delete php warning

infos_sondage.php

@@ -45,59 +45,82 @@ if (file_exists('bandeaux_local.php')) {
   include_once('bandeaux.php');
 }
 
+// On teste toutes les variables pour supprimer l'ensemble des warnings PHP
+// On transforme en entites html les données afin éviter les failles XSS
+$post_var = array('titre', 'nom', 'adresse', 'commentaires', 'studsplus', 'mailsonde', 'creation_sondage_date', 'creation_sondage_date_x', 'creation_sondage_autre', 'creation_sondage_autre_x',);
+foreach ($post_var as $var) {
+  if (isset($_POST[$var]) === true) {
+    $$var = htmlentities($_POST[$var], ENT_QUOTES, 'UTF-8');
+  } else {
+    $$var = null;
+  }
+}
+
+// On initialise egalement la session car sinon bonjour les warning :-)
+$session_var = array('titre', 'nom', 'adresse', 'commentaires', 'mailsonde', 'studsplus', );
+foreach ($session_var as $var) {
+  if (issetAndNoEmpty($var, $_SESSION) === false) {
+    $_SESSION[$var] = null;
+  }
+}
+ 
+// On initialise également les autres variables
+$erreur_adresse = false;
+$erreur_injection_titre = false;
+$erreur_injection_nom = false;
+$erreur_injection_commentaires = false;
+$cocheplus = '';
+$cochemail = '';
+
 #tests
-if (($_POST["creation_sondage_date"]||$_POST["creation_sondage_autre"]||$_POST["creation_sondage_date_x"]||$_POST["creation_sondage_autre_x"])) {
+if (issetAndNoEmpty("creation_sondage_date") || issetAndNoEmpty("creation_sondage_autre") || issetAndNoEmpty("creation_sondage_date_x") || issetAndNoEmpty("creation_sondage_autre_x")){
-  $_SESSION["titre"]=$_POST["titre"];
+  $_SESSION["titre"] = $titre;
-  $_SESSION["nom"]=$_POST["nom"];
+  $_SESSION["nom"] = $nom;
-  $_SESSION["adresse"]=$_POST["adresse"];
+  $_SESSION["adresse"] = $adresse;
-  $_SESSION["commentaires"]=$_POST["commentaires"];
+  $_SESSION["commentaires"] = $commentaires;
   
   unset($_SESSION["studsplus"]);
-  if ($_POST["studsplus"]) {
+  if ($studsplus !== null) {
-    $_SESSION["studsplus"] =  '+';
+    $_SESSION["studsplus"] = '+';
+  } else {
+    $_SESSION["studsplus"] = '';
   }
   
   unset($_SESSION["mailsonde"]);
-  if ($_POST["mailsonde"]) {
+  if ($mailsonde !== null) {
     $_SESSION["mailsonde"] = true;
+  } else {
+    $_SESSION["mailsonde"] = false;
   }
   
-  if(!filter_var($_POST["adresse"], FILTER_VALIDATE_EMAIL) || strpos($_POST["adresse"], '@') === false) {
+  if(validateEmail($adresse) === false) {
     $erreur_adresse = true;
   }
   
-  if (preg_match(';<|>|";',$_POST["titre"])) {
+  if (preg_match(';<|>|";',$titre)) {
     $erreur_injection_titre = true;
   }
   
-  if (preg_match(';<|>|";',$_POST["nom"])) {
+  if (preg_match(';<|>|";',$nom)) {
     $erreur_injection_nom = true;
   }
   
-  if (preg_match(';<|>|";',$_POST["commentaires"])) {
+  if (preg_match(';<|>|";',$commentaires)) {
     $erreur_injection_commentaires = true;
   }
   
   // Si pas d'erreur dans l'adresse alors on change de page vers date ou autre
-  if ($_POST["titre"] && $_POST["nom"] && $_POST["adresse"] && ! $erreur_adresse && ! $erreur_injection_titre && ! $erreur_injection_commentaires && ! $erreur_injection_nom ) {
+  if ($titre && $nom && $adresse && !$erreur_adresse && ! $erreur_injection_titre && ! $erreur_injection_commentaires && ! $erreur_injection_nom) {
-    if ($_POST["creation_sondage_date"]||$_POST["creation_sondage_date_x"]) {
+    if ($creation_sondage_date !== null || $creation_sondage_date_x !== null) {
       header("Location:choix_date.php");
       exit();
     }
     
-    if ($_POST["creation_sondage_autre"]||$_POST["creation_sondage_autre_x"]) {
+    if ($creation_sondage_autre !== null || $creation_sondage_autre_x !== null) {
       header("Location:choix_autre.php");
       exit();
     }
   }
-  
-  //En cas d'erreur, recuperation des variables deja entrées
-  if (empty($_POST["titre"]) || empty($_POST["adresse"]) || empty($_POST["nom"])) {
-    $_SESSION["titre"]=$_POST["titre"];
-    $_SESSION["nom"]=$_POST["nom"];
-    $_SESSION["adresse"]=$_POST["adresse"];
-    $_SESSION["commentaires"]=$_POST["commentaires"];
-  }
 }
 
 //affichage de la page
@@ -111,7 +134,7 @@ sous_bandeau();
 
 // premier sondage ? test l'existence des schémas SQL avant d'aller plus loin
 if(!check_table_sondage()) {
-  echo '<p style="color:#FF0000; text-align:center">' .
+  echo '<p style="color:#FF0000; text-align:center">'.
        _("STUdS is not properly installed, please check the 'INSTALL' to setup the database before continuing") .
        "</p>"."\n";
   bandeau_pied();
@@ -130,7 +153,7 @@ echo '<br>'. _("You are in the poll creation section. <br> Required fields canno
 echo '<table>'."\n";
 
 echo '<tr><td>'. _("Poll title *: ") .'</td><td><input type="text" name="titre" size="40" maxlength="80" value="'.$_SESSION["titre"].'"></td>'."\n";
-if (!$_SESSION["titre"]&&($_POST["creation_sondage_date"]||$_POST["creation_sondage_autre"]||$_POST["creation_sondage_date_x"]||$_POST["creation_sondage_autre_x"])) {
+if (!$_SESSION["titre"] && (issetAndNoEmpty('creation_sondage_date') || issetAndNoEmpty('creation_sondage_autre') || issetAndNoEmpty('creation_sondage_date_x') || issetAndNoEmpty('creation_sondage_autre_x'))) {
   print "<td><font color=\"#FF0000\">" . _("Enter a title") . "</font></td>"."\n";
 } elseif ($erreur_injection_titre) {
   print "<td><font color=\"#FF0000\">" . _("Characters < > and \" are not permitted") . "</font></td><br>"."\n";
@@ -152,7 +175,7 @@ if (isset($_SERVER['REMOTE_USER'])) {
   echo '<input type="text" name="nom" size="40" maxlength="40" value="'.$_SESSION["nom"].'"></td>'."\n";
 }
 
-if (!$_SESSION["nom"]&&($_POST["creation_sondage_date"]||$_POST["creation_sondage_autre"]||$_POST["creation_sondage_date_x"]||$_POST["creation_sondage_autre_x"])) {
+if (!$_SESSION["nom"] && (issetAndNoEmpty('creation_sondage_date') || issetAndNoEmpty('creation_sondage_autre') || issetAndNoEmpty('creation_sondage_date_x') || issetAndNoEmpty('creation_sondage_autre_x'))) {
   print "<td><font color=\"#FF0000\">" . _("Enter a name") . "</font></td>"."\n";
 } elseif ($erreur_injection_nom) {
   print "<td><font color=\"#FF0000\">" . _("Characters < > and \" are not permitted") . "</font></td><br>"."\n";
@@ -167,9 +190,9 @@ if (isset($_SERVER['REMOTE_USER'])) {
   echo '<input type="text" name="adresse" size="40" maxlength="64" value="'.$_SESSION["adresse"].'"></td>'."\n";
 }
 
-if (!$_SESSION["adresse"]&&($_POST["creation_sondage_date"]||$_POST["creation_sondage_autre"]||$_POST["creation_sondage_date_x"]||$_POST["creation_sondage_autre_x"])) {
+if (!$_SESSION["adresse"] && (issetAndNoEmpty('creation_sondage_date') || issetAndNoEmpty('creation_sondage_autre') || issetAndNoEmpty('creation_sondage_date_x') || issetAndNoEmpty('creation_sondage_autre_x'))) {
   print "<td><font color=\"#FF0000\">" . _("Enter an email address") . " </font></td>"."\n";
-} elseif ($erreur_adresse&&($_POST["creation_sondage_date"]||$_POST["creation_sondage_autre"]||$_POST["creation_sondage_date_x"]||$_POST["creation_sondage_autre_x"])) {
+} elseif ($erreur_adresse && (issetAndNoEmpty('creation_sondage_date') || issetAndNoEmpty('creation_sondage_autre') || issetAndNoEmpty('creation_sondage_date_x') || issetAndNoEmpty('creation_sondage_autre_x'))) {
   print "<td><font color=\"#FF0000\">" . _("The address is not correct! (You should enter a valid email address in order to receive the link to your poll)") . "</font></td>"."\n";
 }
 
@@ -184,7 +207,7 @@ echo '</script>'."\n";
 echo '<br>'. _("The fields marked with * are required!") .'<br><br>'."\n";
 
 #affichage du cochage par défaut
-if (!$_SESSION["studsplus"]&&!$_POST["creation_sondage_date"]&&!$_POST["creation_sondage_autre"]&&!$_POST["creation_sondage_date_x"]&&!$_POST["creation_sondage_autre_x"]) {
+if (!$_SESSION["studsplus"] && !issetAndNoEmpty('creation_sondage_date') && !issetAndNoEmpty('creation_sondage_autre') && !issetAndNoEmpty('creation_sondage_date_x') && !issetAndNoEmpty('creation_sondage_autre_x')) {
   $_SESSION["studsplus"]="+";
 }