Chapril/date.chapril.org-framadate
Chapril/date.chapril.org-framadate
23
1
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'fix-poll-entry-modification' into 'develop'

Browse Source 
fix(admin/add_column): stop modifying user input in stored data

Closes #384

See merge request framasoft/framadate/framadate!362
This commit is contained in:
Thomas Citharel 2019-04-15 15:16:47 +02:00
commit 5f7388cddb
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
adminstuds.php
View File

@ -467,10 +467,10 @@ if (isset($_POST['confirm_add_column'])) {
if ($poll->format === 'D') {
$date = DateTime::createFromFormat(__('Date', 'Y-m-d'), $_POST['newdate'])->setTime(0, 0, 0);
$time = $date->getTimestamp();
$newmoment = str_replace(',', '-', strip_tags($_POST['newmoment']));
$newmoment = strip_tags($_POST['newmoment']);
$adminPollService->addDateSlot($poll_id, $time, $newmoment);
} else {
$newslot = str_replace(',', '-', strip_tags($_POST['choice']));
$newslot = strip_tags($_POST['choice']);
$adminPollService->addClassicSlot($poll_id, $newslot);
}

4
app/classes/Framadate/Services/AdminPollService.php
View File

@ -200,7 +200,7 @@ class AdminPollService {
* @throws \Doctrine\DBAL\ConnectionException
*/
public function addDateSlot($poll_id, $datetime, $new_moment) {
$this->logService->log('ADD_COLUMN', 'id:' . $poll_id . ', datetime:' . $datetime . ', moment:' . $new_moment);
$this->logService->log('ADD_COLUMN', 'id:' . $poll_id . ', datetime:' . $datetime . ', moment:' . str_replace(',', '-', $new_moment));
try {
$slots = $this->slotRepository->listByPollId($poll_id);
@ -252,7 +252,7 @@ class AdminPollService {
* @throws \Doctrine\DBAL\DBALException
*/
public function addClassicSlot($poll_id, $title) {
$this->logService->log('ADD_COLUMN', 'id:' . $poll_id . ', title:' . $title);
$this->logService->log('ADD_COLUMN', 'id:' . $poll_id . ', title:' . str_replace(',', '-', $title));
$slots = $this->slotRepository->listByPollId($poll_id);