Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG	(revision 1917)
+++ branches/2.8.x/CHANGELOG	(revision 1918)
@@ -12,6 +12,9 @@
 ===============================================================================
 
 
+07 Jun-2013 Build 1918 Dietmar Woellbrink (Luisehahne)
+! /modules/news/ beginning beginning recoding
+  replacing absolute MediaUrl with place holder
 07 Jun-2013 Build 1917 Dietmar Woellbrink (Luisehahne)
 ! /modules/show_menu2/  set to version 4.9.7
   DEBUG == true show query counts
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php	(revision 1917)
+++ branches/2.8.x/wb/admin/interface/version.php	(revision 1918)
@@ -51,5 +51,5 @@
 
 // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
 if(!defined('VERSION')) define('VERSION', '2.8.3');
-if(!defined('REVISION')) define('REVISION', '1917');
+if(!defined('REVISION')) define('REVISION', '1918');
 if(!defined('SP')) define('SP', '');
Index: branches/2.8.x/wb/modules/news/add_post.php
===================================================================
--- branches/2.8.x/wb/modules/news/add_post.php	(revision 1917)
+++ branches/2.8.x/wb/modules/news/add_post.php	(revision 1918)
@@ -4,13 +4,13 @@
  * @category        modules
  * @package         news
  * @author          WebsiteBaker Project
- * @copyright       2009-2011, Website Baker Org. e.V.
- * @link			http://www.websitebaker2.org/
+ * @copyright       2009-2013, WebsiteBaker Org. e.V.
+ * @link            http://www.websitebaker.org/
  * @license         http://www.gnu.org/licenses/gpl.html
  * @platform        WebsiteBaker 2.8.x
  * @requirements    PHP 5.2.2 and higher
  * @version         $Id$
- * @filesource		$HeadURL$
+ * @filesource      $HeadURL$
  * @lastmodified    $Date$
  *
  */
@@ -25,24 +25,31 @@
 // Get new order
 $order = new order(TABLE_PREFIX.'mod_news_posts', 'position', 'post_id', 'section_id');
 $position = $order->get_new($section_id);
+$post_id = 0;
 
+try {
 // Get default commenting
-$query_settings = $database->query("SELECT commenting FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'");
-$fetch_settings = $query_settings->fetchRow();
-$commenting = $fetch_settings['commenting'];
-
+	$sql = 'SELECT `commenting` FROM `'.TABLE_PREFIX.'mod_news_settings` '
+	     . 'WHERE `section_id`='.(int)$section_id;
+	$query_settings = $database->query($sql);
+	$fetch_settings = $query_settings->fetchRow(MYSQL_ASSOC);
+	$commenting = $fetch_settings['commenting'];
 // Insert new row into database
-$database->query("INSERT INTO ".TABLE_PREFIX."mod_news_posts (section_id,page_id,position,commenting,active) VALUES ('$section_id','$page_id','$position','$commenting','1')");
-
-// Get the id
-$post_id = $admin->getIDKEY($database->get_one("SELECT LAST_INSERT_ID()"));
-
-// Say that a new record has been added, then redirect to modify page
-if($database->is_error()) {
-	$admin->print_error($database->get_error(), WB_URL.'/modules/news/modify_post.php?page_id='.$page_id.'&section_id='.$section_id.'&post_id='.$post_id);
-} else {
-	$admin->print_success($TEXT['SUCCESS'], WB_URL.'/modules/news/modify_post.php?page_id='.$page_id.'&section_id='.$section_id.'&post_id='.$post_id);
+	$sql = 'INSERT INTO `'.TABLE_PREFIX.'mod_news_posts` '
+	     . 'SET `section_id`='.$section_id.', '
+	     .     '`page_id`='.$page_id.', '
+	     .     '`position`='.$position.', '
+	     .     '`commenting`=\''.$commenting.'\', '
+	     .     '`created_when`='.time().', '
+	     .     '`created_by`='.(int)$admin->get_user_id().', '
+	     .     '`posted_when`='.time().', '
+	     .     '`posted_by`='.(int)$admin->get_user_id().', '
+	     .     '`active`=1';
+	$database->query($sql);
+	$post_id = $admin->getIDKEY($database->LastInsertId);
+} catch(WbDatabaseException $e) {
+	$sSectionIdPrefix = ( defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' )  ? SEC_ANCHOR : 'Sec' );
+	$admin->print_error($database->get_error(), WB_URL.'/modules/news/modify_post.php?page_id='.$page_id.'#'.$sSectionIdPrefix.$section_id );
 }
-
-// Print admin footer
+$admin->print_success($TEXT['SUCCESS'], WB_URL.'/modules/news/modify_post.php?page_id='.$page_id.'&section_id='.$section_id.'&post_id='.$post_id );
 $admin->print_footer();
Index: branches/2.8.x/wb/modules/news/view.php
===================================================================
--- branches/2.8.x/wb/modules/news/view.php	(revision 1917)
+++ branches/2.8.x/wb/modules/news/view.php	(revision 1918)
@@ -23,6 +23,7 @@
 }
 /* -------------------------------------------------------- */
 global $post_id, $post_section,$TEXT,$MESSAGE;
+$sMediaUrl = WB_URL.MEDIA_DIRECTORY;
 
 // load module language file
 $lang = (dirname(__FILE__)) . '/languages/' . LANGUAGE . '.php';
@@ -54,8 +55,7 @@
 $groups[0]['image'] = '';
 
 $query_users = $database->query("SELECT group_id,title,active FROM ".TABLE_PREFIX."mod_news_groups WHERE section_id = '$section_id' ORDER BY position ASC");
-if($query_users->numRows() > 0)
-{
+if($query_users->numRows() > 0){
 
 	while( false != ($group = $query_users->fetchRow()) )
 	{
@@ -73,8 +73,7 @@
 
 // Check if we should show the main page or a post itself
 // if(!defined('POST_ID') OR !is_numeric(POST_ID))
-if(!isset($post_id) || !is_numeric($post_id))
-{
+if(!isset($post_id) || !is_numeric($post_id)){
 
 	// Check if we should only list posts from a certain group
 	if(isset($_GET['g']) AND is_numeric($_GET['g'])) {
@@ -192,7 +191,7 @@
 			</div>
 			<?php
 		}
-		while( false != ($post = $query_posts->fetchRow()) )
+		while( false != ($post = $query_posts->fetchRow(MYSQL_ASSOC)) )
 		{
 			if(isset($groups[$post['group_id']]['active']) AND $groups[$post['group_id']]['active'] != false)
 			{ // Make sure parent group is active
@@ -224,7 +223,6 @@
 					$post_link .= 'g='.$_GET['g'];
 					}
 				}
-
 				// Get group id, title, and image
 				$group_id = $post['group_id'];
 				$group_title = $groups[$group_id]['title'];
@@ -266,12 +264,10 @@
 
 }
 //elseif(defined('POST_ID') AND is_numeric(POST_ID))
-elseif(isset($post_id) && is_numeric($post_id))
-{
+elseif(isset($post_id) && is_numeric($post_id)){
 // print '<h2>'.POST_ID.'/'.PAGE_ID.'/'.POST_SECTION.'</h2>';
 //  if(defined('POST_SECTION') AND POST_SECTION == $section_id)
-	if(isset($post_section) && ($post_section == $section_id))
-	{
+	if(isset($post_section) && ($post_section == $section_id)){
 		// Get settings
 		$setting_post_header = $setting_post_footer = $setting_comments_header
 		                     = $setting_comments_loop = $setting_comments_footer = '';
@@ -301,7 +297,7 @@
 			exit($MESSAGE['PAGES_NOT_FOUND']);
 		}
 
-		// Get post info
+// Get post info
 		$t = time();
 		$query_post = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_posts
 			WHERE post_id = '".$post_id."' AND active = '1'
@@ -332,7 +328,7 @@
 				$post_link_path = str_replace(WB_URL, WB_PATH,$post_link);
 				$create_date = date(DATE_FORMAT, $post['created_when']+TIMEZONE);
 				$create_time = date(TIME_FORMAT, $post['created_when']+TIMEZONE);
-				// Get group id, title, and image
+// Get group id, title, and image
 				$group_id = $post['group_id'];
 				$group_title = $groups[$group_id]['title'];
 				$group_image = $groups[$group_id]['image'];
@@ -372,7 +368,7 @@
 			$values = array(WB_URL.'/modules/news/comment.php?post_id='.$post_id.'&amp;section_id='.$section_id, $MOD_NEWS['TEXT_COMMENTS']);
 			print str_replace($vars, $values, $setting_comments_header);
 
-			// Query for comments
+// Query for comments
 			$query_comments = $database->query("SELECT title,comment,commented_when,commented_by FROM ".TABLE_PREFIX."mod_news_comments WHERE post_id = '".$post_id."' ORDER BY commented_when ASC");
 			if($query_comments->numRows() > 0)
 			{
Index: branches/2.8.x/wb/modules/news/upgrade.php
===================================================================
--- branches/2.8.x/wb/modules/news/upgrade.php	(revision 1917)
+++ branches/2.8.x/wb/modules/news/upgrade.php	(revision 1918)
@@ -20,7 +20,7 @@
  * upgrade.php
  * 
  * @category     Module
- * @package      Module_news
+ * @package      news
  * @subpackage   upgrade
  * @author       Dietmar Wöllbrink <dietmar.woellbrink@websitebaker.org>
  * @author       Werner v.d.Decken <wkl@isteam.de>
@@ -92,7 +92,7 @@
 
 			$sPagesPath = WB_PATH.PAGES_DIRECTORY;
 			$sPostsPath = $sPagesPath.'/posts';
-	// create /posts/ - directory if not exists
+// create /posts/ - directory if not exists
 			if(is_writable($sPagesPath)) {
 				if(!($bRetval = is_dir($sPostsPath))) {
 					$iOldUmask = umask(0) ;
@@ -133,13 +133,13 @@
 				$msg[] = 'TABLE `'.$database->TablePrefix.'mod_news_posts` Datafield `created_by` already exists.'." $OK";
 				$doImportDate = false; 
 			}
- 	// preset new fields `created_by` and `created_by` from existing values
+// preset new fields `created_by` and `created_by` from existing values
 			if($doImportDate) {
 				$sql  = 'UPDATE `'.$database->TablePrefix.'mod_news_posts` ';
 				$sql .= 'SET `created_by`=`posted_by`, `created_when`=`posted_when`';
 				$database->query($sql);
 			}
-
+	if($doImportDate) {
 	/**
 	 * rebuild news post folder
 	 */
@@ -176,8 +176,9 @@
 			if($count > 0) {
 				$msg[] = 'Save date of creation from '.$count.' old accessfiles and delete these files.'." $OK";
 			}
+	}
 // ************************************************
-		// Check the validity of 'create-file-timestamp' and balance against 'posted-timestamp'
+// Check the validity of 'create-file-timestamp' and balance against 'posted-timestamp'
 			$sql  = 'UPDATE `'.$database->TablePrefix.'mod_news_posts` ';
 			$sql .= 'SET `created_when`=`published_when` ';
 			$sql .= 'WHERE `published_when`<`created_when`';
Index: branches/2.8.x/wb/modules/news/add.php
===================================================================
--- branches/2.8.x/wb/modules/news/add.php	(revision 1917)
+++ branches/2.8.x/wb/modules/news/add.php	(revision 1918)
@@ -4,75 +4,101 @@
  * @category        modules
  * @package         news
  * @author          WebsiteBaker Project
- * @copyright       2009-2011, Website Baker Org. e.V.
- * @link			http://www.websitebaker2.org/
+ * @copyright       2009-2013, WebsiteBaker Org. e.V.
+ * @link            http://www.websitebaker.org/
  * @license         http://www.gnu.org/licenses/gpl.html
  * @platform        WebsiteBaker 2.8.x
  * @requirements    PHP 5.2.2 and higher
  * @version         $Id$
- * @filesource		$HeadURL$
+ * @filesource      $HeadURL$
  * @lastmodified    $Date$
  *
  */
 
-// Must include code to stop this file being access directly
-/* -------------------------------------------------------- */
-if(defined('WB_PATH') == false)
-{
-	// Stop this file being access directly
-		die('<head><title>Access denied</title></head><body><h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2></body></html>');
+if(!defined('WB_PATH')) {
+	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
+	throw new IllegalFileException();
 }
-/* -------------------------------------------------------- */
 
-$header = '<table class=\"loop-header\">'."\n";
-$post_loop = '<tr class=\"post-top\">
-<td class=\"post-title\"><a href=\"[LINK]\">[TITLE]</a></td>
-<td class=\"post-date\">[PUBLISHED_DATE], [PUBLISHED_TIME]</td>
-</tr>
-<tr>
-<td class=\"post-short\" colspan=\"2\">
-[SHORT]
-<span style=\"visibility:[SHOW_READ_MORE];\"><a href=\"[LINK]\">[TEXT_READ_MORE]</a></span>
-</td>
-</tr>';
-$footer = '</table>
-<table class="page-header" style="display: [DISPLAY_PREVIOUS_NEXT_LINKS]">
-<tr>
-<td class="page-left">[PREVIOUS_PAGE_LINK]</td>
-<td class="page-center">[OF]</td>
-<td class="page-right">[NEXT_PAGE_LINK]</td>
-</tr>
-</table>';
-$post_header = addslashes('<table cellpadding="0" cellspacing="0" class="post-header">
-<tr>
-<td><h1>[TITLE]</h1></td>
-<td rowspan="3" style="display: [DISPLAY_IMAGE]">[GROUP_IMAGE]</td>
-</tr>
-<tr>
-<td class="public-info"><b>[TEXT_POSTED_BY] [DISPLAY_NAME] ([USERNAME]) [TEXT_ON] [PUBLISHED_DATE]</b></td>
-</tr>
-<tr style="display: [DISPLAY_GROUP]">
-<td class="group-page"><a href="[BACK]">[PAGE_TITLE]</a> &gt;&gt; <a href="[BACK]?g=[GROUP_ID]">[GROUP_TITLE]</a></td>
-</tr>
-</table>');
-$post_footer = '<p>[TEXT_LAST_CHANGED]: [MODI_DATE] [TEXT_AT] [MODI_TIME]</p>
-<a href=\"[BACK]\">[TEXT_BACK]</a>';
-$comments_header = addslashes('<br /><br />
-<h2>[TEXT_COMMENTS]</h2>
-<table class="comment-header">');
-$comments_loop = addslashes('<tr>
-<td class="comment_title">[TITLE]</td>
-<td class="comment_info">[TEXT_BY] [DISPLAY_NAME] [TEXT_ON] [DATE] [TEXT_AT] [TIME]</td>
-</tr>
-<tr>
-<td colspan="2" class="comment-text">[COMMENT]</td>
-</tr>');
-$comments_footer = '</table>
-<br /><a href=\"[ADD_COMMENT_URL]\">[TEXT_ADD_COMMENT]</a>';
-$comments_page = '<h1>[TEXT_COMMENT]</h1>
-<h2>[POST_TITLE]</h2>
-<br />';
+	$header      = '<table class="loop-header"'.PHP_EOL
+	             . '  <tbody>'.PHP_EOL;
+	$post_loop   = '    <tr class="post-top">'.PHP_EOL
+	             . '      <td class="post-title"><a href="[LINK]">[TITLE]</a></td>'.PHP_EOL
+	             . '      <td class=\"post-date\">[CREATED_DATE], [CREATED_TIME]</td>'.PHP_EOL
+	             . '    </tr>'.PHP_EOL
+	             . '    <tr>'.PHP_EOL
+	             . '      <td class="post-short" colspan="2">'.PHP_EOL
+	             . '        <span style="visibility:[SHOW_READ_MORE];">'.PHP_EOL
+	             . '         <a href="[LINK]">[TEXT_READ_MORE]</a>'.PHP_EOL
+	             . '        </span>'.PHP_EOL
+	             . '      </td>'.PHP_EOL
+	             . '    </tr>';
+	$footer      = '  </tbody>'.PHP_EOL
+	             . '</table>'.PHP_EOL
+	             . '<table class="page-header" style="display: [DISPLAY_PREVIOUS_NEXT_LINKS]'.PHP_EOL
+	             . '  <tbody>'.PHP_EOL
+	             . '    <tr>'.PHP_EOL
+	             . '      <td class="page-left">[PREVIOUS_PAGE_LINK]</td>'.PHP_EOL
+	             . '      <td class="page-center">[OF]</td>'.PHP_EOL
+	             . '      <td class="page-right">[NEXT_PAGE_LINK]</td>'.PHP_EOL
+	             . '    </tr>'.PHP_EOL
+	             . '  </tbody>'.PHP_EOL
+	             . '</table>'.PHP_EOL;
+	$post_header = '<table class="post-header"'.PHP_EOL
+	             . '  <tbody>'.PHP_EOL
+	             . '    <tr>'.PHP_EOL
+	             . '      <td><h1>[TITLE]</h1></td>'.PHP_EOL
+	             . '      <td rowspan="3" style="display: [DISPLAY_IMAGE]">[GROUP_IMAGE]</td>'.PHP_EOL
+	             . '    </tr>'.PHP_EOL
+	             . '    <tr>'.PHP_EOL
+	             . '      <td class="public-info"><b>[TEXT_POSTED_BY] [DISPLAY_NAME] ([USERNAME]) [TEXT_ON] [PUBLISHED_DATE]</b></td>'.PHP_EOL
+	             . '    </tr>'.PHP_EOL
+	             . '    <tr style="display: [DISPLAY_GROUP]">'.PHP_EOL
+	             . '      <td class="group-page"><a href="[BACK]">[PAGE_TITLE]</a> &gt;&gt; <a href="[BACK]?g=[GROUP_ID]">[GROUP_TITLE]</a></td>'.PHP_EOL
+	             . '    </tr>'.PHP_EOL
+	             . '  </tbody>'.PHP_EOL
+	             . '</table>'.PHP_EOL;
+	$post_footer = '<p>[TEXT_LAST_CHANGED]: [MODI_DATE] [TEXT_AT] [MODI_TIME]</p>'.PHP_EOL
+	             . '<a href=\"[BACK]\">[TEXT_BACK]</a>'.PHP_EOL;
+
+	$comments_header  = ''.PHP_EOL
+	                  . '<h3>[TEXT_COMMENTS]</h3>'.PHP_EOL
+	                  . '<table class="comment-header">'.PHP_EOL
+	                  . '  <tbody>'.PHP_EOL;
+	$comments_loop    = ''.PHP_EOL
+	                  . '    <tr>'.PHP_EOL
+	                  . '      <td class="comment_title">[TITLE]</td>'.PHP_EOL
+	                  . '      <td class="comment_info">[TEXT_BY] [DISPLAY_NAME] [TEXT_ON] [DATE] [TEXT_AT] [TIME]</td>'.PHP_EOL
+	                  . '    </tr>'.PHP_EOL
+	                  . '    <tr>'.PHP_EOL
+	                  . '      <td colspan="2" class="comment-text">[COMMENT]</td>'.PHP_EOL
+	                  . '    </tr>'.PHP_EOL
+	                  . ''.PHP_EOL;
+	$comments_footer  = ''.PHP_EOL
+	                  . '  </tbody>'.PHP_EOL
+	                  . '</table>'.PHP_EOL
+	                  . '<br /><a href=\"[ADD_COMMENT_URL]\">[TEXT_ADD_COMMENT]</a>'.PHP_EOL
+	                  . ''.PHP_EOL;
+	$comments_page    = ''.PHP_EOL
+	                  . '<h2>[TEXT_COMMENT]</h2>'.PHP_EOL
+	                  . '<h3>[POST_TITLE]</h3><br />'.PHP_EOL
+	                  . ''.PHP_EOL;
+
 $commenting = 'none';
 $use_captcha = true;
 
-$database->query("INSERT INTO ".TABLE_PREFIX."mod_news_settings (section_id,page_id,header,post_loop,footer,post_header,post_footer,comments_header,comments_loop,comments_footer,comments_page,commenting,use_captcha) VALUES ('$section_id','$page_id','$header','$post_loop','$footer','$post_header','$post_footer','$comments_header','$comments_loop','$comments_footer','$comments_page','$commenting','$use_captcha')");
+$sql = 'INSERT INTO `'.TABLE_PREFIX.'mod_news_settings` '
+     . 'SET `section_id`='.$section_id.', '
+     .     '`page_id`='.$page_id.', '
+     .     '`header`=\''.$header.'\', '
+     .     '`post_loop`=\''.$post_loop.'\', '
+     .     '`footer`=\''.$footer.'\', '
+     .     '`post_header`=\''.$post_header.'\', '
+     .     '`post_footer`=\''.$post_footer.'\', '
+     .     '`comments_header`=\''.$comments_header.'\', '
+     .     '`comments_loop`=\''.$comments_loop.'\', '
+     .     '`comments_footer`=\''.$comments_footer.'\', '
+     .     '`comments_page`=\''.$comments_page.'\', '
+     .     '`commenting`=\'none\', '
+     .     '`use_captcha`=1 ';
+$database->query($sql);
Index: branches/2.8.x/wb/modules/news/modify_post.php
===================================================================
--- branches/2.8.x/wb/modules/news/modify_post.php	(revision 1917)
+++ branches/2.8.x/wb/modules/news/modify_post.php	(revision 1918)
@@ -4,13 +4,13 @@
  * @category        modules
  * @package         news
  * @author          WebsiteBaker Project
- * @copyright       2009-2011, Website Baker Org. e.V.
- * @link			http://www.websitebaker2.org/
+ * @copyright       2009-2013, WebsiteBaker Org. e.V.
+ * @link            http://www.websitebaker.org/
  * @license         http://www.gnu.org/licenses/gpl.html
  * @platform        WebsiteBaker 2.8.x
  * @requirements    PHP 5.2.2 and higher
  * @version         $Id$
- * @filesource		$HeadURL$
+ * @filesource      $HeadURL$
  * @lastmodified    $Date$
  *
  */
@@ -30,11 +30,37 @@
 if (!$post_id) {
 	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $backlink);
 }
-
+$aPostRec = array(
+'post_id' => 0,
+'section_id' => 0,
+'page_id' => 0,
+'group_id' => 0,
+'active' => 0,
+'position' => 0,
+'title' => '',
+'link' => '',
+'content_short' => '',
+'content_long' => '',
+'commenting' => '',
+'created_when' => 0,
+'created_by' => 0,
+'published_when' => 0,
+'published_until' => 0,
+'posted_when' => 0,
+'posted_by' => 0
+);
+$sMediaUrl = WB_URL.MEDIA_DIRECTORY;
 // Get header and footer
-$query_content = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_posts WHERE post_id = '$post_id'");
-$fetch_content = $query_content->fetchRow();
+$sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_news_posts` WHERE `post_id`='.(int)$post_id;
+if($oPostRes = $database->query($sql)){
+	$aPostRec = $oPostRes->fetchRow(MYSQL_ASSOC);
+	$aPostRec['content_short'] = str_replace('{SYSVAR:MEDIA_REL}', $sMediaUrl,$aPostRec['content_short']);
+	$aPostRec['content_long']  = str_replace('{SYSVAR:MEDIA_REL}', $sMediaUrl,$aPostRec['content_long']);
+}
+//$query_content = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_posts WHERE post_id = '$post_id'");
 
+//print '<pre style="text-align:left;color:#000;padding:1em;"><strong>function '.__FUNCTION__.'( '.$post_id.' );</strong>  basename: '.basename(__FILE__).'  line: '.__LINE__.' -> <br />'; 
+//print_r( $fetch_content['content_short'] ); print '</pre>'; // flush ();sleep(10); die();
 if(!isset($wysiwyg_editor_loaded)) {
     $wysiwyg_editor_loaded=true;
 	if (!defined('WYSIWYG_EDITOR') OR WYSIWYG_EDITOR=="none" OR !file_exists(WB_PATH.'/modules/'.WYSIWYG_EDITOR.'/include.php')) {
@@ -58,7 +84,7 @@
 <input type="hidden" name="section_id" value="<?php echo $section_id; ?>" />
 <input type="hidden" name="page_id" value="<?php echo $page_id; ?>" />
 <input type="hidden" name="post_id" value="<?php echo $post_id; ?>" />
-<input type="hidden" name="link" value="<?php echo $fetch_content['link']; ?>" />
+<input type="hidden" name="link" value="<?php echo $aPostRec['link']; ?>" />
 <?php echo $admin->getFTAN(); ?>
 
 <table class="row_a" cellpadding="2" cellspacing="0" width="100%">
@@ -65,7 +91,7 @@
 <tr>
 	<td><?php echo $TEXT['TITLE']; ?>:</td>
 	<td width="80%">
-		<input type="text" name="title" value="<?php echo (htmlspecialchars($fetch_content['title'])); ?>" style="width: 98%;" maxlength="255" />
+		<input type="text" name="title" value="<?php echo (htmlspecialchars($aPostRec['title'])); ?>" style="width: 98%;" maxlength="255" />
 	</td>
 </tr>
 <tr>
@@ -77,9 +103,9 @@
 			$query = $database->query("SELECT group_id,title FROM ".TABLE_PREFIX."mod_news_groups WHERE section_id = '$section_id' ORDER BY position ASC");
 			if($query->numRows() > 0) {
 				// Loop through groups
-				while($group = $query->fetchRow()) {
+				while($group = $query->fetchRow(MYSQL_ASSOC)) {
 					?>
-					<option value="<?php echo $group['group_id']; ?>"<?php if($fetch_content['group_id'] == $group['group_id']) { echo ' selected="selected"'; } ?>><?php echo $group['title']; ?></option>
+					<option value="<?php echo $group['group_id']; ?>"<?php if($aPostRec['group_id'] == $group['group_id']) { echo ' selected="selected"'; } ?>><?php echo $group['title']; ?></option>
 					<?php
 				}
 			}
@@ -92,8 +118,8 @@
 	<td>
 		<select name="commenting" style="width: 100%;">
 			<option value="none"><?php echo $TEXT['DISABLED']; ?></option>
-			<option value="public" <?php if($fetch_content['commenting'] == 'public') { echo ' selected="selected"'; } ?>><?php echo $TEXT['PUBLIC']; ?></option>
-			<option value="private" <?php if($fetch_content['commenting'] == 'private') { echo ' selected="selected"'; } ?>><?php echo $TEXT['PRIVATE']; ?></option>
+			<option value="public" <?php if($aPostRec['commenting'] == 'public') { echo ' selected="selected"'; } ?>><?php echo $TEXT['PUBLIC']; ?></option>
+			<option value="private" <?php if($aPostRec['commenting'] == 'private') { echo ' selected="selected"'; } ?>><?php echo $TEXT['PRIVATE']; ?></option>
 		</select>
 	</td>
 </tr>
@@ -100,12 +126,12 @@
 <tr>
 	<td><?php echo $TEXT['ACTIVE']; ?>:</td>
 	<td>
-		<input type="radio" name="active" id="active_true" value="1" <?php if($fetch_content['active'] == 1) { echo ' checked="checked"'; } ?> />
+		<input type="radio" name="active" id="active_true" value="1" <?php if($aPostRec['active'] == 1) { echo ' checked="checked"'; } ?> />
 		<a href="#" onclick="javascript: document.getElementById('active_true').checked = true;">
 		<?php echo $TEXT['YES']; ?>
 		</a>
 		&nbsp;
-		<input type="radio" name="active" id="active_false" value="0" <?php if($fetch_content['active'] == 0) { echo ' checked="checked"'; } ?> />
+		<input type="radio" name="active" id="active_false" value="0" <?php if($aPostRec['active'] == 0) { echo ' checked="checked"'; } ?> />
 		<a href="#" onclick="javascript: document.getElementById('active_false').checked = true;">
 		<?php echo $TEXT['NO']; ?>
 		</a>
@@ -114,7 +140,7 @@
 <tr>
 	<td><?php echo $TEXT['PUBL_START_DATE']; ?>:</td>
 	<td>
-	<input type="text" id="publishdate" name="publishdate" value="<?php if($fetch_content['published_when']==0) print date($jscal_format, strtotime((date('Y-m-d H:i')))); else print date($jscal_format, $fetch_content['published_when']);?>" style="width: 120px;" />
+	<input type="text" id="publishdate" name="publishdate" value="<?php if($aPostRec['published_when']==0) print date($jscal_format, strtotime((date('Y-m-d H:i')))); else print date($jscal_format, $aPostRec['published_when']);?>" style="width: 120px;" />
 	<img src="<?php echo THEME_URL ?>/images/clock_16.png" id="publishdate_trigger" style="cursor: pointer;" title="<?php echo $TEXT['CALENDAR']; ?>" alt="<?php echo $TEXT['CALENDAR']; ?>" onmouseover="this.style.background='lightgrey';" onmouseout="this.style.background=''" />
 	<img src="<?php echo THEME_URL ?>/images/clock_del_16.png" style="cursor: pointer;" title="<?php echo $TEXT['DELETE_DATE']; ?>" alt="<?php echo $TEXT['DELETE_DATE']; ?>" onmouseover="this.style.background='lightgrey';" onmouseout="this.style.background=''" onclick="document.modify.publishdate.value=''" />
 	</td>
@@ -122,7 +148,7 @@
 <tr>
 	<td><?php echo $TEXT['PUBL_END_DATE']; ?>:</td>
 	<td>
-	<input type="text" id="enddate" name="enddate" value="<?php if($fetch_content['published_until']==0) print ""; else print date($jscal_format, $fetch_content['published_until'])?>" style="width: 120px;" />
+	<input type="text" id="enddate" name="enddate" value="<?php if($aPostRec['published_until']==0) print ""; else print date($jscal_format, $aPostRec['published_until'])?>" style="width: 120px;" />
 	<img src="<?php echo THEME_URL ?>/images/clock_16.png" id="enddate_trigger" style="cursor: pointer;" title="<?php echo $TEXT['CALENDAR']; ?>" alt="<?php echo $TEXT['CALENDAR']; ?>" onmouseover="this.style.background='lightgrey';" onmouseout="this.style.background=''" />
 	<img src="<?php echo THEME_URL ?>/images/clock_del_16.png" style="cursor: pointer;" title="<?php echo $TEXT['DELETE_DATE']; ?>" alt="<?php echo $TEXT['DELETE_DATE']; ?>" onmouseover="this.style.background='lightgrey';" onmouseout="this.style.background=''" onclick="document.modify.enddate.value=''" />
 	</td>
@@ -136,7 +162,7 @@
 <tr>
 	<td>
 	<?php
-	show_wysiwyg_editor("short","short",htmlspecialchars($fetch_content['content_short']),"100%","200px");
+	show_wysiwyg_editor("short","short",htmlspecialchars($aPostRec['content_short']),"100%","200px");
 	?>
 	</td>
 </tr>
@@ -146,7 +172,7 @@
 <tr>
 	<td>
 	<?php
-	show_wysiwyg_editor("long","long",htmlspecialchars($fetch_content['content_long']),"100%","650px");
+	show_wysiwyg_editor("long","long",htmlspecialchars($aPostRec['content_long']),"100%","650px");
 	?>
 	</td>
 </tr>
@@ -215,7 +241,7 @@
 	?>
 	<table cellpadding="2" cellspacing="0" border="0" width="100%">
 	<?php
-	while($comment = $query_comments->fetchRow()) {
+	while($comment = $query_comments->fetchRow(MYSQL_ASSOC)) {
 		$cid = $admin->getIDKEY($comment['comment_id']);
 		?>
 		<tr class="row_<?php echo $row; ?>" >
Index: branches/2.8.x/wb/modules/news/save_post.php
===================================================================
--- branches/2.8.x/wb/modules/news/save_post.php	(revision 1917)
+++ branches/2.8.x/wb/modules/news/save_post.php	(revision 1918)
@@ -4,13 +4,13 @@
  * @category        modules
  * @package         news
  * @author          WebsiteBaker Project
- * @copyright       2009-2011, Website Baker Org. e.V.
- * @link			http://www.websitebaker2.org/
+ * @copyright       2009-2013, WebsiteBaker Org. e.V.
+ * @link            http://www.websitebaker.org/
  * @license         http://www.gnu.org/licenses/gpl.html
  * @platform        WebsiteBaker 2.8.x
  * @requirements    PHP 5.2.2 and higher
  * @version         $Id$
- * @filesource		$HeadURL$
+ * @filesource      $HeadURL$
  * @lastmodified    $Date$
  *
  */
@@ -65,20 +65,33 @@
 	}
 	$admin->print_header();
 
+//	$sMediaUrl = WB_URL.MEDIA_DIRECTORY;
+//	$searchfor = '@(<[^>]*=\s*")('.preg_quote($sMediaUrl).')([^">]*".*>)@siU';
 // Validate all fields
+	$title      = $admin->StripCodeFromText($admin->get_post('title'));
+	$commenting = $admin->StripCodeFromText($admin->get_post('commenting'));
+	$active     = intval($admin->get_post('active'));
+	$old_link   = $admin->StripCodeFromText($admin->get_post('link'));
+	$group_id   = intval($admin->get_post('group'));
+
 	if($admin->get_post('title') == '' AND $admin->get_post('url') == '') {
-        $recallUrl = WB_URL.'/modules/news/modify_post.php?page_id='.$page_id.
+		$recallUrl = WB_URL.'/modules/news/modify_post.php?page_id='.$page_id.
 		             '&section_id='.$section_id.'&post_id='.$admin->getIDKEY($post_id);
 		$admin->print_error($MESSAGE['GENERIC_FILL_IN_ALL'], $recallUrl);
-	}else {
-		$title      = $admin->get_post_escaped('title');
-		$short      = $admin->get_post_escaped('short');
-		$long       = $admin->get_post_escaped('long');
-		$commenting = $admin->get_post_escaped('commenting');
-		$active     = $admin->get_post_escaped('active');
-		$old_link   = $admin->get_post_escaped('link');
-		$group_id   = $admin->get_post_escaped('group');
+	} else {
+		$short      = $admin->get_post('short');
+		$long       = $admin->get_post('long');
+//		if(ini_get('magic_quotes_gpc')==true)
+//		{
+//			$short = $admin->strip_slashes($short);
+//			$long = $admin->strip_slashes($long);
+//		}
+//		$short = preg_replace($searchfor, '$1{SYSVAR:MEDIA_REL}$3', $short );
+//		$long = preg_replace($searchfor, '$1{SYSVAR:MEDIA_REL}$3', $long );
+		$short = $admin->ReplaceAbsoluteMediaUrl($short);
+		$long = $admin->ReplaceAbsoluteMediaUrl($long);
 	}
+
 // Get page link URL
 	$sql = 'SELECT `link` FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page_id;
 	$oldLink = $database->get_one($sql);