From 5d4958e1f4ffe74ff3141254c88075c46d130070 Mon Sep 17 00:00:00 2001 From: Olivier PEREZ Date: Mon, 30 Nov 2015 20:26:23 +0100 Subject: [PATCH 1/2] Encode action values in base64 instead of url_encode (because of UrlRewrite) --- adminstuds.php | 2 ++ app/classes/Framadate/Utils.php | 26 +++++++++++++++++++++----- htaccess.txt | 4 ++-- tpl/part/vote_table_classic.tpl | 2 +- tpl/part/vote_table_date.tpl | 2 +- 5 files changed, 27 insertions(+), 9 deletions(-) diff --git a/adminstuds.php b/adminstuds.php index 29f3d27..b47ea03 100644 --- a/adminstuds.php +++ b/adminstuds.php @@ -246,6 +246,7 @@ if (!empty($_POST['save'])) { // Save edition of an old vote if (!empty($_GET['delete_vote'])) { $vote_id = filter_input(INPUT_GET, 'delete_vote', FILTER_VALIDATE_INT); + $vote_id = Utils::base64url_decode($vote_id); if ($adminPollService->deleteVote($poll_id, $vote_id)) { $message = new Message('success', __('adminstuds', 'Vote deleted')); } else { @@ -361,6 +362,7 @@ if (isset($_POST['confirm_delete_poll'])) { if (!empty($_GET['delete_column'])) { $column = filter_input(INPUT_GET, 'delete_column', FILTER_DEFAULT); + $column = Utils::base64url_decode($column); if ($poll->format === 'D') { $ex = explode('@', $column); diff --git a/app/classes/Framadate/Utils.php b/app/classes/Framadate/Utils.php index 3565a70..b340bad 100644 --- a/app/classes/Framadate/Utils.php +++ b/app/classes/Framadate/Utils.php @@ -105,7 +105,7 @@ class Utils { */ public static function getUrlSondage($id, $admin = false, $vote_id = '', $action = null, $action_value = null) { // URL-Encode $action_value - $action_value = $action_value == null ? null : urlencode($action_value); + $action_value = $action_value == null ? null : Utils::base64url_encode($action_value); if (URL_PROPRE) { if ($admin === true) { @@ -115,8 +115,12 @@ class Utils { } if ($vote_id != '') { $url .= '/vote/' . $vote_id . "#edit"; - } elseif ($action != null && $action_value != null) { - $url .= '/action/' . $action . '/' . $action_value; + } elseif ($action != null) { + if ($action_value != null) { + $url .= '/action/' . $action . '/' . $action_value; + } else { + $url .= '/action/' . $action; + } } } else { if ($admin === true) { @@ -126,8 +130,12 @@ class Utils { } if ($vote_id != '') { $url .= '&vote=' . $vote_id . "#edit"; - } elseif ($action != null && $action_value != null) { - $url .= '&' . $action . "=" . $action_value; + } elseif ($action != null) { + if ($action_value != null) { + $url .= '&' . $action . "=" . $action_value; + } else { + $url .= '&' . $action . "="; + } } } @@ -200,4 +208,12 @@ class Utils { public static function fromPostOrDefault($postKey, $default = '') { return !empty($_POST[$postKey]) ? Utils::htmlEscape($_POST[$postKey]) : $default; } + + public static function base64url_encode($input) { + return rtrim(strtr(base64_encode($input), '+/', '-_'), '='); + } + + public static function base64url_decode($input) { + return base64_decode(str_pad(strtr($input, '-_', '+/'), strlen($input) % 4, '=', STR_PAD_RIGHT)); + } } diff --git a/htaccess.txt b/htaccess.txt index a59fcd7..640cb13 100644 --- a/htaccess.txt +++ b/htaccess.txt @@ -9,9 +9,9 @@ RewriteRule . - [L] RewriteRule ^([a-zA-Z0-9]{16})$ studs.php?poll=$1 [L] - RewriteRule ^([a-zA-Z0-9]{16})/action/([a-zA-Z_-]+)/(.+)$ studs.php?poll=$1&$2=$3 [B] + RewriteRule ^([a-zA-Z0-9]{16})/action/([a-zA-Z_-]+)/(.+)$ studs.php?poll=$1&$2=$3 RewriteRule ^([a-zA-Z0-9]{16})/vote/([a-zA-Z0-9]{16})$ studs.php?poll=$1&vote=$2 RewriteRule ^([a-zA-Z0-9]{24})/admin$ adminstuds.php?poll=$1 RewriteRule ^([a-zA-Z0-9]{24})/admin/vote/([a-zA-Z0-9]{16})$ adminstuds.php?poll=$1&vote=$2 - RewriteRule ^([a-zA-Z0-9]{24})/admin/action/([a-zA-Z_-]+)/(.+)$ adminstuds.php?poll=$1&$2=$3 [B] + RewriteRule ^([a-zA-Z0-9]{24})/admin/action/([a-zA-Z_-]+)(/(.+))?$ adminstuds.php?poll=$1&$2=$4 \ No newline at end of file diff --git a/tpl/part/vote_table_classic.tpl b/tpl/part/vote_table_classic.tpl index a00af34..fa496ef 100644 --- a/tpl/part/vote_table_classic.tpl +++ b/tpl/part/vote_table_classic.tpl @@ -21,7 +21,7 @@ {/foreach} - {__('Poll results', 'Add a column')} diff --git a/tpl/part/vote_table_date.tpl b/tpl/part/vote_table_date.tpl index 4ba4347..2afb20b 100644 --- a/tpl/part/vote_table_date.tpl +++ b/tpl/part/vote_table_date.tpl @@ -27,7 +27,7 @@ {/foreach} {/foreach} - {__('Poll results', 'Add a column')} From 5750a361723be21ebe2ac76c6285a956049907f9 Mon Sep 17 00:00:00 2001 From: Olivier PEREZ Date: Mon, 30 Nov 2015 20:38:53 +0100 Subject: [PATCH 2/2] Rename add_slot by add_column --- adminstuds.php | 6 +++--- app/classes/Framadate/Services/AdminPollService.php | 4 ++-- tpl/{add_slot.tpl => add_column.tpl} | 2 +- tpl/part/vote_table_classic.tpl | 2 +- tpl/part/vote_table_date.tpl | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) rename tpl/{add_slot.tpl => add_column.tpl} (93%) diff --git a/adminstuds.php b/adminstuds.php index b47ea03..b9497dd 100644 --- a/adminstuds.php +++ b/adminstuds.php @@ -387,15 +387,15 @@ if (!empty($_GET['delete_column'])) { // Add a slot // ------------------------------- -if (isset($_GET['add_slot'])) { +if (isset($_GET['add_column'])) { $smarty->assign('poll_id', $poll_id); $smarty->assign('admin_poll_id', $admin_poll_id); $smarty->assign('format', $poll->format); $smarty->assign('title', __('Generic', 'Poll') . ' - ' . $poll->title); - $smarty->display('add_slot.tpl'); + $smarty->display('add_column.tpl'); exit; } -if (isset($_POST['confirm_add_slot'])) { +if (isset($_POST['confirm_add_column'])) { try { if ($poll->format === 'D') { $newdate = strip_tags($_POST['newdate']); diff --git a/app/classes/Framadate/Services/AdminPollService.php b/app/classes/Framadate/Services/AdminPollService.php index de63509..500e528 100644 --- a/app/classes/Framadate/Services/AdminPollService.php +++ b/app/classes/Framadate/Services/AdminPollService.php @@ -200,7 +200,7 @@ class AdminPollService { * @throws MomentAlreadyExistsException When the moment to add already exists in database */ public function addDateSlot($poll_id, $datetime, $new_moment) { - $this->logService->log('ADD_SLOT', 'id:' . $poll_id . ', datetime:' . $datetime . ', moment:' . $new_moment); + $this->logService->log('ADD_COLUMN', 'id:' . $poll_id . ', datetime:' . $datetime . ', moment:' . $new_moment); $slots = $this->slotRepository->listByPollId($poll_id); $result = $this->findInsertPosition($slots, $datetime); @@ -243,7 +243,7 @@ class AdminPollService { * @throws MomentAlreadyExistsException When the moment to add already exists in database */ public function addClassicSlot($poll_id, $title) { - $this->logService->log('ADD_SLOT', 'id:' . $poll_id . ', title:' . $title); + $this->logService->log('ADD_COLUMN', 'id:' . $poll_id . ', title:' . $title); $slots = $this->slotRepository->listByPollId($poll_id); diff --git a/tpl/add_slot.tpl b/tpl/add_column.tpl similarity index 93% rename from tpl/add_slot.tpl rename to tpl/add_column.tpl index 3ef5e5e..8fa0c55 100644 --- a/tpl/add_slot.tpl +++ b/tpl/add_column.tpl @@ -32,7 +32,7 @@ {/if}
- +
diff --git a/tpl/part/vote_table_classic.tpl b/tpl/part/vote_table_classic.tpl index fa496ef..c321cc0 100644 --- a/tpl/part/vote_table_classic.tpl +++ b/tpl/part/vote_table_classic.tpl @@ -21,7 +21,7 @@ {/foreach} - {__('Poll results', 'Add a column')} diff --git a/tpl/part/vote_table_date.tpl b/tpl/part/vote_table_date.tpl index 2afb20b..03ad351 100644 --- a/tpl/part/vote_table_date.tpl +++ b/tpl/part/vote_table_date.tpl @@ -27,7 +27,7 @@ {/foreach} {/foreach} - {__('Poll results', 'Add a column')}