diff --git a/adminstuds.php b/adminstuds.php
index 38c92bf..b7fe959 100644
--- a/adminstuds.php
+++ b/adminstuds.php
@@ -45,10 +45,16 @@ $inputService = new InputService();
/* PAGE */
/* ---- */
-if (!empty($_GET['poll']) && strlen($_GET['poll']) === 24) {
- $admin_poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
- $poll_id = substr($admin_poll_id, 0, 16);
- $poll = $pollService->findById($poll_id);
+if (!empty($_POST['poll']) || !empty($_GET['poll'])) {
+ if (!empty($_POST['poll']))
+ $inputType = INPUT_POST;
+ else
+ $inputType = INPUT_GET;
+ $admin_poll_id = filter_input($inputType, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
+ if (strlen($admin_poll_id) === 24) {
+ $poll_id = substr($admin_poll_id, 0, 16);
+ $poll = $pollService->findById($poll_id);
+ }
}
if (!$poll) {
@@ -131,8 +137,8 @@ if (isset($_POST['update_poll_info'])) {
// A vote is going to be edited
// -------------------------------
-if (!empty($_POST['edit_vote'])) {
- $editingVoteId = filter_input(INPUT_POST, 'edit_vote', FILTER_VALIDATE_INT);
+if (!empty($_GET['vote'])) {
+ $editingVoteId = filter_input(INPUT_GET, 'vote', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
}
// -------------------------------
diff --git a/app/classes/Framadate/Services/PollService.php b/app/classes/Framadate/Services/PollService.php
index 0fd397f..ad5a1e2 100644
--- a/app/classes/Framadate/Services/PollService.php
+++ b/app/classes/Framadate/Services/PollService.php
@@ -116,6 +116,7 @@ class PollService {
$obj = new \stdClass();
$obj->id = $vote->id;
$obj->name = $vote->name;
+ $obj->uniqId = $vote->uniqId;
$obj->choices = str_split($vote->choices);
$splitted[] = $obj;
diff --git a/app/classes/Framadate/Utils.php b/app/classes/Framadate/Utils.php
index 7491c4f..6a91a27 100644
--- a/app/classes/Framadate/Utils.php
+++ b/app/classes/Framadate/Utils.php
@@ -97,23 +97,30 @@ class Utils {
}
/**
- * Fonction permettant de générer les URL pour les sondage
- * @param string $id L'identifiant du sondage
- * @param bool $admin True pour générer une URL pour l'administration d'un sondage, False pour un URL publique
- * @return string L'url pour le sondage
+ * Function allowing to generate poll's url
+ * @param string $id The poll's id
+ * @param bool $admin True to generate an admin URL, false for a public one
+ * @param string $vote_id (optional) The vote's unique id
+ * @return string The poll's URL.
*/
- public static function getUrlSondage($id, $admin = false) {
+ public static function getUrlSondage($id, $admin = false, $vote_id='') {
if (URL_PROPRE) {
if ($admin === true) {
$url = str_replace('/admin', '', self::get_server_name()) . $id . '/admin';
} else {
$url = str_replace('/admin', '', self::get_server_name()) . $id;
+ if ($vote_id != '') {
+ $url .= '/vote/'.$vote_id;
+ }
}
} else {
if ($admin === true) {
$url = str_replace('/admin', '', self::get_server_name()) . 'adminstuds.php?poll=' . $id;
} else {
$url = str_replace('/admin', '', self::get_server_name()) . 'studs.php?poll=' . $id;
+ if ($vote_id != '') {
+ $url .= '&vote='.$vote_id;
+ }
}
}
diff --git a/app/inc/smarty.php b/app/inc/smarty.php
index 7481e78..87e8046 100644
--- a/app/inc/smarty.php
+++ b/app/inc/smarty.php
@@ -34,6 +34,7 @@ $smarty->assign('html_lang', $html_lang);
$smarty->assign('langs', $ALLOWED_LANGUAGES);
$smarty->assign('date_format', $date_format);
+// Dev Mode
if ($_SERVER['FRAMADATE_DEVMODE']) {
$smarty->force_compile = true;
$smarty->compile_check = true;
@@ -44,8 +45,14 @@ if ($_SERVER['FRAMADATE_DEVMODE']) {
}
-function smarty_modifier_poll_url($poll_id, $admin = false) {
- return Utils::getUrlSondage($poll_id, $admin);
+function smarty_function_poll_url($params, Smarty_Internal_Template $template) {
+ $poll_id = filter_var($params['id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
+ $admin = $params['admin']?true:false;
+ $vote_unique_id = filter_var($params['vote_id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
+
+ // If filter_var fails (i.e.: hack tentative), it will return false. At least no leak is possible from this.
+
+ return Utils::getUrlSondage($poll_id, $admin, $vote_unique_id);
}
function smarty_modifier_markdown($md, $clear = false) {
diff --git a/htaccess.txt b/htaccess.txt
new file mode 100644
index 0000000..8b223e9
--- /dev/null
+++ b/htaccess.txt
@@ -0,0 +1,13 @@
+######################
+# .htaccess example. #
+######################
+
+