diff --git a/adminstuds.php b/adminstuds.php index 38c92bf..b7fe959 100644 --- a/adminstuds.php +++ b/adminstuds.php @@ -45,10 +45,16 @@ $inputService = new InputService(); /* PAGE */ /* ---- */ -if (!empty($_GET['poll']) && strlen($_GET['poll']) === 24) { - $admin_poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); - $poll_id = substr($admin_poll_id, 0, 16); - $poll = $pollService->findById($poll_id); +if (!empty($_POST['poll']) || !empty($_GET['poll'])) { + if (!empty($_POST['poll'])) + $inputType = INPUT_POST; + else + $inputType = INPUT_GET; + $admin_poll_id = filter_input($inputType, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); + if (strlen($admin_poll_id) === 24) { + $poll_id = substr($admin_poll_id, 0, 16); + $poll = $pollService->findById($poll_id); + } } if (!$poll) { @@ -131,8 +137,8 @@ if (isset($_POST['update_poll_info'])) { // A vote is going to be edited // ------------------------------- -if (!empty($_POST['edit_vote'])) { - $editingVoteId = filter_input(INPUT_POST, 'edit_vote', FILTER_VALIDATE_INT); +if (!empty($_GET['vote'])) { + $editingVoteId = filter_input(INPUT_GET, 'vote', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); } // ------------------------------- diff --git a/app/classes/Framadate/Services/PollService.php b/app/classes/Framadate/Services/PollService.php index 0fd397f..ad5a1e2 100644 --- a/app/classes/Framadate/Services/PollService.php +++ b/app/classes/Framadate/Services/PollService.php @@ -116,6 +116,7 @@ class PollService { $obj = new \stdClass(); $obj->id = $vote->id; $obj->name = $vote->name; + $obj->uniqId = $vote->uniqId; $obj->choices = str_split($vote->choices); $splitted[] = $obj; diff --git a/app/classes/Framadate/Utils.php b/app/classes/Framadate/Utils.php index 7491c4f..6a91a27 100644 --- a/app/classes/Framadate/Utils.php +++ b/app/classes/Framadate/Utils.php @@ -97,23 +97,30 @@ class Utils { } /** - * Fonction permettant de générer les URL pour les sondage - * @param string $id L'identifiant du sondage - * @param bool $admin True pour générer une URL pour l'administration d'un sondage, False pour un URL publique - * @return string L'url pour le sondage + * Function allowing to generate poll's url + * @param string $id The poll's id + * @param bool $admin True to generate an admin URL, false for a public one + * @param string $vote_id (optional) The vote's unique id + * @return string The poll's URL. */ - public static function getUrlSondage($id, $admin = false) { + public static function getUrlSondage($id, $admin = false, $vote_id='') { if (URL_PROPRE) { if ($admin === true) { $url = str_replace('/admin', '', self::get_server_name()) . $id . '/admin'; } else { $url = str_replace('/admin', '', self::get_server_name()) . $id; + if ($vote_id != '') { + $url .= '/vote/'.$vote_id; + } } } else { if ($admin === true) { $url = str_replace('/admin', '', self::get_server_name()) . 'adminstuds.php?poll=' . $id; } else { $url = str_replace('/admin', '', self::get_server_name()) . 'studs.php?poll=' . $id; + if ($vote_id != '') { + $url .= '&vote='.$vote_id; + } } } diff --git a/app/inc/smarty.php b/app/inc/smarty.php index 7481e78..87e8046 100644 --- a/app/inc/smarty.php +++ b/app/inc/smarty.php @@ -34,6 +34,7 @@ $smarty->assign('html_lang', $html_lang); $smarty->assign('langs', $ALLOWED_LANGUAGES); $smarty->assign('date_format', $date_format); +// Dev Mode if ($_SERVER['FRAMADATE_DEVMODE']) { $smarty->force_compile = true; $smarty->compile_check = true; @@ -44,8 +45,14 @@ if ($_SERVER['FRAMADATE_DEVMODE']) { } -function smarty_modifier_poll_url($poll_id, $admin = false) { - return Utils::getUrlSondage($poll_id, $admin); +function smarty_function_poll_url($params, Smarty_Internal_Template $template) { + $poll_id = filter_var($params['id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); + $admin = $params['admin']?true:false; + $vote_unique_id = filter_var($params['vote_id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); + + // If filter_var fails (i.e.: hack tentative), it will return false. At least no leak is possible from this. + + return Utils::getUrlSondage($poll_id, $admin, $vote_unique_id); } function smarty_modifier_markdown($md, $clear = false) { diff --git a/htaccess.txt b/htaccess.txt new file mode 100644 index 0000000..8b223e9 --- /dev/null +++ b/htaccess.txt @@ -0,0 +1,13 @@ +###################### +# .htaccess example. # +###################### + + + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} -f [OR] + RewriteCond %{REQUEST_FILENAME} -d + + RewriteRule ^([a-zA-Z0-9]{16})$ studs.php?poll=$1 + RewriteRule ^([a-zA-Z0-9]{16})/vote/([a-zA-Z0-9]{16})$ studs.php?poll=$1&vote_id=$2 + RewriteRule ^([a-zA-Z0-9]{24})/admin$ adminstuds.php?poll=$1 + \ No newline at end of file diff --git a/studs.php b/studs.php index 461d86d..c965917 100644 --- a/studs.php +++ b/studs.php @@ -91,8 +91,12 @@ function sendUpdateNotification($poll, $mailService, $name, $type) { /* PAGE */ /* ---- */ -if (!empty($_GET['poll'])) { - $poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); +if (!empty($_POST['poll']) || !empty($_GET['poll'])) { + if (!empty($_POST['poll'])) + $inputType = INPUT_POST; + else + $inputType = INPUT_GET; + $poll_id = filter_input($inputType, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); $poll = $pollService->findById($poll_id); } @@ -106,8 +110,8 @@ if (!$poll) { // A vote is going to be edited // ------------------------------- -if (!empty($_POST['edit_vote'])) { - $editingVoteId = filter_input(INPUT_POST, 'edit_vote', FILTER_VALIDATE_INT); +if (!empty($_GET['vote'])) { + $editingVoteId = filter_input(INPUT_GET, 'vote', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); } // ------------------------------- diff --git a/tpl/add_slot.tpl b/tpl/add_slot.tpl index a8593e1..3ef5e5e 100644 --- a/tpl/add_slot.tpl +++ b/tpl/add_slot.tpl @@ -1,7 +1,7 @@ {extends file='page.tpl'} {block name=main} -
+

{__('adminstuds', 'Column\'s adding')}

diff --git a/tpl/admin/polls.tpl b/tpl/admin/polls.tpl index e26e3ae..53bbd1f 100644 --- a/tpl/admin/polls.tpl +++ b/tpl/admin/polls.tpl @@ -91,11 +91,11 @@ {/if} {$poll->votes|html} {$poll->id|html} - {__('Admin', 'See the poll')} - {__('Admin', 'Change the poll')} diff --git a/tpl/confirm/delete_comments.tpl b/tpl/confirm/delete_comments.tpl index c94bf10..bd9642f 100644 --- a/tpl/confirm/delete_comments.tpl +++ b/tpl/confirm/delete_comments.tpl @@ -1,7 +1,7 @@ {extends file='page.tpl'} {block name=main} - +

{__('adminstuds', 'Confirm removal of all comments of the poll')}

diff --git a/tpl/confirm/delete_poll.tpl b/tpl/confirm/delete_poll.tpl index 9db0777..7bba15a 100644 --- a/tpl/confirm/delete_poll.tpl +++ b/tpl/confirm/delete_poll.tpl @@ -1,7 +1,7 @@ {extends file='page.tpl'} {block name=main} - +

{__('adminstuds', 'Confirm removal of the poll')}

diff --git a/tpl/confirm/delete_votes.tpl b/tpl/confirm/delete_votes.tpl index ed863b1..38faf64 100644 --- a/tpl/confirm/delete_votes.tpl +++ b/tpl/confirm/delete_votes.tpl @@ -1,7 +1,7 @@ {extends file='page.tpl'} {block name=main} - +

{__('adminstuds', 'Confirm removal of all votes of the poll')}

diff --git a/tpl/index.tpl b/tpl/index.tpl index d3af42b..c7b20a5 100644 --- a/tpl/index.tpl +++ b/tpl/index.tpl @@ -51,7 +51,7 @@ {if $demo_poll != null}

{__('1st section', 'Do you want to')} - {__('1st section', 'view an example?')} + {__('1st section', 'view an example?')}

{/if}
diff --git a/tpl/part/poll_info.tpl b/tpl/part/poll_info.tpl index 93e43b6..b39d1c9 100644 --- a/tpl/part/poll_info.tpl +++ b/tpl/part/poll_info.tpl @@ -1,6 +1,6 @@ {$admin = $admin|default:false} -{if $admin}{/if} +{if $admin}{/if}
@@ -90,13 +90,13 @@
- - + +
{if $admin}
- - + +

{__('PollInfo', 'Expiration date')}

diff --git a/tpl/part/vote_table_classic.tpl b/tpl/part/vote_table_classic.tpl index 2c3a48b..f94e169 100644 --- a/tpl/part/vote_table_classic.tpl +++ b/tpl/part/vote_table_classic.tpl @@ -5,7 +5,7 @@

{__('Poll results', 'Votes of the poll')}

- + @@ -35,8 +35,7 @@ {* Edited line *} - {if $editingVoteId == $vote->id} - + {if $editingVoteId === $vote->uniqId} {else} - {* Voted line *} @@ -90,11 +88,11 @@ {if $active && $poll->editable && !$expired}
{__('Poll results', 'Votes of the poll')} {$poll->title|html}
@@ -50,19 +49,19 @@
  • -
  • -
  • -
    • @@ -71,7 +70,6 @@ {/foreach}
{$vote->name|html} - + {if $admin} - {/if} @@ -108,7 +106,7 @@ {* Line to add a new vote *} - {if $active && $editingVoteId == 0 && !$expired} + {if $active && $editingVoteId === 0 && !$expired}
@@ -121,19 +119,19 @@
  • -
  • -
  • -
    • diff --git a/tpl/part/vote_table_date.tpl b/tpl/part/vote_table_date.tpl index 9262183..639513a 100644 --- a/tpl/part/vote_table_date.tpl +++ b/tpl/part/vote_table_date.tpl @@ -5,7 +5,7 @@

    {__('Poll results', 'Votes of the poll')}

    - + @@ -81,7 +81,7 @@ {* Edited line *} - {if $editingVoteId == $vote->id && !$expired} + {if $editingVoteId === $vote->uniqId && !$expired}
    {__('Poll results', 'Votes of the poll')} {$poll->title|html}
    @@ -136,9 +136,9 @@ {if $active && $poll->editable && !$expired}
    		- + {if $admin}