diff --git a/adminstuds.php b/adminstuds.php
index 29f3d27..b47ea03 100644
--- a/adminstuds.php
+++ b/adminstuds.php
@@ -246,6 +246,7 @@ if (!empty($_POST['save'])) { // Save edition of an old vote
if (!empty($_GET['delete_vote'])) {
$vote_id = filter_input(INPUT_GET, 'delete_vote', FILTER_VALIDATE_INT);
+ $vote_id = Utils::base64url_decode($vote_id);
if ($adminPollService->deleteVote($poll_id, $vote_id)) {
$message = new Message('success', __('adminstuds', 'Vote deleted'));
} else {
@@ -361,6 +362,7 @@ if (isset($_POST['confirm_delete_poll'])) {
if (!empty($_GET['delete_column'])) {
$column = filter_input(INPUT_GET, 'delete_column', FILTER_DEFAULT);
+ $column = Utils::base64url_decode($column);
if ($poll->format === 'D') {
$ex = explode('@', $column);
diff --git a/app/classes/Framadate/Utils.php b/app/classes/Framadate/Utils.php
index 3565a70..b340bad 100644
--- a/app/classes/Framadate/Utils.php
+++ b/app/classes/Framadate/Utils.php
@@ -105,7 +105,7 @@ class Utils {
*/
public static function getUrlSondage($id, $admin = false, $vote_id = '', $action = null, $action_value = null) {
// URL-Encode $action_value
- $action_value = $action_value == null ? null : urlencode($action_value);
+ $action_value = $action_value == null ? null : Utils::base64url_encode($action_value);
if (URL_PROPRE) {
if ($admin === true) {
@@ -115,8 +115,12 @@ class Utils {
}
if ($vote_id != '') {
$url .= '/vote/' . $vote_id . "#edit";
- } elseif ($action != null && $action_value != null) {
- $url .= '/action/' . $action . '/' . $action_value;
+ } elseif ($action != null) {
+ if ($action_value != null) {
+ $url .= '/action/' . $action . '/' . $action_value;
+ } else {
+ $url .= '/action/' . $action;
+ }
}
} else {
if ($admin === true) {
@@ -126,8 +130,12 @@ class Utils {
}
if ($vote_id != '') {
$url .= '&vote=' . $vote_id . "#edit";
- } elseif ($action != null && $action_value != null) {
- $url .= '&' . $action . "=" . $action_value;
+ } elseif ($action != null) {
+ if ($action_value != null) {
+ $url .= '&' . $action . "=" . $action_value;
+ } else {
+ $url .= '&' . $action . "=";
+ }
}
}
@@ -200,4 +208,12 @@ class Utils {
public static function fromPostOrDefault($postKey, $default = '') {
return !empty($_POST[$postKey]) ? Utils::htmlEscape($_POST[$postKey]) : $default;
}
+
+ public static function base64url_encode($input) {
+ return rtrim(strtr(base64_encode($input), '+/', '-_'), '=');
+ }
+
+ public static function base64url_decode($input) {
+ return base64_decode(str_pad(strtr($input, '-_', '+/'), strlen($input) % 4, '=', STR_PAD_RIGHT));
+ }
}
diff --git a/htaccess.txt b/htaccess.txt
index a59fcd7..640cb13 100644
--- a/htaccess.txt
+++ b/htaccess.txt
@@ -9,9 +9,9 @@
RewriteRule . - [L]
RewriteRule ^([a-zA-Z0-9]{16})$ studs.php?poll=$1 [L]
- RewriteRule ^([a-zA-Z0-9]{16})/action/([a-zA-Z_-]+)/(.+)$ studs.php?poll=$1&$2=$3 [B]
+ RewriteRule ^([a-zA-Z0-9]{16})/action/([a-zA-Z_-]+)/(.+)$ studs.php?poll=$1&$2=$3
RewriteRule ^([a-zA-Z0-9]{16})/vote/([a-zA-Z0-9]{16})$ studs.php?poll=$1&vote=$2
RewriteRule ^([a-zA-Z0-9]{24})/admin$ adminstuds.php?poll=$1
RewriteRule ^([a-zA-Z0-9]{24})/admin/vote/([a-zA-Z0-9]{16})$ adminstuds.php?poll=$1&vote=$2
- RewriteRule ^([a-zA-Z0-9]{24})/admin/action/([a-zA-Z_-]+)/(.+)$ adminstuds.php?poll=$1&$2=$3 [B]
+ RewriteRule ^([a-zA-Z0-9]{24})/admin/action/([a-zA-Z_-]+)(/(.+))?$ adminstuds.php?poll=$1&$2=$4
\ No newline at end of file
diff --git a/tpl/part/vote_table_classic.tpl b/tpl/part/vote_table_classic.tpl
index a00af34..fa496ef 100644
--- a/tpl/part/vote_table_classic.tpl
+++ b/tpl/part/vote_table_classic.tpl
@@ -21,7 +21,7 @@
{/foreach}
|
-
{__('Poll results', 'Add a column')}
diff --git a/tpl/part/vote_table_date.tpl b/tpl/part/vote_table_date.tpl
index 4ba4347..2afb20b 100644
--- a/tpl/part/vote_table_date.tpl
+++ b/tpl/part/vote_table_date.tpl
@@ -27,7 +27,7 @@
{/foreach}
{/foreach}
|
-
{__('Poll results', 'Add a column')}
|