diff --git a/app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php b/app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php index 7e38739..b30d2bb 100644 --- a/app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php +++ b/app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php @@ -72,7 +72,7 @@ CREATE TABLE IF NOT EXISTS `sondage` ( `titre` text, `id_sondage_admin` char(24) DEFAULT NULL, `date_creation` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, - `date_fin` timestamp NOT NULL DEFAULT \'0000-00-00 00:00:00\', + `date_fin` timestamp NOT NULL, `format` varchar(2) DEFAULT NULL, `mailsonde` tinyint(1) DEFAULT \'0\', `statut` int(11) NOT NULL DEFAULT \'1\' COMMENT \'1 = actif ; 0 = inactif ; \', diff --git a/app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php b/app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php index 58f2421..5f8b7d7 100644 --- a/app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php +++ b/app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php @@ -90,7 +90,7 @@ CREATE TABLE IF NOT EXISTS `' . Utils::table('poll') . '` ( `admin_name` VARCHAR(64) DEFAULT NULL, `admin_mail` VARCHAR(128) DEFAULT NULL, `creation_date` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - `end_date` TIMESTAMP NOT NULL DEFAULT \'0000-00-00 00:00:00\', + `end_date` TIMESTAMP NOT NULL, `format` VARCHAR(1) DEFAULT NULL, `editable` TINYINT(1) DEFAULT \'0\', `receiveNewVotes` TINYINT(1) DEFAULT \'0\', diff --git a/app/classes/Framadate/Repositories/PollRepository.php b/app/classes/Framadate/Repositories/PollRepository.php index e2315a3..9cbebf0 100644 --- a/app/classes/Framadate/Repositories/PollRepository.php +++ b/app/classes/Framadate/Repositories/PollRepository.php @@ -16,7 +16,7 @@ class PollRepository extends AbstractRepository { (id, admin_id, title, description, admin_name, admin_mail, end_date, format, editable, receiveNewVotes, receiveNewComments, hidden, password_hash, results_publicly_visible) VALUES (?,?,?,?,?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?)'; $prepared = $this->prepare($sql); - $prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $form->password_hash, $form->results_publicly_visible)); + $prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable ? 1 : 0, $form->receiveNewVotes ? 1 : 0, $form->receiveNewComments ? 1 : 0, $form->hidden ? 1 : 0, $form->password_hash, $form->results_publicly_visible ? 1 : 0)); } function findById($poll_id) { @@ -58,7 +58,7 @@ class PollRepository extends AbstractRepository { function update($poll) { $prepared = $this->prepare('UPDATE `' . Utils::table('poll') . '` SET title=?, admin_name=?, admin_mail=?, description=?, end_date=?, active=?, editable=?, hidden=?, password_hash=?, results_publicly_visible=? WHERE id = ?'); - return $prepared->execute([$poll->title, $poll->admin_name, $poll->admin_mail, $poll->description, $poll->end_date, $poll->active, $poll->editable, $poll->hidden, $poll->password_hash, $poll->results_publicly_visible, $poll->id]); + return $prepared->execute([$poll->title, $poll->admin_name, $poll->admin_mail, $poll->description, $poll->end_date, $poll->active, $poll->editable ? 1 : 0, $poll->hidden ? 1 : 0, $poll->password_hash, $poll->results_publicly_visible ? 1 : 0, $poll->id]); } function deleteById($poll_id) { diff --git a/exportcsv.php b/exportcsv.php index db8832a..5f07e1d 100644 --- a/exportcsv.php +++ b/exportcsv.php @@ -18,6 +18,7 @@ */ use Framadate\Services\LogService; use Framadate\Services\PollService; +use Framadate\Services\SecurityService; use Framadate\Utils; include_once __DIR__ . '/app/inc/init.php'; @@ -35,6 +36,7 @@ $poll = null; $logService = new LogService(); $pollService = new PollService($connect, $logService); +$securityService = new SecurityService(); /* PAGE */ /* ---- */ @@ -42,6 +44,12 @@ $pollService = new PollService($connect, $logService); if (!empty($_GET['poll'])) { $poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); $poll = $pollService->findById($poll_id); +} else if (!empty($_GET['admin'])) { + $admin_id = filter_input(INPUT_GET, 'admin', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => ADMIN_POLL_REGEX]]); + $poll = $pollService->findByAdminId($admin_id); + if ($poll) { + $poll_id = $poll->id; + } } if (!$poll) { @@ -50,6 +58,16 @@ if (!$poll) { exit; } +if (empty($admin_id)) { + $forbiddenBecauseOfPassword = !$poll->results_publicly_visible && !$securityService->canAccessPoll($poll); + $resultsAreHidden = $poll->hidden; + + if ($resultsAreHidden || $forbiddenBecauseOfPassword) { + $smarty->assign('error', __('Error', 'Forbidden!')); + $smarty->display('error.tpl'); + exit; + } +} $slots = $pollService->allSlotsByPoll($poll); $votes = $pollService->allVotesByPollId($poll_id); diff --git a/locale/br.json b/locale/br.json index 163fba3..f50059c 100644 --- a/locale/br.json +++ b/locale/br.json @@ -369,6 +369,7 @@ }, "Error": { "Error!": "Fazi!", + "Forbidden!": "BR_Interdit !", "Enter a title": "Ret eo enankañ un titl!", "Something is going wrong...": "Un dra bennak a-dreuz a zo...", "Something is wrong with the format": "Un dra bennak a-dreuz a zo gant ar mentrezh", diff --git a/locale/de.json b/locale/de.json index 6bf5ed5..94f5632 100644 --- a/locale/de.json +++ b/locale/de.json @@ -370,6 +370,7 @@ }, "Error": { "Error!": "Fehler!", + "Forbidden!": "Verboten!", "Enter a title": "Titel eingeben", "Something is going wrong...": "Etwas geht schief...", "Something is wrong with the format": "Mit dem Format stimmt etwas nicht", diff --git a/locale/en.json b/locale/en.json index 0b550dd..2f47a44 100644 --- a/locale/en.json +++ b/locale/en.json @@ -371,6 +371,7 @@ }, "Error": { "Error!": "Error!", + "Forbidden!": "Forbidden!", "Enter a title": "Enter a title", "Something is going wrong...": "Something has gone wrong...", "Something is wrong with the format": "Something is wrong with the format", diff --git a/locale/es.json b/locale/es.json index 1491b86..9bcaa11 100644 --- a/locale/es.json +++ b/locale/es.json @@ -370,6 +370,7 @@ }, "Error": { "Error!": "¡Error!", + "Forbidden!": "¡Prohibido!", "Enter a title": "Introducza un título", "Something is going wrong...": "Algo anda mal...", "Something is wrong with the format": "Algo está mal con el formato", diff --git a/locale/fr.json b/locale/fr.json index 5b4799b..a6c2ec7 100644 --- a/locale/fr.json +++ b/locale/fr.json @@ -370,6 +370,7 @@ }, "Error": { "Error!": "Erreur !", + "Forbidden!": "Interdit !", "Enter a title": "Il faut saisir un titre !", "Something is going wrong...": "Quelque chose ne va pas...", "Something is wrong with the format": "Quelque chose ne va pas avec le format", diff --git a/locale/it.json b/locale/it.json index f9fe241..0920be8 100644 --- a/locale/it.json +++ b/locale/it.json @@ -370,6 +370,7 @@ }, "Error": { "Error!": "Errore!", + "Forbidden!": "Proibito!", "Enter a title": "È necessario inserire un titolo !", "Something is going wrong...": "Qualcosa non è corretto...", "Something is wrong with the format": "Qualche errore nel formato", diff --git a/locale/oc.json b/locale/oc.json index 7e0423d..fadc23c 100644 --- a/locale/oc.json +++ b/locale/oc.json @@ -370,6 +370,7 @@ }, "Error": { "Error!": "Error !", + "Forbidden!": "OC_Interdit !", "Enter a title": "Cal picar un títol !", "Something is going wrong...": "I a quicòm que truca...", "Something is wrong with the format": "I a quicòm que truca amb lo format.", diff --git a/tpl/part/poll_info.tpl b/tpl/part/poll_info.tpl index c568721..ebf3562 100644 --- a/tpl/part/poll_info.tpl +++ b/tpl/part/poll_info.tpl @@ -21,7 +21,13 @@
- {__('PollInfo', 'Export to CSV')} + {if $admin} + {__('PollInfo', 'Export to CSV')} + {else} + {if !$hidden} + {__('PollInfo', 'Export to CSV')} + {/if} + {/if} {if $admin} {if !$expired}