobalVar('year',$year,SQ_FORM) || ! is_numeric($year)) {
+    unset($year);
 }
 /* got 'em */
 
-//display upper part of month calendar view
+/**
+ * display upper part of month calendar view
+ * @return void
+ * @access private
+ */
 function startcalendar() {
     global $year, $month, $color;
 
@@ -97,7 +81,11 @@ function startcalendar() {
            '', $color[0] ) ."\n";
 }
 
-//main logic for month view of calendar
+/**
+ * main logic for month view of calendar
+ * @return void
+ * @access private
+ */
 function drawmonthview() {
     global $year, $month, $color, $calendardata, $todayis;
 
@@ -124,8 +112,13 @@ function drawmonthview() {
                 $i=0;
                 while ($calfoo = each($calendardata[$cdate])) {
                     $calbar = $calendardata[$cdate][$calfoo['key']];
-                    $title = '['. $calfoo['key']. '] ' .$calbar['message'];
-                    echo ($calbar['priority']==1) ? "<a href=\"#\" style=\"text-decoration:none; color: $color[1]\" title=\"$title\">$calbar[title]</a><br />\n" : "<a href=\"#\" style=\"text-decoration:none; color: $color[6]\" title=\"$title\">$calbar[title]</a><br />\n";
+                    // FIXME: how to display multiline task
+                    $title = '['. $calfoo['key']. '] ' .
+                        str_replace(array("\r","\n"),array(' ',' '),htmlspecialchars($calbar['message']));
+                    // FIXME: link to nowhere
+                    echo "<a href=\"#\" style=\"text-decoration:none; color: "
+                        .($calbar['priority']==1 ? $color[1] : $color[6])
+                        ."\" title=\"$title\">".htmlspecialchars($calbar['title'])."</a><br />\n";
                     $i=$i+1;
                     if($i==2){
                         break;
@@ -139,7 +132,12 @@ function drawmonthview() {
     }
 }
 
-//end of monthly view and form to jump to any month and year
+/**
+ * end of monthly view and form to jump to any month and year
+ * @return void
+ * @
+ * @access private
+ */
 function endcalendar() {
     global $year, $month, $day, $color;
 

plugins/calendar/calendar_data.php

@@ -1,38 +1,42 @@
 <?php
 
 /**
- * calendar_data.php
- *
- * Originally contrubuted by Michal Szczotka <michal@tuxy.org>
- *
  * functions to operate on calendar data files.
  *
- * @copyright &copy; 2002-2005 The SquirrelMail Project Team
+ * @copyright &copy; 2002-2006 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
  * @subpackage calendar
  */
 
-/** this is array that contains all events
- *  it is three dimensional array with fallowing structure
- *  $calendardata[date][time] = array(length,priority,title,message); */
+/**
+ * this is array that contains all events
+ * it is three dimensional array with fallowing structure
+ * $calendardata[date][time] = array(length,priority,title,message,reminder);
+ */
 $calendardata = array();
 
 /**
  * Reads multilined calendar data
  * 
  * Plugin stores multiline texts converted to single line with PHP nl2br().
- * Function undoes nl2br() conversion and sanitizes data with htmlspecialchars().
+ * Function undoes nl2br() conversion and html encoding of ASCII vertical bar.
+ *
+ * Older plugin versions sanitized data with htmlspecialchars. Since 1.5.1 calendar 
+ * data is not sanitized. Output functions must make sure that data is correctly 
+ * encoded and sanitized.
  * @param string $string calendar string
  * @return string calendar string converted to multiline text
+ * @access private
  * @since 1.5.1
  */
 function calendar_readmultiline($string) {
-    // replace html line breaks with ASCII line feeds
-    $string = str_replace(array('<br />','<br>'),array("\n","\n"),$string);
-    // FIXME: don't sanitize data. Storage backend should not care about html data safety
-    $string = htmlspecialchars($string,ENT_NOQUOTES);
+    /**
+     * replace html line breaks with ASCII line feeds
+     * replace htmlencoded | with ASCII vertical bar
+     */
+    $string = str_replace(array('<br />','<br>','&#124;'),array("\n","\n",'|'),$string);
     return $string;
 }
 
@@ -40,11 +44,16 @@ function calendar_readmultiline($string) {
  * Callback function used to sanitize calendar data before saving it to file
  * @param string $sValue array value 
  * @param string $sKey array key
+ * @access private
  * @since 1.5.1
  */
 function calendar_encodedata(&$sValue, $sKey) {
-    // add html line breaks and remove original ASCII line feeds and carriage returns
-    $sValue = str_replace(array("\n","\r"),array('',''),nl2br($sValue));
+    /**
+     * add html line breaks
+     * remove original ASCII line feeds and carriage returns
+     * replace ASCII vertical bar with html code in order to sanitize field delimiter
+     */
+    $sValue = str_replace(array("\n","\r",'|'),array('','','&#124;'),nl2br($sValue));
 }
 
 /**
@@ -53,7 +62,8 @@ function calendar_encodedata(&$sValue, $sKey) {
  * data is | delimited, just like addressbook
  * files are structured like this:
  * date|time|length|priority|title|message
- * files are divided by year for performance increase */
+ * files are divided by year for performance increase
+ */
 function readcalendardata() {
     global $calendardata, $username, $data_dir, $year;
 
@@ -64,11 +74,11 @@ function readcalendardata() {
 
         if ($fp){
             while ($fdata = fgetcsv ($fp, 4096, '|')) {
-                $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2],
-                                                            'priority' => $fdata[3],
-                                                            'title' => htmlspecialchars($fdata[4],ENT_NOQUOTES),
-                                                            'message' => calendar_readmultiline($fdata[5]),
-                                                            'reminder' => $fdata[6] );
+                $calendardata[$fdata[0]][$fdata[1]] = array( 'length'   => $fdata[2],
+                                                             'priority' => $fdata[3],
+                                                             'title'    => $fdata[4],
+                                                             'message'  => calendar_readmultiline($fdata[5]),
+                                                             'reminder' => $fdata[6] );
             }
             fclose ($fp);
             // this is to sort the events within a day on starttime
@@ -82,7 +92,11 @@ function readcalendardata() {
     }
 }
 
-//makes events persistant
+/**
+ * Saves calendar data
+ * @return void
+ * @access private
+ */
 function writecalendardata() {
     global $calendardata, $username, $data_dir, $year, $color;
 
@@ -94,9 +108,15 @@ function writecalendardata() {
             while ( $calbar = each ($calfoo['value'])) {
                 $calfoobar = $calendardata[$calfoo['key']][$calbar['key']];
                 array_walk($calfoobar,'calendar_encodedata');
+                /**
+                 * Make sure that reminder field is set. Calendar forms don't implement it, 
+                 * but it is still used for calendar data. Backwards compatibility.
+                 */ 
+                if (!isset($calfoobar['reminder'])) $calfoobar['reminder']='';
+
                 $calstr = "$calfoo[key]|$calbar[key]|$calfoobar[length]|$calfoobar[priority]|$calfoobar[title]|$calfoobar[message]|$calfoobar[reminder]\n";
                 if(sq_fwrite($fp, $calstr, 4096) === FALSE) {
-                        error_box(_("Could not write calendar file %s", "$username.$year.cal.tmp"), $color);
+                    error_box(_("Could not write calendar file %s", "$username.$year.cal.tmp"), $color);
                 }
             }
 
@@ -107,7 +127,11 @@ function writecalendardata() {
     }
 }
 
-//deletes event from file
+/**
+ * deletes event from file
+ * @return void
+ * @access private
+ */
 function delete_event($date, $time) {
     global $calendardata, $username, $data_dir, $year;
 
@@ -116,23 +140,27 @@ function delete_event($date, $time) {
     if ($fp){
         while ($fdata = fgetcsv ($fp, 4096, "|")) {
             if (($fdata[0]==$date) && ($fdata[1]==$time)){
-            // do nothing
+                // do nothing
             } else {
-                $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2],
+                $calendardata[$fdata[0]][$fdata[1]] = array( 'length'   => $fdata[2],
                                                              'priority' => $fdata[3],
-                                                             'title' => $fdata[4],
-                                                             'message' => $fdata[5],
+                                                             'title'    => $fdata[4],
+                                                             'message'  => $fdata[5],
                                                              'reminder' => $fdata[6] );
             }
         }
         fclose ($fp);
     }
     writecalendardata();
-
 }
 
-// same as delete but not saves calendar
-// saving is done inside event_edit.php
+/**
+ * same as delete but not saves calendar
+ * saving is done inside event_edit.php
+ * @return void
+ * @access private
+ * @todo code reuse
+ */
 function update_event($date, $time) {
     global $calendardata, $username, $data_dir, $year;
 
@@ -141,12 +169,12 @@ function update_event($date, $time) {
     if ($fp){
         while ($fdata = fgetcsv ($fp, 4096, '|')) {
             if (($fdata[0]==$date) && ($fdata[1]==$time)){
-            // do nothing
+                // do nothing
             } else {
-                $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2],
+                $calendardata[$fdata[0]][$fdata[1]] = array( 'length'   => $fdata[2],
                                                              'priority' => $fdata[3],
-                                                             'title' => $fdata[4],
-                                                             'message' => $fdata[5],
+                                                             'title'    => $fdata[4],
+                                                             'message'  => $fdata[5],
                                                              'reminder' => $fdata[6] );
             }
         }

plugins/calendar/day.php

@@ -1,13 +1,9 @@
 <?php
 
 /**
- * day.php
- *
- * Originally contrubuted by Michal Szczotka <michal@tuxy.org>
- *
  * Displays the day page (day view).
  *
- * @copyright &copy; 2002-2005 The SquirrelMail Project Team
+ * @copyright &copy; 2002-2006 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
@@ -17,48 +13,32 @@
 /** @ignore */
 define('SM_PATH','../../');
 
-/* Calender plugin required files. */
-require_once(SM_PATH . 'plugins/calendar/calendar_data.php');
-require_once(SM_PATH . 'plugins/calendar/functions.php');
-
 /* SquirrelMail required files. */
-require_once(SM_PATH . 'include/validate.php');
-require_once(SM_PATH . 'functions/strings.php');
-require_once(SM_PATH . 'functions/date.php');
-require_once(SM_PATH . 'config/config.php');
-require_once(SM_PATH . 'functions/page_header.php');
-require_once(SM_PATH . 'include/load_prefs.php');
-require_once(SM_PATH . 'functions/html.php');
-
-/* get globals */
+include_once(SM_PATH . 'include/validate.php');
+/* date_intl() */
+include_once(SM_PATH . 'functions/date.php');
 
-// undo rg = on effects
-if (isset($month)) unset($month);
-if (isset($year))  unset($year);
-if (isset($day))  unset($day);
+/* Calendar plugin required files. */
+include_once(SM_PATH . 'plugins/calendar/calendar_data.php');
+include_once(SM_PATH . 'plugins/calendar/functions.php');
 
-if (isset($_GET['year']) && is_numeric($_GET['year'])) {
-    $year = $_GET['year'];
-}
-elseif (isset($_POST['year']) && is_numeric($_POST['year'])) {
-    $year = $_POST['year'];
-}
-if (isset($_GET['month']) && is_numeric($_GET['month'])) {
-    $month = $_GET['month'];
-}
-elseif (isset($_POST['month'])  && is_numeric($_POST['month'])) {
-    $month = $_POST['month'];
+/* get globals */
+if (! sqGetGlobalVar('year',$year,SQ_FORM) || ! is_numeric($year)) {
+    unset($year);
 }
-if (isset($_GET['day']) && is_numeric($_GET['day'])) {
-    $day = $_GET['day'];
+if (! sqGetGlobalVar('month',$month,SQ_FORM) || ! is_numeric($month)) {
+    unset($month);
 }
-elseif (isset($_POST['day'])  && is_numeric($_POST['day'])) {
-    $day = $_POST['day'];
+if (! sqGetGlobalVar('day',$day,SQ_FORM) || ! is_numeric($day)) {
+    unset($day);
 }
-
 /* got 'em */
 
-//displays head of day calendar view
+/**
+ * displays head of day calendar view
+ * @return void
+ * @access private
+ */
 function day_header() {
     global $color, $month, $day, $year, $prev_year, $prev_month, $prev_day,
            $prev_date, $next_month, $next_day, $next_year, $next_date;
@@ -80,7 +60,11 @@ function day_header() {
                         );
 }
 
-//events for specific day  are inserted into "daily" array
+/**
+ * events for specific day  are inserted into "daily" array
+ * @return void
+ * @access private
+ */
 function initialize_events() {
     global $daily_events, $calendardata, $month, $day, $year;
 
@@ -102,7 +86,11 @@ function initialize_events() {
     }
 }
 
-//main loop for displaying daily events
+/**
+ * main loop for displaying daily events
+ * @return void
+ * @access private
+ */
 function display_events() {
     global $daily_events, $month, $day, $year, $color;
 
@@ -122,7 +110,8 @@ function display_events() {
                        html_tag( 'td', $ehour . ':' . $eminute, 'left' ) .
                        html_tag( 'td', '&nbsp;', 'left' ) .
                        html_tag( 'td',
-                           "<font size=\"-1\"><a href=\"event_create.php?year=$year&amp;month=$month&amp;day=$day&amp;hour=".substr($calfoo['key'],0,2)."\">".
+                           "<font size=\"-1\"><a href=\"event_create.php?year=$year&amp;month=$month&amp;day=$day&amp;hour="
+                           .substr($calfoo['key'],0,2)."\">".
                            _("ADD") . "</a></font>" ,
                        'center' ) ,
                    '', $color[$eo]);
@@ -137,21 +126,25 @@ function display_events() {
             echo html_tag( 'tr', '', '', $color[$eo] ) .
                         html_tag( 'td', $ehour . ':' . $eminute . $elength, 'left' ) .
                         html_tag( 'td', '', 'left' ) . '[';
-                            echo ($calbar['priority']==1) ? "<font color=\"$color[1]\">$calbar[title]</font>" : "$calbar[title]";
-                            echo'] <div style="margin-left:10px">'.nl2br($calbar['message']).'</div>' .
+                            echo ($calbar['priority']==1) ? 
+                                "<font color=\"$color[1]\">".htmlspecialchars($calbar['title']).'</font>' : 
+                                htmlspecialchars($calbar['title']);
+                            echo'] <div style="margin-left:10px">'.nl2br(htmlspecialchars($calbar['message'])).'</div>' .
                         html_tag( 'td',
                             "<font size=\"-1\"><nobr>\n" .
-                            "<a href=\"event_edit.php?year=$year&amp;month=$month&amp;day=$day&amp;hour=".substr($calfoo['key'],0,2)."&amp;minute=".substr($calfoo['key'],2,2)."\">".
+                            "<a href=\"event_edit.php?year=$year&amp;month=$month&amp;day=$day&amp;hour=".
+                            substr($calfoo['key'],0,2)."&amp;minute=".substr($calfoo['key'],2,2)."\">".
                             _("EDIT") . "</a>&nbsp;|&nbsp;\n" .
-                            "<a href=\"event_delete.php?dyear=$year&amp;dmonth=$month&amp;dday=$day&amp;dhour=".substr($calfoo['key'],0,2)."&amp;dminute=".substr($calfoo['key'],2,2)."&amp;year=$year&amp;month=$month&amp;day=$day\">" .
+                            "<a href=\"event_delete.php?dyear=$year&amp;dmonth=$month&amp;dday=$day&amp;dhour=".
+                            substr($calfoo['key'],0,2)."&amp;dminute=".substr($calfoo['key'],2,2).
+                            "&amp;year=$year&amp;month=$month&amp;day=$day\">" .
                             _("DEL") . '</a>' .
                             "</nobr></font>\n" ,
                         'center' );
+        }
     }
 }
-
-
-}
+/* end of day functions */
 
 if ($month <= 0){
     $month = date( 'm');

plugins/calendar/event_create.php

@@ -1,97 +1,57 @@
 <?php
 
 /**
- * event_create.php
- *
- * Originally contrubuted by Michal Szczotka <michal@tuxy.org>
- *
  * functions to create a event for calendar.
  *
- * @copyright &copy; 2002-2005 The SquirrelMail Project Team
+ * @copyright &copy; 2002-2006 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
  * @subpackage calendar
  */
 
-/**
- * @ignore
- */
+/** @ignore */
 define('SM_PATH','../../');
 
-/* Calender plugin required files. */
-require_once(SM_PATH . 'plugins/calendar/calendar_data.php');
-require_once(SM_PATH . 'plugins/calendar/functions.php');
-
 /* SquirrelMail required files. */
-require_once(SM_PATH . 'include/validate.php');
-require_once(SM_PATH . 'functions/strings.php');
-require_once(SM_PATH . 'functions/date.php');
-require_once(SM_PATH . 'config/config.php');
-require_once(SM_PATH . 'functions/page_header.php');
-require_once(SM_PATH . 'include/load_prefs.php');
-require_once(SM_PATH . 'functions/html.php');
-
-/* get globals */
-
-// undo rg = on effects
-if (isset($month)) unset($month);
-if (isset($year))  unset($year);
-if (isset($day))  unset($day);
-if (isset($hour))  unset($hour);
-if (isset($minute))  unset($minute);
-if (isset($event_hour))  unset($event_hour);
-if (isset($event_minute))  unset($event_minute);
-if (isset($event_length))  unset($event_length);
-if (isset($event_priority))  unset($event_priority);
+include_once(SM_PATH . 'include/validate.php');
+/* date_intl() */
+include_once(SM_PATH . 'functions/date.php');
 
+/* Calendar plugin required files. */
+include_once(SM_PATH . 'plugins/calendar/calendar_data.php');
+include_once(SM_PATH . 'plugins/calendar/functions.php');
 
-if (isset($_GET['year']) && is_numeric($_GET['year'])) {
-    $year = $_GET['year'];
-}
-elseif (isset($_POST['year']) && is_numeric($_POST['year'])) {
-    $year = $_POST['year'];
-}
-if (isset($_GET['month']) && is_numeric($_GET['month'])) {
-    $month = $_GET['month'];
-}
-elseif (isset($_POST['month']) && is_numeric($_POST['month'])) {
-    $month = $_POST['month'];
-}
-if (isset($_GET['day']) && is_numeric($_GET['day'])) {
-    $day = $_GET['day'];
-}
-elseif (isset($_POST['day']) && is_numeric($_POST['day'])) {
-    $day = $_POST['day'];
-}
-
-if (isset($_POST['hour']) && is_numeric($_POST['hour'])) {
-    $hour = $_POST['hour'];
-}
-elseif (isset($_GET['hour']) && is_numeric($_GET['hour'])) {
-    $hour = $_GET['hour'];
+/* get globals */
+if (! sqGetGlobalVar('year',$year,SQ_FORM) || ! is_numeric($year)) {
+    unset($year);
 }
-if (isset($_POST['event_hour']) && is_numeric($_POST['event_hour'])) {
-    $event_hour = $_POST['event_hour'];
+if (! sqGetGlobalVar('month',$month,SQ_FORM) || ! is_numeric($month)) {
+    unset($month);
 }
-if (isset($_POST['event_minute']) && is_numeric($_POST['event_minute'])) {
-    $event_minute = $_POST['event_minute'];
+if (! sqGetGlobalVar('day',$day,SQ_FORM) || ! is_numeric($day)) {
+    unset($day);
 }
-if (isset($_POST['event_length']) && is_numeric($_POST['event_length'])) {
-    $event_length = $_POST['event_length'];
+if (! sqGetGlobalVar('hour',$hour,SQ_FORM) || ! is_numeric($hour)) {
+    unset($hour);
 }
-if (isset($_POST['event_priority']) && is_numeric($_POST['event_priority'])) {
-    $event_priority = $_POST['event_priority'];
+if (! sqGetGlobalVar('event_hour',$event_hour,SQ_POST) || ! is_numeric($event_hour)) {
+    unset($event_hour);
 }
-if (isset($_POST['event_title'])) {
-    $event_title = $_POST['event_title'];
+if (! sqGetGlobalVar('event_minute',$event_minute,SQ_POST) || ! is_numeric($event_minute)) {
+    unset($event_minute);
 }
-if (isset($_POST['event_text'])) {
-    $event_text = $_POST['event_text'];
+if (! sqGetGlobalVar('event_length',$event_length,SQ_POST) || ! is_numeric($event_length)) {
+    unset($event_length);
 }
-if (isset($_POST['send'])) {
-    $send = $_POST['send'];
+if (! sqGetGlobalVar('event_priority',$event_priority,SQ_POST) || ! is_numeric($event_priority)) {
+    unset($event_priority);
 }
+
+sqGetGlobalVar('event_title',$event_title,SQ_POST);
+sqGetGlobalVar('event_text',$event_text,SQ_POST);
+sqGetGlobalVar('send',$send,SQ_POST);
+
 /* got 'em */
 
 //main form to gather event info
@@ -178,15 +138,11 @@ if(!isset($event_text)){
     show_event_form();
 } else {
     readcalendardata();
-    //make sure that event text is fittting in one line
-    $event_text=nl2br($event_text);
-    $event_text=ereg_replace ("\n", "", $event_text);
-    $event_text=ereg_replace ("\r", "", $event_text);
     $calendardata["$month$day$year"]["$event_hour$event_minute"] =
-    array( 'length' => $event_length,
+    array( 'length'   => $event_length,
            'priority' => $event_priority,
-           'title' => $event_title,
-           'message' => $event_text,
+           'title'    => $event_title,
+           'message'  => $event_text,
            'reminder' => '' );
     //save
     writecalendardata();
@@ -208,7 +164,7 @@ if(!isset($event_text)){
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" .
-                    html_tag( 'td', htmlspecialchars($event_text,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
+                    html_tag( 'td', nl2br(htmlspecialchars($event_text,ENT_NOQUOTES)), 'left', $color[4] ) . "\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td',

plugins/calendar/event_delete.php

@@ -1,92 +1,61 @@
 <?php
 
 /**
- * event_delete.php
- *
- * Originally contrubuted by Michal Szczotka <michal@tuxy.org>
- *
  * Functions to delete a event.
  *
- * @copyright &copy; 2002-2005 The SquirrelMail Project Team
+ * @copyright &copy; 2002-2006 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
  * @subpackage calendar
  */
 
-/**
- * @ignore
- */
+/** @ignore */
 define('SM_PATH','../../');
 
-/* Calender plugin required files. */
-require_once(SM_PATH . 'plugins/calendar/calendar_data.php');
-require_once(SM_PATH . 'plugins/calendar/functions.php');
-
 /* SquirrelMail required files. */
-require_once(SM_PATH . 'include/validate.php');
-require_once(SM_PATH . 'functions/strings.php');
-require_once(SM_PATH . 'functions/date.php');
-require_once(SM_PATH . 'config/config.php');
-require_once(SM_PATH . 'functions/page_header.php');
-require_once(SM_PATH . 'include/load_prefs.php');
-require_once(SM_PATH . 'functions/html.php');
+include_once(SM_PATH . 'include/validate.php');
+/* date_intl() */
+include_once(SM_PATH . 'functions/date.php');
+
+/* Calendar plugin required files. */
+include_once(SM_PATH . 'plugins/calendar/calendar_data.php');
+include_once(SM_PATH . 'plugins/calendar/functions.php');
+
 /* get globals */
-if (isset($_GET['month']) && is_numeric($_GET['month'])) {
-    $month = $_GET['month'];
-}
-elseif (isset($_POST['month']) && is_numeric($_GET['month'])) {
-    $month = $_POST['month'];
-}
-if (isset($_GET['year']) && is_numeric($_GET['year'])) {
-    $year = $_GET['year'];
-}
-elseif (isset($_POST['year']) && is_numeric($_POST['year'])) {
-    $year = $_POST['year'];
+if (! sqGetGlobalVar('month',$month,SQ_FORM) || ! is_numeric($month)) {
+    unset($month);
 }
-if (isset($_GET['day']) && is_numeric($_GET['day'])) {
-    $day = $_GET['day'];
+if (! sqGetGlobalVar('year',$year,SQ_FORM) || ! is_numeric($year)) {
+    unset($year);
 }
-elseif (isset($_POST['day']) && is_numeric($_POST['day'])) {
-    $day = $_POST['day'];
+if (! sqGetGlobalVar('day',$day,SQ_FORM) || ! is_numeric($day)) {
+    unset($day);
 }
-if (isset($_GET['dyear']) && is_numeric($_GET['dyear'])) {
-    $dyear = $_GET['dyear'];
+if (! sqGetGlobalVar('dyear',$dyear,SQ_FORM) || ! is_numeric($dyear)) {
+    unset($dyear);
 }
-elseif (isset($_POST['dyear']) && is_numeric($_POST['dyear'])) {
-    $dyear = $_POST['dyear'];
+if (! sqGetGlobalVar('dmonth',$dmonth,SQ_FORM) || ! is_numeric($dmonth)) {
+    unset($dmonth);
 }
-if (isset($_GET['dmonth']) && is_numeric($_GET['dmonth'])) {
-    $dmonth = $_GET['dmonth'];
+if (! sqGetGlobalVar('dday',$dday,SQ_FORM) || ! is_numeric($dday)) {
+    unset($dday);
 }
-elseif (isset($_POST['dmonth']) && is_numeric($_POST['dmonth'])) {
-    $dmonth = $_POST['dmonth'];
+if (! sqGetGlobalVar('dhour',$dhour,SQ_FORM) || ! is_numeric($dhour)) {
+    unset($dhour);
 }
-if (isset($_GET['dday']) && is_numeric($_GET['dday'])) {
-    $dday = $_GET['dday'];
-}
-elseif (isset($_POST['dday']) && is_numeric($_POST['dday'])) {
-    $dday = $_POST['dday'];
-}
-if (isset($_GET['dhour']) && is_numeric($_GET['dhour'])) {
-    $dhour = $_GET['dhour'];
-}
-elseif (isset($_POST['dhour']) && is_numeric($_POST['dhour'])) {
-    $dhour = $_POST['dhour'];
-}
-if (isset($_GET['dminute']) && is_numeric($_GET['dminute'])) {
-    $dminute = $_GET['dminute'];
-}
-elseif (isset($_POST['dminute']) && is_numeric($_POST['dminute'])) {
-    $dminute = $_POST['dminute'];
-}
-if (isset($_POST['confirmed'])) {
-    $confirmed = $_POST['confirmed'];
+if (! sqGetGlobalVar('dminute',$dminute,SQ_FORM) || ! is_numeric($dminute)) {
+    unset($dminute);
 }
+sqGetGlobalVar('confirmed',$confirmed,SQ_POST);
+
 /* got 'em */
 
-function confirm_deletion()
-{
+/**
+ * Displays confirmation form when event is deleted
+ * @return void
+ */
+function confirm_deletion() {
     global $calself, $dyear, $dmonth, $dday, $dhour, $dminute, $calendardata, $color, $year, $month, $day;
 
     $tmparray = $calendardata["$dmonth$dday$dyear"]["$dhour$dminute"];
@@ -105,11 +74,11 @@ function confirm_deletion()
                ) .
                html_tag( 'tr',
                    html_tag( 'td', _("Title:"), 'right', $color[4] ) .
-                   html_tag( 'td', $tmparray['title'], 'left', $color[4] )
+                   html_tag( 'td', htmlspecialchars($tmparray['title']), 'left', $color[4] )
                ) .
                html_tag( 'tr',
                    html_tag( 'td', _("Message:"), 'right', $color[4] ) .
-                   html_tag( 'td', $tmparray['message'], 'left', $color[4] )
+                   html_tag( 'td', nl2br(htmlspecialchars($tmparray['message'])), 'left', $color[4] )
                ) .
                html_tag( 'tr',
                    html_tag( 'td',

plugins/calendar/event_edit.php

@@ -1,13 +1,9 @@
 <?php
 
 /**
- * event_edit.php
- *
- * Originally contrubuted by Michal Szczotka <michal@tuxy.org>
- *
  * Functions to edit an event.
  *
- * @copyright &copy; 2002-2005 The SquirrelMail Project Team
+ * @copyright &copy; 2002-2006 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
@@ -17,114 +13,84 @@
 /** @ignore */
 define('SM_PATH','../../');
 
-/* Calender plugin required files. */
-require_once(SM_PATH . 'plugins/calendar/calendar_data.php');
-require_once(SM_PATH . 'plugins/calendar/functions.php');
-
 /* SquirrelMail required files. */
-require_once(SM_PATH . 'include/validate.php');
-require_once(SM_PATH . 'functions/strings.php');
-require_once(SM_PATH . 'functions/date.php');
-require_once(SM_PATH . 'config/config.php');
-require_once(SM_PATH . 'functions/page_header.php');
-require_once(SM_PATH . 'include/load_prefs.php');
-require_once(SM_PATH . 'functions/html.php');
+include_once(SM_PATH . 'include/validate.php');
+/* date_intl() */
+include_once(SM_PATH . 'functions/date.php');
+/* form functions */
+include_once(SM_PATH . 'functions/forms.php');
 
+/* Calendar plugin required files. */
+include_once(SM_PATH . 'plugins/calendar/calendar_data.php');
+include_once(SM_PATH . 'plugins/calendar/functions.php');
 
 /* get globals */
 
-// undo rg = on effects
-if (isset($month)) unset($month);
-if (isset($year))  unset($year);
-if (isset($day))  unset($day);
-if (isset($hour))  unset($hour);
-if (isset($minute))  unset($minute);
-if (isset($event_year))  unset($event_year);
-if (isset($event_month))  unset($event_month);
-if (isset($event_day))  unset($event_day);
-if (isset($event_hour))  unset($event_hour);
-if (isset($event_minute))  unset($event_minute);
-if (isset($event_length))  unset($event_length);
-if (isset($event_priority))  unset($event_priority);
-
-if (isset($_POST['updated'])) {
-    $updated = $_POST['updated'];
-}
+sqGetGlobalVar('updated',$updated,SQ_POST);
 
-if (isset($_POST['event_year']) && is_numeric($_POST['event_year'])) {
-    $event_year = $_POST['event_year'];
-}
-if (isset($_POST['event_month']) && is_numeric($_POST['event_month'])) {
-    $event_month = $_POST['event_month'];
-}
-if (isset($_POST['event_day']) && is_numeric($_POST['event_day'])) {
-    $event_day = $_POST['event_day'];
-}
-if (isset($_POST['event_hour']) && is_numeric($_POST['event_hour'])) {
-    $event_hour = $_POST['event_hour'];
-}
-if (isset($_POST['event_minute']) && is_numeric($_POST['event_minute'])) {
-    $event_minute = $_POST['event_minute'];
-}
-if (isset($_POST['event_length']) && is_numeric($_POST['event_length'])) {
-    $event_length = $_POST['event_length'];
+/* get date values and make sure that they are numeric */
+if (! sqGetGlobalVar('event_year',$event_year,SQ_POST) || ! is_numeric($event_year)) {
+    unset($event_year);
 }
-if (isset($_POST['event_title'])) {
-    $event_title = $_POST['event_title'];
+if (! sqGetGlobalVar('event_month',$event_month,SQ_POST) || ! is_numeric($event_month)) {
+    unset($event_month);
 }
-if (isset($_POST['event_text'])) {
-    $event_text = $_POST['event_text'];
+if (! sqGetGlobalVar('event_day',$event_day,SQ_POST) || ! is_numeric($event_day)) {
+    unset($event_day);
 }
-if (isset($_POST['send'])) {
-    $send = $_POST['send'];
+if (! sqGetGlobalVar('event_hour',$event_hour,SQ_POST) || ! is_numeric($event_hour)) {
+    unset($event_hour);
 }
-if (isset($_POST['event_priority']) && is_numeric($_POST['event_priority'])) {
-    $event_priority = $_POST['event_priority'];
+if (! sqGetGlobalVar('event_minute',$event_minute,SQ_POST) || ! is_numeric($event_minute)) {
+    unset($event_minute);
 }
-if (isset($_POST['confirmed'])) {
-    $confirmed = $_POST['confirmed'];
+if (! sqGetGlobalVar('event_length',$event_length,SQ_POST) || ! is_numeric($event_length)) {
+    unset($event_length);
 }
+sqGetGlobalVar('event_title',$event_title,SQ_POST);
+sqGetGlobalVar('event_text',$event_text,SQ_POST);
+sqGetGlobalVar('send',$send,SQ_POST);
 
-if (isset($_POST['year']) && is_numeric($_POST['year'])) {
-    $year = $_POST['year'];
-} elseif (isset($_GET['year']) && is_numeric($_GET['year'])) {
-    $year = $_GET['year'];
+if (! sqGetGlobalVar('event_priority',$event_priority,SQ_POST) || ! is_numeric($event_priority)) {
+    unset($event_priority);
 }
-if (isset($_POST['month']) && is_numeric($_POST['month'])) {
-    $month = $_POST['month'];
-} elseif (isset($_GET['month']) && is_numeric($_GET['month'])) {
-    $month = $_GET['month'];
+
+sqGetGlobalVar('confirmed',$confirmed,SQ_POST);
+
+if (! sqGetGlobalVar('year',$year,SQ_FORM) || ! is_numeric($year)) {
+    unset($year);
 }
-if (isset($_POST['day']) && is_numeric($_POST['day'])) {
-    $day = $_POST['day'];
-} elseif (isset($_GET['day']) && is_numeric($_GET['day'])) {
-    $day = $_GET['day'];
+if (! sqGetGlobalVar('month',$month,SQ_FORM) || ! is_numeric($month)) {
+    unset($month);
 }
-if (isset($_POST['hour']) && is_numeric($_POST['hour'])) {
-    $hour = $_POST['hour'];
-} elseif (isset($_GET['hour']) && is_numeric($_GET['hour'])) {
-    $hour = $_GET['hour'];
+if (! sqGetGlobalVar('day',$day,SQ_FORM) || ! is_numeric($day)) {
+    unset($day);
 }
-if (isset($_POST['minute']) && is_numeric($_POST['minute'])) {
-    $minute = $_POST['minute'];
+if (! sqGetGlobalVar('hour',$hour,SQ_FORM) || ! is_numeric($hour)) {
+    unset($hour);
 }
-elseif (isset($_GET['minute']) && is_numeric($_GET['minute'])) {
-    $minute = $_GET['minute'];
+if (! sqGetGlobalVar('minute',$minute,SQ_FORM) || ! is_numeric($minute)) {
+    unset($minute);
 }
 /* got 'em */
 
-// update event info
+/**
+ * update event info
+ * @return void
+ * @access private
+ */
 function update_event_form() {
     global $color, $editor_size, $year, $day, $month, $hour, $minute, $calendardata;
 
     $tmparray = $calendardata["$month$day$year"]["$hour$minute"];
+    $tab = '    ';
     echo "\n<form name=\"eventupdate\" action=\"event_edit.php\" method=\"post\">\n".
-         "      <input type=\"hidden\" name=\"year\" value=\"$year\" />\n".
-         "      <input type=\"hidden\" name=\"month\" value=\"$month\" />\n".
-         "      <input type=\"hidden\" name=\"day\" value=\"$day\" />\n".
-         "      <input type=\"hidden\" name=\"hour\" value=\"$hour\" />\n".
-         "      <input type=\"hidden\" name=\"minute\" value=\"$minute\" />\n".
-         "      <input type=\"hidden\" name=\"updated\" value=\"yes\" />\n".
+         $tab . addHidden('year',$year).
+         $tab . addHidden('month',$month).
+         $tab . addHidden('day',$day).
+         $tab . addHidden('hour',$hour).
+         $tab . addHidden('minute',$minute).
+         $tab . addHidden('updated','yes').
          html_tag( 'tr' ) .
          html_tag( 'td', _("Date:"), 'right', $color[4] ) . "\n" .
          html_tag( 'td', '', 'left', $color[4] ) .
@@ -167,25 +133,28 @@ function update_event_form() {
          "      </td></tr>\n".
          html_tag( 'tr' ) .
          html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" .
-         html_tag( 'td', '', 'left', $color[4] ) .
-         "      <input type=\"text\" name=\"event_title\" value=\"$tmparray[title]\" size=\"30\" maxlenght=\"50\" /><br />\n".
-         "      </td></tr>\n".
-         html_tag( 'td',
-             "      <textarea name=\"event_text\" rows=\"5\" cols=\"$editor_size\" wrap=\"hard\">$tmparray[message]</textarea>\n" ,
-         'left', $color[4], 'colspan="2"' ) .
+         html_tag( 'td', addInput('event_title',$tmparray['title'],30,50), 'left', $color[4]) .
+             "\n</tr>\n".
+         html_tag( 'tr' ) .
+         html_tag( 'td', addTextArea('event_text',$tmparray['message'],$editor_size,5),
+                   'left', $color[4], 'colspan="2"' ) .
          '</tr>' . html_tag( 'tr' ) .
-         html_tag( 'td',
-             '<input type="submit" name="send" value="' .
-             _("Update Event") . "\" />\n" ,
-         'left', $color[4], 'colspan="2"' ) .
+         html_tag( 'td', addSubmit(_("Update Event"),'send'), 'left', $color[4], 'colspan="2"' ) .
          "</tr></form>\n";
 }
 
-// self explenatory
+/**
+ * Confirms event update
+ * @return void
+ * @access private
+ */
 function confirm_update() {
-    global $calself, $year, $month, $day, $hour, $minute, $calendardata, $color, $event_year, $event_month, $event_day, $event_hour, $event_minute, $event_length, $event_priority, $event_title, $event_text;
+    global $calself, $year, $month, $day, $hour, $minute, $calendardata,
+        $color, $event_year, $event_month, $event_day, $event_hour, 
+        $event_minute, $event_length, $event_priority, $event_title, $event_text;
 
     $tmparray = $calendardata["$month$day$year"]["$hour$minute"];
+    $tab = '    ';
 
     echo html_tag( 'table',
                 html_tag( 'tr',
@@ -205,11 +174,11 @@ function confirm_update() {
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" .
-                    html_tag( 'td', $tmparray['title'] , 'left', $color[4] ) ."\n"
+                    html_tag( 'td', htmlspecialchars($tmparray['title']) , 'left', $color[4] ) ."\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" .
-                    html_tag( 'td', $tmparray['message'] , 'left', $color[4] ) ."\n"
+                    html_tag( 'td', nl2br(htmlspecialchars($tmparray['message'])) , 'left', $color[4] ) ."\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'th', _("to:") . "<br />\n", '', $color[4], 'colspan="2"' ) ."\n"
@@ -229,41 +198,41 @@ function confirm_update() {
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" .
-                    html_tag( 'td', $event_title , 'left', $color[4] ) ."\n"
+                    html_tag( 'td', htmlspecialchars($event_title) , 'left', $color[4] ) ."\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" .
-                    html_tag( 'td', $event_text , 'left', $color[4] ) ."\n"
+                    html_tag( 'td', nl2br(htmlspecialchars($event_text)) , 'left', $color[4] ) ."\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td',
-                        "    <form name=\"updateevent\" method=\"post\" action=\"$calself\">\n".
-                        "       <input type=\"hidden\" name=\"year\" value=\"$year\" />\n".
-                        "       <input type=\"hidden\" name=\"month\" value=\"$month\" />\n".
-                        "       <input type=\"hidden\" name=\"day\" value=\"$day\" />\n".
-                        "       <input type=\"hidden\" name=\"hour\" value=\"$hour\" />\n".
-                        "       <input type=\"hidden\" name=\"minute\" value=\"$minute\" />\n".
-                        "       <input type=\"hidden\" name=\"event_year\" value=\"$event_year\" />\n".
-                        "       <input type=\"hidden\" name=\"event_month\" value=\"$event_month\" />\n".
-                        "       <input type=\"hidden\" name=\"event_day\" value=\"$event_day\" />\n".
-                        "       <input type=\"hidden\" name=\"event_hour\" value=\"$event_hour\" />\n".
-                        "       <input type=\"hidden\" name=\"event_minute\" value=\"$event_minute\" />\n".
-                        "       <input type=\"hidden\" name=\"event_priority\" value=\"$event_priority\" />\n".
-                        "       <input type=\"hidden\" name=\"event_length\" value=\"$event_length\" />\n".
-                        "       <input type=\"hidden\" name=\"event_title\" value=\"$event_title\" />\n".
-                        "       <input type=\"hidden\" name=\"event_text\" value=\"$event_text\" />\n".
-                        "       <input type=\"hidden\" name=\"updated\" value=\"yes\" />\n".
-                        "       <input type=\"hidden\" name=\"confirmed\" value=\"yes\" />\n".
-                        '       <input type="submit" value="' . _("Yes") . "\" />\n".
-                        "    </form>\n" ,
+                        "<form name=\"updateevent\" method=\"post\" action=\"$calself\">\n".
+                        $tab . addHidden('year',$year).
+                        $tab . addHidden('month',$month).
+                        $tab . addHidden('day',$day).
+                        $tab . addHidden('hour',$hour).
+                        $tab . addHidden('minute',$minute).
+                        $tab . addHidden('event_year',$event_year).
+                        $tab . addHidden('event_month',$event_month).
+                        $tab . addHidden('event_day',$event_day).
+                        $tab . addHidden('event_hour',$event_hour).
+                        $tab . addHidden('event_minute',$event_minute).
+                        $tab . addHidden('event_priority',$event_priority).
+                        $tab . addHidden('event_length',$event_length).
+                        $tab . addHidden('event_title',$event_title).
+                        $tab . addHidden('event_text',$event_text).
+                        $tab . addHidden('updated','yes').
+                        $tab . addHidden('confirmed','yes').
+                        $tab . addSubmit(_("Yes")).
+                        "</form>\n" ,
                     'right', $color[4] ) ."\n" .
                     html_tag( 'td',
-                        "    <form name=\"nodelevent\" method=\"post\" action=\"day.php\">\n".
-                        "       <input type=\"hidden\" name=\"year\" value=\"$year\" />\n".
-                        "       <input type=\"hidden\" name=\"month\" value=\"$month\" />\n".
-                        "       <input type=\"hidden\" name=\"day\" value=\"$day\" />\n".
-                        '       <input type="submit" value="' . _("No") . "\" />\n".
-                        "    </form>\n" ,
+                        "<form name=\"nodelevent\" method=\"post\" action=\"day.php\">\n".
+                        $tab . addHidden('year',$year).
+                        $tab . addHidden('month',$month).
+                        $tab . addHidden('day',$day).
+                        $tab . addSubmit(_("No")).
+                        "</form>\n" ,
                     'left', $color[4] ) ."\n"
                 ) ,
             '', $color[0], 'border="0" cellpadding="2" cellspacing="1"' );
@@ -303,10 +272,6 @@ if (!isset($updated)){
     if (!isset($confirmed)){
         //confirm changes
         readcalendardata();
-        // strip event text so it fits in one line
-        $event_text=nl2br($event_text);
-        $event_text=ereg_replace ("\n", '', $event_text);
-        $event_text=ereg_replace ("\r", '', $event_text);
         confirm_update();
     } else {
         update_event("$month$day$year", "$hour$minute");
@@ -323,14 +288,20 @@ if (!isset($updated)){
         $fixdate = date( 'mdY', mktime(0, 0, 0, $event_month, $event_day, $event_year));
         //if event has been moved to different year then act accordingly
         if ($year==$event_year){
-            $calendardata["$fixdate"]["$event_hour$event_minute"] = array("length"=>"$event_length","priority"=>"$event_priority","title"=>"$event_title","message"=>"$event_text");
+            $calendardata["$fixdate"]["$event_hour$event_minute"] = array('length'   => $event_length,
+                                                                          'priority' => $event_priority,
+                                                                          'title'    => $event_title,
+                                                                          'message'  => $event_text);
             writecalendardata();
         } else {
             writecalendardata();
             $year=$event_year;
             $calendardata = array();
             readcalendardata();
-            $calendardata["$fixdate"]["$event_hour$event_minute"] = array("length"=>"$event_length","priority"=>"$event_priority","title"=>"$event_title","message"=>"$event_text");
+            $calendardata["$fixdate"]["$event_hour$event_minute"] = array('length'   => $event_length,
+                                                                          'priority' => $event_priority,
+                                                                          'title'    => $event_title,
+                                                                          'message'  => $event_text);
             writecalendardata();
         }
     }

plugins/calendar/functions.php

@@ -1,13 +1,9 @@
 <?php
 
 /**
- * functions.php
+ * Other calendar plugin functions.
  *
- * Originally contrubuted by Michal Szczotka <michal@tuxy.org>
- *
- * miscelenous functions.
- *
- * @copyright &copy; 2002-2005 The SquirrelMail Project Team
+ * @copyright &copy; 2002-2006 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
@@ -15,10 +11,10 @@
  */
 
 /**
+ * Adds second layer of calendar links to upper menu
  * @return void
  */
 function calendar_header() {
-    //Add Second layer ofCalendar links to upper menu
     global $color,$year,$day,$month;
 
     echo html_tag( 'table', '', '', $color[0], 'border="0" width="100%" cellspacing="0" cellpadding="2"' ) .
@@ -35,8 +31,14 @@ function calendar_header() {
 
 }
 
+/**
+ * Generates html option tags with length values
+ * 
+ * Hardcoded values from 0 minutes to 6 hours
+ * @param integer $selected selected option length
+ * @return void
+ */
 function select_option_length($selected) {
-
     $eventlength = array(
         '0' => _("0 min."),
         '15' => _("15 min."),
@@ -54,39 +56,52 @@ function select_option_length($selected) {
     );
 
     while( $bar = each($eventlength)) {
-        if($selected==$bar['key']){
-                echo '        <option value="'.$bar['key'].'" selected="selected">'.$bar['value']."</option>\n";
+        if($bar['key']==$selected){
+            echo '        <option value="'.$bar['key'].'" selected="selected">'.$bar['value']."</option>\n";
         } else {
-                echo '        <option value="'.$bar['key'].'">'.$bar['value']."</option>\n";
+            echo '        <option value="'.$bar['key'].'">'.$bar['value']."</option>\n";
         }
     }
 }
 
+/**
+ * Generates html option tags with minute values
+ *
+ * Hardcoded values in 5 minute intervals
+ * @param integer $selected selected value
+ * @return void
+ */
 function select_option_minute($selected) {
     $eventminute = array(
-    '00'=>'00',
-    '05'=>'05',
-    '10'=>'10',
-    '15'=>'15',
-    '20'=>'20',
-    '25'=>'25',
-    '30'=>'30',
-    '35'=>'35',
-    '40'=>'40',
-    '45'=>'45',
-    '50'=>'50',
-    '55'=>'55'
+        '00'=>'00',
+        '05'=>'05',
+        '10'=>'10',
+        '15'=>'15',
+        '20'=>'20',
+        '25'=>'25',
+        '30'=>'30',
+        '35'=>'35',
+        '40'=>'40',
+        '45'=>'45',
+        '50'=>'50',
+        '55'=>'55'
     );
 
     while ( $bar = each($eventminute)) {
-        if ($selected==$bar['key']){
-                echo '        <option value="'.$bar['key'].'" selected="selected">'.$bar['value']."</option>\n";
+        if ($bar['key']==$selected){
+            echo '        <option value="'.$bar['key'].'" selected="selected">'.$bar['value']."</option>\n";
         } else {
-                echo '        <option value="'.$bar['key'].'">'.$bar['value']."</option>\n";
+            echo '        <option value="'.$bar['key'].'">'.$bar['value']."</option>\n";
         }
     }
 }
 
+/**
+ * Generates html option tags with hour values
+ * @param integer $selected selected value
+ * @return void
+ * @todo 12/24 hour format
+ */
 function select_option_hour($selected) {
 
     for ($i=0;$i<24;$i++){
@@ -99,6 +114,11 @@ function select_option_hour($selected) {
     }
 }
 
+/**
+ * Generates html option tags with priority values
+ * @param integer $selected selected value
+ * @return void
+ */
 function select_option_priority($selected) {
     $eventpriority = array(
         '0' => _("Normal"),
@@ -106,14 +126,21 @@ function select_option_priority($selected) {
     );
 
     while( $bar = each($eventpriority)) {
-        if($selected==$bar['key']){
-                echo '        <option value="'.$bar['key'].'" selected="selected">'.$bar['value']."</option>\n";
+        if($bar['key']==$selected){
+            echo '        <option value="'.$bar['key'].'" selected="selected">'.$bar['value']."</option>\n";
         } else {
-                echo '        <option value="'.$bar['key'].'">'.$bar['value']."</option>\n";
+            echo '        <option value="'.$bar['key'].'">'.$bar['value']."</option>\n";
         }
     }
 }
 
+/**
+ * Generates html option tags with year values
+ * 
+ * Hardcoded values from 1902 to 2037
+ * @param integer $selected selected value
+ * @return void
+ */
 function select_option_year($selected) {
 
     for ($i=1902;$i<2038;$i++){
@@ -125,6 +152,11 @@ function select_option_year($selected) {
     }
 }
 
+/**
+ * Generates html option tags with month values
+ * @param integer $selected selected value
+ * @return void
+ */
 function select_option_month($selected) {
 
     for ($i=1;$i<13;$i++){
@@ -138,6 +170,13 @@ function select_option_month($selected) {
     }
 }
 
+/**
+ * Generates html option tags with day of month values
+ * 
+ * Hardcoded values from 1 to 31
+ * @param integer $selected selected value
+ * @return void
+ */
 function select_option_day($selected) {
 
     for ($i=1;$i<32;$i++){

plugins/calendar/index.php

@@ -7,7 +7,7 @@
  * people to the login screen. At this point no attempt is made to see if the
  * person is logged in or not.
  *
- * @copyright © 1999-2005 The SquirrelMail Project Team
+ * @copyright © 1999-2006 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins

plugins/calendar/setup.php

@@ -1,13 +1,9 @@
 <?php
 
 /**
- * setup.php
+ * Calendar plugin activation script
  *
- * Originally contrubuted by Michal Szczotka <michal@tuxy.org>
- *
- * Init plugin into SquirrelMail
- *
- * @copyright &copy; 2002-2005 The SquirrelMail Project Team
+ * @copyright &copy; 2002-2006 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
@@ -23,8 +19,11 @@ function squirrelmail_plugin_init_calendar() {
     $squirrelmail_plugin_hooks['menuline']['calendar'] = 'calendar';
 }
 
+/**
+ * Adds Calendar link to upper menu
+ * @return void
+ */
 function calendar() {
-    /* Add Calendar link to upper menu */
     displayInternalLink('plugins/calendar/calendar.php',_("Calendar"),'right');
     echo "&nbsp;&nbsp;\n";
 }