[guadec-web] Add roommate and sanitize the rest too

[Pascal Terjan <pterjan src gnome org>]

commit aa9bb05878ca0666cec3c88f0376833815a40d90
Author: Pascal Terjan <pterjan gmail com>
Date:   Tue Jul 15 22:03:45 2014 +0000

    Add roommate and sanitize the rest too

 guadec/confirm-payment.php |   27 +++++++++++++++++----------
 1 files changed, 17 insertions(+), 10 deletions(-)
---
diff --git a/guadec/confirm-payment.php b/guadec/confirm-payment.php
index 15e987b..08d7a71 100644
--- a/guadec/confirm-payment.php
+++ b/guadec/confirm-payment.php
@@ -29,6 +29,7 @@ $sql = "CREATE TABLE $table_name (
   gender text,
   country text,
   room VARCHAR(7),
+  roommate text,
   payment VARCHAR(10) DEFAULT 'NoPayment',
   bday date,
   UNIQUE KEY id (id)
@@ -42,16 +43,16 @@ if (!empty($_POST)) {
        $application_submitted = true;
        $errors = false;
 
-       $name = trim(stripslashes($_POST['contact_name']));
-       $email = trim(stripslashes($_POST['contact_email']));
-       $irc = (isset($_POST['irc']))?(trim(stripslashes($_POST['irc']))) : 'NA';
-       $gender = (isset($_POST['contact_gender']))?(trim(stripslashes($_POST['contact_gender']))) : 'NA';
-       $country = (isset($_POST['contact_country']))?(trim(stripslashes($_POST['contact_country']))) : 'NA';
-       $diet = (isset($_POST['diet']))?(trim(stripslashes($_POST['diet']))) : 'NA';
+       $name = trim(sanitize_text_field($_POST['contact_name']));
+       $email = trim(sanitize_text_field($_POST['contact_email']));
+       $irc = (isset($_POST['irc']))?(trim(sanitize_text_field($_POST['irc']))) : 'NA';
+       $gender = (isset($_POST['contact_gender']))?(trim(sanitize_text_field($_POST['contact_gender']))) : 
'NA';
+       $country = (isset($_POST['contact_country']))?(trim(sanitize_text_field($_POST['contact_country']))) 
: 'NA';
+       $diet = (isset($_POST['diet']))?(trim(sanitize_text_field($_POST['diet']))) : 'NA';
        
-       $entry = (isset($_POST['entry-fee']))?(trim(stripslashes($_POST['entry-fee']))):'0';
+       $entry = (isset($_POST['entry-fee']))?(intval($_POST['entry-fee'])):0;
 
-       $bday = (isset($_POST['bday']))?($_POST['bday']):'NA';
+       $bday = (isset($_POST['bday']))?(trim(sanitize_text_field($_POST['bday'])):'NA';
        $public = isset($_POST['public'])?'YES':'NO';
 
        $obfuscated_email = str_replace("@", " AT ", $email);
@@ -86,8 +87,9 @@ if (!empty($_POST)) {
                                $errors = true;
                        }
                }
-               $arrive = $_POST['arrival'];
-               $depart = $_POST['departure'];
+               $roommate = sanitize_text_field($_POST['roommate']);
+               $arrive = sanitize_text_field($_POST['arrival']);
+               $depart = sanitize_text_field($_POST['departure']);
        }
 
        $nights = dayParser($arrive, $depart);
@@ -129,6 +131,7 @@ if (!empty($_POST)) {
                                 'email' => $email,
                                 'accom' => $accom,
                                 'room' => $room_type,
+                                'roommate' => $roommate,
                                 'arrive' => $arrive,
                                 'depart' => $depart,
                                 'sponsored' => $sponsor_check,
@@ -179,6 +182,10 @@ if (!empty($_POST)) {
                <div class="col span_1_of_2"><?php echo $room_type;?></div>
                </div>
                <div class="section group">
+               <div class="col span_1_of_2">Roommate</div>
+               <div class="col span_1_of_2"><?php echo $roommate;?></div>
+               </div>
+               <div class="section group">
                <div class="col span_1_of_2">Arrival</div>
                <div class="col span_1_of_2"><?php echo $arrive;?></div>
                </div>