Chapril/date.chapril.org-framadate
Chapril
/
date.chapril.org-framadate
23
1
Fork 0
Code Issues Pull Requests Releases Activity

delete php warning

This commit is contained in:
Simon Leblanc 2011-05-15 05:03:10 +02:00
parent 82ea497112
commit 2f81f48710
1 changed files with 52 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
infos_sondage.php
View File

@ -45,59 +45,82 @@ if (file_exists('bandeaux_local.php')) {
include_once('bandeaux.php');
}
// On teste toutes les variables pour supprimer l'ensemble des warnings PHP
// On transforme en entites html les données afin éviter les failles XSS
$post_var = array('titre', 'nom', 'adresse', 'commentaires', 'studsplus', 'mailsonde', 'creation_sondage_date', 'creation_sondage_date_x', 'creation_sondage_autre', 'creation_sondage_autre_x',);
foreach ($post_var as $var) {
if (isset($_POST[$var]) === true) {
$$var = htmlentities($_POST[$var], ENT_QUOTES, 'UTF-8');
} else {
$$var = null;
}
}
// On initialise egalement la session car sinon bonjour les warning :-)
$session_var = array('titre', 'nom', 'adresse', 'commentaires', 'mailsonde', 'studsplus', );
foreach ($session_var as $var) {
if (issetAndNoEmpty($var, $_SESSION) === false) {
$_SESSION[$var] = null;
}
}
// On initialise également les autres variables
$erreur_adresse = false;
$erreur_injection_titre = false;
$erreur_injection_nom = false;
$erreur_injection_commentaires = false;
$cocheplus = '';
$cochemail = '';
#tests
if (($_POST["creation_sondage_date"]||$_POST["creation_sondage_autre"]||$_POST["creation_sondage_date_x"]||$_POST["creation_sondage_autre_x"])) {
$_SESSION["titre"]=$_POST["titre"];
$_SESSION["nom"]=$_POST["nom"];
$_SESSION["adresse"]=$_POST["adresse"];
$_SESSION["commentaires"]=$_POST["commentaires"];
if (issetAndNoEmpty("creation_sondage_date") || issetAndNoEmpty("creation_sondage_autre") || issetAndNoEmpty("creation_sondage_date_x") || issetAndNoEmpty("creation_sondage_autre_x")){
$_SESSION["titre"] = $titre;
$_SESSION["nom"] = $nom;
$_SESSION["adresse"] = $adresse;
$_SESSION["commentaires"] = $commentaires;
unset($_SESSION["studsplus"]);
if ($_POST["studsplus"]) {
$_SESSION["studsplus"] = '+';
if ($studsplus !== null) {
$_SESSION["studsplus"] = '+';
} else {
$_SESSION["studsplus"] = '';
}
unset($_SESSION["mailsonde"]);
if ($_POST["mailsonde"]) {
if ($mailsonde !== null) {
$_SESSION["mailsonde"] = true;
} else {
$_SESSION["mailsonde"] = false;
}
if(!filter_var($_POST["adresse"], FILTER_VALIDATE_EMAIL) || strpos($_POST["adresse"], '@') === false) {
if(validateEmail($adresse) === false) {
$erreur_adresse = true;
}
if (preg_match(';<|>|";',$_POST["titre"])) {
if (preg_match(';<|>|";',$titre)) {
$erreur_injection_titre = true;
}
if (preg_match(';<|>|";',$_POST["nom"])) {
if (preg_match(';<|>|";',$nom)) {
$erreur_injection_nom = true;
}
if (preg_match(';<|>|";',$_POST["commentaires"])) {
if (preg_match(';<|>|";',$commentaires)) {
$erreur_injection_commentaires = true;
}
// Si pas d'erreur dans l'adresse alors on change de page vers date ou autre
if ($_POST["titre"] && $_POST["nom"] && $_POST["adresse"] && ! $erreur_adresse && ! $erreur_injection_titre && ! $erreur_injection_commentaires && ! $erreur_injection_nom ) {
if ($_POST["creation_sondage_date"]||$_POST["creation_sondage_date_x"]) {
if ($titre && $nom && $adresse && !$erreur_adresse && ! $erreur_injection_titre && ! $erreur_injection_commentaires && ! $erreur_injection_nom) {
if ($creation_sondage_date !== null || $creation_sondage_date_x !== null) {
header("Location:choix_date.php");
exit();
}
if ($_POST["creation_sondage_autre"]||$_POST["creation_sondage_autre_x"]) {
if ($creation_sondage_autre !== null || $creation_sondage_autre_x !== null) {
header("Location:choix_autre.php");
exit();
}
}
//En cas d'erreur, recuperation des variables deja entrées
if (empty($_POST["titre"]) || empty($_POST["adresse"]) || empty($_POST["nom"])) {
$_SESSION["titre"]=$_POST["titre"];
$_SESSION["nom"]=$_POST["nom"];
$_SESSION["adresse"]=$_POST["adresse"];
$_SESSION["commentaires"]=$_POST["commentaires"];
}
}
//affichage de la page
@ -111,7 +134,7 @@ sous_bandeau();
// premier sondage ? test l'existence des schémas SQL avant d'aller plus loin
if(!check_table_sondage()) {
echo '<p style="color:#FF0000; text-align:center">' .
echo '<p style="color:#FF0000; text-align:center">'.
_("STUdS is not properly installed, please check the 'INSTALL' to setup the database before continuing") .
"</p>"."\n";
bandeau_pied();
@ -130,7 +153,7 @@ echo '<br>'. _("You are in the poll creation section. <br> Required fields canno
echo '<table>'."\n";
echo '<tr><td>'. _("Poll title *: ") .'</td><td><input type="text" name="titre" size="40" maxlength="80" value="'.$_SESSION["titre"].'"></td>'."\n";
if (!$_SESSION["titre"]&&($_POST["creation_sondage_date"]||$_POST["creation_sondage_autre"]||$_POST["creation_sondage_date_x"]||$_POST["creation_sondage_autre_x"])) {
if (!$_SESSION["titre"] && (issetAndNoEmpty('creation_sondage_date') || issetAndNoEmpty('creation_sondage_autre') || issetAndNoEmpty('creation_sondage_date_x') || issetAndNoEmpty('creation_sondage_autre_x'))) {
print "<td><font color=\"#FF0000\">" . _("Enter a title") . "</font></td>"."\n";
} elseif ($erreur_injection_titre) {
print "<td><font color=\"#FF0000\">" . _("Characters < > and \" are not permitted") . "</font></td><br>"."\n";
@ -152,7 +175,7 @@ if (isset($_SERVER['REMOTE_USER'])) {
echo '<input type="text" name="nom" size="40" maxlength="40" value="'.$_SESSION["nom"].'"></td>'."\n";
}
if (!$_SESSION["nom"]&&($_POST["creation_sondage_date"]||$_POST["creation_sondage_autre"]||$_POST["creation_sondage_date_x"]||$_POST["creation_sondage_autre_x"])) {
if (!$_SESSION["nom"] && (issetAndNoEmpty('creation_sondage_date') || issetAndNoEmpty('creation_sondage_autre') || issetAndNoEmpty('creation_sondage_date_x') || issetAndNoEmpty('creation_sondage_autre_x'))) {
print "<td><font color=\"#FF0000\">" . _("Enter a name") . "</font></td>"."\n";
} elseif ($erreur_injection_nom) {
print "<td><font color=\"#FF0000\">" . _("Characters < > and \" are not permitted") . "</font></td><br>"."\n";
@ -167,9 +190,9 @@ if (isset($_SERVER['REMOTE_USER'])) {
echo '<input type="text" name="adresse" size="40" maxlength="64" value="'.$_SESSION["adresse"].'"></td>'."\n";
}
if (!$_SESSION["adresse"]&&($_POST["creation_sondage_date"]||$_POST["creation_sondage_autre"]||$_POST["creation_sondage_date_x"]||$_POST["creation_sondage_autre_x"])) {
if (!$_SESSION["adresse"] && (issetAndNoEmpty('creation_sondage_date') || issetAndNoEmpty('creation_sondage_autre') || issetAndNoEmpty('creation_sondage_date_x') || issetAndNoEmpty('creation_sondage_autre_x'))) {
print "<td><font color=\"#FF0000\">" . _("Enter an email address") . " </font></td>"."\n";
} elseif ($erreur_adresse&&($_POST["creation_sondage_date"]||$_POST["creation_sondage_autre"]||$_POST["creation_sondage_date_x"]||$_POST["creation_sondage_autre_x"])) {
} elseif ($erreur_adresse && (issetAndNoEmpty('creation_sondage_date') || issetAndNoEmpty('creation_sondage_autre') || issetAndNoEmpty('creation_sondage_date_x') || issetAndNoEmpty('creation_sondage_autre_x'))) {
print "<td><font color=\"#FF0000\">" . _("The address is not correct! (You should enter a valid email address in order to receive the link to your poll)") . "</font></td>"."\n";
}
@ -184,7 +207,7 @@ echo '</script>'."\n";
echo '<br>'. _("The fields marked with * are required!") .'<br><br>'."\n";
#affichage du cochage par défaut
if (!$_SESSION["studsplus"]&&!$_POST["creation_sondage_date"]&&!$_POST["creation_sondage_autre"]&&!$_POST["creation_sondage_date_x"]&&!$_POST["creation_sondage_autre_x"]) {
if (!$_SESSION["studsplus"] && !issetAndNoEmpty('creation_sondage_date') && !issetAndNoEmpty('creation_sondage_autre') && !issetAndNoEmpty('creation_sondage_date_x') && !issetAndNoEmpty('creation_sondage_autre_x')) {
$_SESSION["studsplus"]="+";
}