From 01eb2d2d398cd04803453012ddf34214ef5fd153 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 24 Apr 2023 11:33:27 +0200
Subject: [news] Fix: Global news could not be saved

---
 modules-available/news/page.inc.php | 62 ++++++++++++++++++-------------------
 1 file changed, 31 insertions(+), 31 deletions(-)

(limited to 'modules-available/news/page.inc.php')

diff --git a/modules-available/news/page.inc.php b/modules-available/news/page.inc.php
index 3b58e9a2..852aaae5 100644
--- a/modules-available/news/page.inc.php
+++ b/modules-available/news/page.inc.php
@@ -244,49 +244,49 @@ class Page_News extends Page
 	{
 		// check if news content were set by the user
 		$newsTitle = Request::post('news-title', '', 'string');
-		$newsContent = Request::post('news-content', false, 'string');
+		$newsContent = Request::post('news-content', Request::REQUIRED, 'string');
+		$test = trim(html_entity_decode(strip_tags($newsContent), ENT_QUOTES, 'UTF-8'));
+		if (empty($test)) {
+			Message::addError('main.empty-field');
+			return false;
+		}
 		$infinite = (Request::post('infinite', '', 'string') !== '');
 		if ($infinite) {
-			$expires = strtotime('+10 years 0:00');
+			$expires = strtotime('+20 years 0:00');
 		} else {
 			$expires = strtotime(Request::post('enddate', 'today', 'string') . ' '
-					. Request::post('endtime', '23:59', 'string'));
+				. Request::post('endtime', '23:59', 'string'));
 		}
 		$str = $this->locationId === 0 ? 'IS NULL' : ' = ' . $this->locationId;
-		if (!empty($newsContent)) {
-			// we got title and content, save it to DB
-			// dup check first
-			$row = Database::queryFirst("SELECT newsid FROM vmchooser_pages
-					WHERE content = :content AND type = :type AND locationid $str LIMIT 1", [
-				'content' => $newsContent,
-				'type' => $pageType,
-			]);
-			if ($row !== false) {
-				Database::exec('UPDATE vmchooser_pages SET dateline = :dateline, expires = :expires, title = :title
-						WHERE newsid = :newsid LIMIT 1', [
-					'newsid' => $row['newsid'],
-					'dateline' => time(),
-					'expires' => $expires,
-					'title' => $newsTitle,
-				]);
-				return true;
-			}
-			// new one
-			Database::exec("INSERT INTO vmchooser_pages (dateline, expires, locationid, title, content, type)
-					VALUES (:dateline, :expires, :locationid, :title, :content, :type)", array(
+		// we got title and content, save it to DB
+		// dup check first
+		$row = Database::queryFirst("SELECT newsid FROM vmchooser_pages
+				WHERE content = :content AND type = :type AND locationid $str LIMIT 1", [
+			'content' => $newsContent,
+			'type' => $pageType,
+		]);
+		if ($row !== false) {
+			Database::exec('UPDATE vmchooser_pages SET dateline = :dateline, expires = :expires, title = :title
+					 WHERE newsid = :newsid LIMIT 1', [
+				'newsid' => $row['newsid'],
 				'dateline' => time(),
 				'expires' => $expires,
-				'locationid' => $this->locationId,
 				'title' => $newsTitle,
-				'content' => $newsContent,
-				'type' => $pageType,
-			));
-
+			]);
 			return true;
 		}
+		// new one
+		Database::exec("INSERT INTO vmchooser_pages (dateline, expires, locationid, title, content, type)
+				VALUES (:dateline, :expires, :locationid, :title, :content, :type)", array(
+			'dateline' => time(),
+			'expires' => $expires,
+			'locationid' => $this->locationId === 0 ? null : $this->locationId,
+			'title' => $newsTitle,
+			'content' => $newsContent,
+			'type' => $pageType,
+		));
 
-		Message::addError('main.empty-field');
-		return false;
+		return true;
 	}
 
 	/**
-- 
cgit v1.2.3-55-g7522