From 36cef8cc393d1f09c8dd31dfd4f85cf875a8d0d3 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Mon, 22 Mar 2021 19:04:44 +0100 Subject: [PATCH] Actually enforce the length limitation on the poll creator name Show a nice error message if it's too long (not on the edit page because there's no support for this right now) mbstring is now a required extension Signed-off-by: Thomas Citharel --- admin/check.php | 7 +++++++ adminstuds.php | 4 +++- create_poll.php | 6 +++++- locale/en.json | 3 +++ locale/fr_FR.json | 3 +++ tpl/part/poll_info.tpl | 2 +- 6 files changed, 22 insertions(+), 3 deletions(-) diff --git a/admin/check.php b/admin/check.php index 24a8dcc..0d8bd57 100644 --- a/admin/check.php +++ b/admin/check.php @@ -99,6 +99,13 @@ if (extension_loaded('intl')) { $messages[] = new Message('danger', __('Check','You need to enable the PHP Intl extension.')); } +// mbstring extension +if (extension_loaded('mbstring')) { + $messages[] = new Message('info', __('Check','PHP mbstring extension is enabled.')); +} else { + $messages[] = new Message('danger', __('Check','You need to enable the PHP mbstring extension.')); +} + // Is template compile dir exists and writable ? if (!file_exists(ROOT_DIR . COMPILE_DIR)) { $messages[] = new Message('danger', __f('Check','The template compile directory (%s) doesn\'t exist in "%s". Retry the installation process.', COMPILE_DIR, realpath(ROOT_DIR))); diff --git a/adminstuds.php b/adminstuds.php index 9ecddf2..0da2c44 100644 --- a/adminstuds.php +++ b/adminstuds.php @@ -143,7 +143,9 @@ if (isset($_POST['update_poll_info'])) { $updated = true; } } elseif ($field === 'name') { - $admin_name = $inputService->filterName($_POST['name']); + $admin_name = $_POST['name']; + $admin_name = mb_substr($admin_name, 0, 32); + $admin_name = $inputService->filterName($admin_name); if ($admin_name) { $poll->admin_name = $admin_name; $updated = true; diff --git a/create_poll.php b/create_poll.php index d70f140..c4894d6 100644 --- a/create_poll.php +++ b/create_poll.php @@ -62,7 +62,7 @@ if ($goToStep2) { $use_customized_url = isset($_POST['use_customized_url']) ? $inputService->filterBoolean($_POST['use_customized_url']) : false; $customized_url = $use_customized_url === true ? $inputService->filterId($_POST['customized_url']) : null; - $name = $inputService->filterName($_POST['name']); + $name = mb_substr($inputService->filterName($_POST['name']), 0, 32); $mail = $config['use_smtp'] === true ? $inputService->filterMail($_POST['mail']) : null; $description = $inputService->filterDescription($_POST['description']); $editable = $inputService->filterEditable($_POST['editable']); @@ -248,6 +248,10 @@ if (!empty($_POST[GO_TO_STEP_2])) { $errors['name']['aria'] = 'aria-describeby="poll_name_error" '; $errors['name']['class'] = ' has-error'; $errors['name']['msg'] = __('Error', 'Enter a name'); + } elseif (mb_strlen($inputService->filterName($_POST['name'])) > 32) { + $errors['name']['aria'] = 'aria-describeby="poll_name_error" '; + $errors['name']['class'] = ' has-error'; + $errors['name']['msg'] = __('Error', "Name is limited to 32 characters"); } elseif ($error_on_name) { $errors['name']['aria'] = 'aria-describeby="poll_name_error" '; $errors['name']['class'] = ' has-error'; diff --git a/locale/en.json b/locale/en.json index dd6b2d2..197f622 100644 --- a/locale/en.json +++ b/locale/en.json @@ -66,6 +66,7 @@ "Installation checking": "Installation checking", "OpenSSL extension loaded.": "OpenSSL extension loaded.", "PHP Intl extension is enabled.": "PHP Intl extension is enabled.", + "PHP mbstring extension is enabled.": "PHP mbstring extension is enabled.", "PHP version %s is enough (needed at least PHP %s).": "PHP version %s is enough (needed at least PHP %s).", "The config file directory (%s) is not writable and the config file (%s) does not exists.": "The config file directory (%s) is not writable and the config file (%s) does not exists.", "The config file directory (%s) is writable.": "The config file directory (%s) is writable.", @@ -74,6 +75,7 @@ "The template compile directory (%s) is not writable.": "The template compile directory (%s) is not writable.", "The template compile directory (%s) is writable.": "The template compile directory (%s) is writable.", "You need to enable the PHP Intl extension.": "You need to enable the PHP Intl extension.", + "You need to enable the PHP mbstring extension.": "You need to enable the PHP mbstring extension.", "Your PHP version (%s) is too old. This application needs at least PHP %s.": "Your PHP version (%s) is too old. This application needs at least PHP %s.", "date.timezone is set.": "date.timezone is set." }, @@ -136,6 +138,7 @@ "Framadate is not properly installed, please check the \"INSTALL\" to setup the database before continuing.": "Framadate is not properly installed, please see the 'INSTALL' file for instructions on setting up the database before continuing.", "Javascript is disabled on your browser. Its activation is required to create a poll.": "JavaScript is disabled on your browser. It is required to create a poll.", "MISSING_VALUES": "Missing values", + "Name is limited to 32 characters": "Name is limited to 32 characters", "No polls found": "No polls found", "Password is empty": "Password is empty.", "Passwords do not match": "Passwords do not match.", diff --git a/locale/fr_FR.json b/locale/fr_FR.json index e4a51e2..f9578a1 100644 --- a/locale/fr_FR.json +++ b/locale/fr_FR.json @@ -66,6 +66,7 @@ "Installation checking": "Vérifications de l'installation", "OpenSSL extension loaded.": "L'extension PHP OpenSSL est chargée.", "PHP Intl extension is enabled.": "L'extension PHP Intl est activée.", + "PHP mbstring extension is enabled.": "L'extension PHP mbstring est activée.", "PHP version %s is enough (needed at least PHP %s).": "Version de PHP %s suffisante (nécessite au moins PHP %s).", "The config file directory (%s) is not writable and the config file (%s) does not exists.": "Le dossier du fichier de configuration (%s) n'est pas accessible en écriture et le fichier de configuration (%s) n'existe pas.", "The config file directory (%s) is writable.": "Le dossier du fichier de configuration (%s) est accessible en écriture.", @@ -74,6 +75,7 @@ "The template compile directory (%s) is not writable.": "Le dossier de compilation des templates (%s) n'est pas accessible en écriture.", "The template compile directory (%s) is writable.": "Le dossier de compilation des templates (%s) est accessible en écriture.", "You need to enable the PHP Intl extension.": "Vous devez activer l'extension PHP Intl.", + "You need to enable the PHP mbstring extension.": "Vous devez activer l'extension PHP mbstring.", "Your PHP version (%s) is too old. This application needs at least PHP %s.": "Votre version de PHP (%s) est trop vieille. Cette application a besoin de PHP %s au moins.", "date.timezone is set.": "date.timezone est défini." }, @@ -136,6 +138,7 @@ "Framadate is not properly installed, please check the \"INSTALL\" to setup the database before continuing.": "Framadate n'est pas installé correctement, lisez le fichier INSTALL pour configurer la base de données avant de continuer.", "Javascript is disabled on your browser. Its activation is required to create a poll.": "JavaScript est désactivé sur votre navigateur. Son activation est requise pour la création d'un sondage.", "MISSING_VALUES": "Il manque des valeurs", + "Name is limited to 32 characters": "Le nom est limité à 32 caractères", "No polls found": "Aucun sondage n'a été trouvé", "Password is empty": "Le mot de passe est vide.", "Passwords do not match": "Les mots de passe ne correspondent pas.", diff --git a/tpl/part/poll_info.tpl b/tpl/part/poll_info.tpl index 11e61dd..0f2d2b2 100644 --- a/tpl/part/poll_info.tpl +++ b/tpl/part/poll_info.tpl @@ -58,7 +58,7 @@