Move URL encore to Utils::getUrlSondage

This commit is contained in:
Olivier PEREZ 2015-11-05 22:43:54 +01:00
parent afe8eac89b
commit 171d45938c
4 changed files with 6 additions and 3 deletions

View File

@ -104,6 +104,9 @@ class Utils {
* @return string The poll's URL. * @return string The poll's URL.
*/ */
public static function getUrlSondage($id, $admin = false, $vote_id = '', $action = null, $action_value = null) { public static function getUrlSondage($id, $admin = false, $vote_id = '', $action = null, $action_value = null) {
// URL-Encode $action_value
$action_value = $action_value == null ? null : urlencode($action_value);
if (URL_PROPRE) { if (URL_PROPRE) {
if ($admin === true) { if ($admin === true) {
$url = self::get_server_name() . $id . '/admin'; $url = self::get_server_name() . $id . '/admin';

View File

@ -49,7 +49,7 @@ function smarty_function_poll_url($params, Smarty_Internal_Template $template) {
$poll_id = filter_var($params['id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); $poll_id = filter_var($params['id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
$admin = (isset($params['admin']) && $params['admin']) ? true : false; $admin = (isset($params['admin']) && $params['admin']) ? true : false;
$action = (isset($params['action']) && !empty($params['action'])) ? Utils::htmlEscape($params['action']) : false; $action = (isset($params['action']) && !empty($params['action'])) ? Utils::htmlEscape($params['action']) : false;
$action_value = (isset($params['action_value']) && !empty($params['action_value'])) ? Utils::htmlEscape($params['action_value']) : false; $action_value = (isset($params['action_value']) && !empty($params['action_value'])) ? $params['action_value'] : false;
$vote_unique_id = isset($params['vote_id']) ? filter_var($params['vote_id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]) : ''; $vote_unique_id = isset($params['vote_id']) ? filter_var($params['vote_id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]) : '';
// If filter_var fails (i.e.: hack tentative), it will return false. At least no leak is possible from this. // If filter_var fails (i.e.: hack tentative), it will return false. At least no leak is possible from this.

View File

@ -14,7 +14,7 @@
<th role="presentation"></th> <th role="presentation"></th>
{foreach $slots as $id=>$slot} {foreach $slots as $id=>$slot}
<td headers="C{$id}"> <td headers="C{$id}">
<a href="{poll_url id=$admin_poll_id admin=true action='delete_column' action_value=urlencode($slot->title)}" <a href="{poll_url id=$admin_poll_id admin=true action='delete_column' action_value=$slot->title}"
class="btn btn-link btn-sm" title="{__('adminstuds', 'Remove the column')} {$slot->title|html}"> class="btn btn-link btn-sm" title="{__('adminstuds', 'Remove the column')} {$slot->title|html}">
<i class="glyphicon glyphicon-remove text-danger"></i><span class="sr-only">{__('Generic', 'Remove')}</span> <i class="glyphicon glyphicon-remove text-danger"></i><span class="sr-only">{__('Generic', 'Remove')}</span>
</a> </a>

View File

@ -17,7 +17,7 @@
{foreach $slots as $slot} {foreach $slots as $slot}
{foreach $slot->moments as $id=>$moment} {foreach $slot->moments as $id=>$moment}
<td headers="M{$slot@key} D{$headersDCount} H{$headersDCount}"> <td headers="M{$slot@key} D{$headersDCount} H{$headersDCount}">
<a href="{poll_url id=$admin_poll_id admin=true action='delete_column' action_value=$slot->day|cat:'@'|cat:urlencode($moment)}" <a href="{poll_url id=$admin_poll_id admin=true action='delete_column' action_value=$slot->day|cat:'@'|cat:$moment}"
class="btn btn-link btn-sm" class="btn btn-link btn-sm"
title="{__('adminstuds', 'Remove the column')} {$slot->day|date_format:$date_format.txt_short|html} - {$moment|html}"> title="{__('adminstuds', 'Remove the column')} {$slot->day|date_format:$date_format.txt_short|html} - {$moment|html}">
<i class="glyphicon glyphicon-remove text-danger"></i><span class="sr-only">{__('Generic', 'Remove')}</span> <i class="glyphicon glyphicon-remove text-danger"></i><span class="sr-only">{__('Generic', 'Remove')}</span>