Encode action values in base64 instead of url_encode (because of UrlRewrite)

2015-11-30 20:26:23 +01:00 · 2015-11-30 20:26:23 +01:00 · 5d4958e1f4
parent 9b4b72e3d4
commit 5d4958e1f4
5 changed files with 27 additions and 9 deletions
--- a/adminstuds.php
+++ b/adminstuds.php
@ -246,6 +246,7 @@ if (!empty($_POST['save'])) { // Save edition of an old vote

 if (!empty($_GET['delete_vote'])) {
    $vote_id = filter_input(INPUT_GET, 'delete_vote', FILTER_VALIDATE_INT);
+    $vote_id = Utils::base64url_decode($vote_id);
    if ($adminPollService->deleteVote($poll_id, $vote_id)) {
        $message = new Message('success', __('adminstuds', 'Vote deleted'));
    } else {
@ -361,6 +362,7 @@ if (isset($_POST['confirm_delete_poll'])) {

 if (!empty($_GET['delete_column'])) {
    $column = filter_input(INPUT_GET, 'delete_column', FILTER_DEFAULT);
+    $column = Utils::base64url_decode($column);

    if ($poll->format === 'D') {
        $ex = explode('@', $column);
--- a/app/classes/Framadate/Utils.php
+++ b/app/classes/Framadate/Utils.php
@ -105,7 +105,7 @@ class Utils {
     */
    public static function getUrlSondage($id, $admin = false, $vote_id = '', $action = null, $action_value = null) {
        // URL-Encode $action_value
-        $action_value = $action_value == null ? null : urlencode($action_value);
+        $action_value = $action_value == null ? null : Utils::base64url_encode($action_value);

        if (URL_PROPRE) {
            if ($admin === true) {
@ -115,8 +115,12 @@ class Utils {
            }
            if ($vote_id != '') {
                $url .= '/vote/' . $vote_id . "#edit";
-            } elseif ($action != null && $action_value != null) {
-                $url .= '/action/' . $action . '/' . $action_value;
+            } elseif ($action != null) {
+                if ($action_value != null) {
+                    $url .= '/action/' . $action . '/' . $action_value;
+                } else {
+                    $url .= '/action/' . $action;
+                }
            }
        } else {
            if ($admin === true) {
@ -126,8 +130,12 @@ class Utils {
            }
            if ($vote_id != '') {
                $url .= '&vote=' . $vote_id . "#edit";
-            } elseif ($action != null && $action_value != null)  {
-                $url .= '&' . $action . "=" . $action_value;
+            } elseif ($action != null)  {
+                if ($action_value != null) {
+                    $url .= '&' . $action . "=" . $action_value;
+                } else {
+                    $url .= '&' . $action . "=";
+                }
            }
        }

@ -200,4 +208,12 @@ class Utils {
    public static function fromPostOrDefault($postKey, $default = '') {
        return !empty($_POST[$postKey]) ? Utils::htmlEscape($_POST[$postKey]) : $default;
    }
+
+    public static function base64url_encode($input) {
+        return rtrim(strtr(base64_encode($input), '+/', '-_'), '=');
+    }
+
+    public static function base64url_decode($input) {
+        return base64_decode(str_pad(strtr($input, '-_', '+/'), strlen($input) % 4, '=', STR_PAD_RIGHT));
+    }
 }
--- a/htaccess.txt
+++ b/htaccess.txt
@ -9,9 +9,9 @@
  RewriteRule . - [L]

  RewriteRule ^([a-zA-Z0-9]{16})$ studs.php?poll=$1 [L]
-  RewriteRule ^([a-zA-Z0-9]{16})/action/([a-zA-Z_-]+)/(.+)$ studs.php?poll=$1&$2=$3 [B]
+  RewriteRule ^([a-zA-Z0-9]{16})/action/([a-zA-Z_-]+)/(.+)$ studs.php?poll=$1&$2=$3
  RewriteRule ^([a-zA-Z0-9]{16})/vote/([a-zA-Z0-9]{16})$ studs.php?poll=$1&vote=$2
  RewriteRule ^([a-zA-Z0-9]{24})/admin$ adminstuds.php?poll=$1
  RewriteRule ^([a-zA-Z0-9]{24})/admin/vote/([a-zA-Z0-9]{16})$ adminstuds.php?poll=$1&vote=$2
-  RewriteRule ^([a-zA-Z0-9]{24})/admin/action/([a-zA-Z_-]+)/(.+)$ adminstuds.php?poll=$1&$2=$3 [B]
+  RewriteRule ^([a-zA-Z0-9]{24})/admin/action/([a-zA-Z_-]+)(/(.+))?$ adminstuds.php?poll=$1&$2=$4
 </IfModule>
--- a/tpl/part/vote_table_classic.tpl
+++ b/tpl/part/vote_table_classic.tpl
@ -21,7 +21,7 @@
                            </td>
                    {/foreach}
                    <td>
-                        <a href="{poll_url id=$admin_poll_id admin=true action='add_slot' action_value=true}"
+                        <a href="{poll_url id=$admin_poll_id admin=true action='add_slot'}"
                           class="btn btn-link btn-sm" title="{__('adminstuds', 'Add a column')}">
                            <i class="glyphicon glyphicon-plus text-success"></i><span class="sr-only">{__('Poll results', 'Add a column')}</span>
                        </a>
--- a/tpl/part/vote_table_date.tpl
+++ b/tpl/part/vote_table_date.tpl
@ -27,7 +27,7 @@
                        {/foreach}
                    {/foreach}
                    <td>
-                        <a href="{poll_url id=$admin_poll_id admin=true action='add_slot' action_value=true}"
+                        <a href="{poll_url id=$admin_poll_id admin=true action='add_slot'}"
                           class="btn btn-link btn-sm" title="{__('adminstuds', 'Add a column')}">
                            <i class="glyphicon glyphicon-plus text-success"></i><span class="sr-only">{__('Poll results', 'Add a column')}</span>
                        </a>