From 357bc89d16d2dc9be64fe968e418490bd4a2163a Mon Sep 17 00:00:00 2001
From: Olivier PEREZ <olivier@olivierperez.fr>
Date: Thu, 6 Oct 2016 20:37:46 +0200
Subject: [PATCH 1/4] Remove useless default SQL columns

---
 app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php | 2 +-
 app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php b/app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php
index 7e38739..b30d2bb 100644
--- a/app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php
+++ b/app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php
@@ -72,7 +72,7 @@ CREATE TABLE IF NOT EXISTS `sondage` (
   `titre` text,
   `id_sondage_admin` char(24) DEFAULT NULL,
   `date_creation` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `date_fin` timestamp NOT NULL DEFAULT \'0000-00-00 00:00:00\',
+  `date_fin` timestamp NOT NULL,
   `format` varchar(2) DEFAULT NULL,
   `mailsonde` tinyint(1) DEFAULT \'0\',
   `statut` int(11) NOT NULL DEFAULT \'1\' COMMENT \'1 = actif ; 0 = inactif ; \',
diff --git a/app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php b/app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php
index 58f2421..5f8b7d7 100644
--- a/app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php
+++ b/app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php
@@ -90,7 +90,7 @@ CREATE TABLE IF NOT EXISTS `' . Utils::table('poll') . '` (
   `admin_name`      VARCHAR(64) DEFAULT NULL,
   `admin_mail`      VARCHAR(128) DEFAULT NULL,
   `creation_date`   TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `end_date`        TIMESTAMP NOT NULL DEFAULT \'0000-00-00 00:00:00\',
+  `end_date`        TIMESTAMP NOT NULL,
   `format`          VARCHAR(1) DEFAULT NULL,
   `editable`        TINYINT(1) DEFAULT \'0\',
   `receiveNewVotes` TINYINT(1) DEFAULT \'0\',

From e8aac339f0837b1bcb2ab6adc718c0bfc4fb0833 Mon Sep 17 00:00:00 2001
From: Olivier PEREZ <olivier@olivierperez.fr>
Date: Thu, 6 Oct 2016 20:45:11 +0200
Subject: [PATCH 2/4] Booleanize some fields

---
 app/classes/Framadate/Repositories/PollRepository.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/classes/Framadate/Repositories/PollRepository.php b/app/classes/Framadate/Repositories/PollRepository.php
index e2315a3..9cbebf0 100644
--- a/app/classes/Framadate/Repositories/PollRepository.php
+++ b/app/classes/Framadate/Repositories/PollRepository.php
@@ -16,7 +16,7 @@ class PollRepository extends AbstractRepository {
           (id, admin_id, title, description, admin_name, admin_mail, end_date, format, editable, receiveNewVotes, receiveNewComments, hidden, password_hash, results_publicly_visible)
           VALUES (?,?,?,?,?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?)';
         $prepared = $this->prepare($sql);
-        $prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $form->password_hash, $form->results_publicly_visible));
+        $prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable ? 1 : 0, $form->receiveNewVotes ? 1 : 0, $form->receiveNewComments ? 1 : 0, $form->hidden ? 1 : 0, $form->password_hash, $form->results_publicly_visible ? 1 : 0));
     }
 
     function findById($poll_id) {
@@ -58,7 +58,7 @@ class PollRepository extends AbstractRepository {
     function update($poll) {
         $prepared = $this->prepare('UPDATE `' . Utils::table('poll') . '` SET title=?, admin_name=?, admin_mail=?, description=?, end_date=?, active=?, editable=?, hidden=?, password_hash=?, results_publicly_visible=? WHERE id = ?');
 
-        return $prepared->execute([$poll->title, $poll->admin_name, $poll->admin_mail, $poll->description, $poll->end_date, $poll->active, $poll->editable, $poll->hidden, $poll->password_hash, $poll->results_publicly_visible, $poll->id]);
+        return $prepared->execute([$poll->title, $poll->admin_name, $poll->admin_mail, $poll->description, $poll->end_date, $poll->active, $poll->editable ? 1 : 0, $poll->hidden ? 1 : 0, $poll->password_hash, $poll->results_publicly_visible ? 1 : 0, $poll->id]);
     }
 
     function deleteById($poll_id) {

From d980571a749ceb6400b7f1c301ca44fdb8ed7bd9 Mon Sep 17 00:00:00 2001
From: Olivier PEREZ <olivier@olivierperez.fr>
Date: Thu, 6 Oct 2016 21:13:01 +0200
Subject: [PATCH 3/4] Disable export when results are invisibles

---
 exportcsv.php          | 11 +++++++++++
 locale/br.json         |  1 +
 locale/de.json         |  1 +
 locale/en.json         |  1 +
 locale/es.json         |  1 +
 locale/fr.json         |  1 +
 locale/it.json         |  1 +
 locale/oc.json         |  1 +
 tpl/part/poll_info.tpl |  8 +++++++-
 9 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/exportcsv.php b/exportcsv.php
index db8832a..4f89f28 100644
--- a/exportcsv.php
+++ b/exportcsv.php
@@ -42,6 +42,12 @@ $pollService = new PollService($connect, $logService);
 if (!empty($_GET['poll'])) {
     $poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
     $poll = $pollService->findById($poll_id);
+} else if (!empty($_GET['admin'])) {
+    $admin_id = filter_input(INPUT_GET, 'admin', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => ADMIN_POLL_REGEX]]);
+    $poll = $pollService->findByAdminId($admin_id);
+    if ($poll) {
+        $poll_id = $poll->id;
+    }
 }
 
 if (!$poll) {
@@ -50,6 +56,11 @@ if (!$poll) {
     exit;
 }
 
+if ($poll->hidden && empty($admin_id)) {
+    $smarty->assign('error', __('Error', 'Forbidden!'));
+    $smarty->display('error.tpl');
+    exit;
+}
 
 $slots = $pollService->allSlotsByPoll($poll);
 $votes = $pollService->allVotesByPollId($poll_id);
diff --git a/locale/br.json b/locale/br.json
index ccf8f3d..c6362f0 100644
--- a/locale/br.json
+++ b/locale/br.json
@@ -368,6 +368,7 @@
   },
   "Error": {
     "Error!": "Fazi!",
+    "Forbidden!": "BR_Interdit !",
     "Enter a title": "Ret eo enankañ un titl!",
     "Something is going wrong...": "Un dra bennak a-dreuz a zo...",
     "Something is wrong with the format": "Un dra bennak a-dreuz a zo gant ar mentrezh",
diff --git a/locale/de.json b/locale/de.json
index e2d2d89..b4e8716 100644
--- a/locale/de.json
+++ b/locale/de.json
@@ -369,6 +369,7 @@
     },
     "Error": {
         "Error!": "Fehler!",
+        "Forbidden!": "Verboten!",
         "Enter a title": "Titel eingeben",
         "Something is going wrong...": "Etwas geht schief...",
         "Something is wrong with the format": "Mit dem Format stimmt etwas nicht",
diff --git a/locale/en.json b/locale/en.json
index b26536f..03fb781 100644
--- a/locale/en.json
+++ b/locale/en.json
@@ -370,6 +370,7 @@
   },
   "Error": {
     "Error!": "Error!",
+    "Forbidden!": "Forbidden!",
     "Enter a title": "Enter a title",
     "Something is going wrong...": "Something has gone wrong...",
     "Something is wrong with the format": "Something is wrong with the format",
diff --git a/locale/es.json b/locale/es.json
index 3f79e53..9401089 100644
--- a/locale/es.json
+++ b/locale/es.json
@@ -369,6 +369,7 @@
   },
   "Error": {
     "Error!": "¡Error!",
+    "Forbidden!": "¡Prohibido!",
     "Enter a title": "Introducza un título",
     "Something is going wrong...": "Algo anda mal...",
     "Something is wrong with the format": "Algo está mal con el formato",
diff --git a/locale/fr.json b/locale/fr.json
index 7cc8652..16005f5 100644
--- a/locale/fr.json
+++ b/locale/fr.json
@@ -369,6 +369,7 @@
   },
   "Error": {
     "Error!": "Erreur !",
+    "Forbidden!": "Interdit !",
     "Enter a title": "Il faut saisir un titre !",
     "Something is going wrong...": "Quelque chose ne va pas...",
     "Something is wrong with the format": "Quelque chose ne va pas avec le format",
diff --git a/locale/it.json b/locale/it.json
index d5bd192..39ad8b5 100644
--- a/locale/it.json
+++ b/locale/it.json
@@ -369,6 +369,7 @@
   },
   "Error": {
     "Error!": "Errore!",
+    "Forbidden!": "Proibito!",
     "Enter a title": "È necessario inserire un titolo !",
     "Something is going wrong...": "Qualcosa non è corretto...",
     "Something is wrong with the format": "Qualche errore nel formato",
diff --git a/locale/oc.json b/locale/oc.json
index 9317653..e5defca 100644
--- a/locale/oc.json
+++ b/locale/oc.json
@@ -369,6 +369,7 @@
   },
   "Error": {
     "Error!": "Error !",
+    "Forbidden!": "OC_Interdit !",
     "Enter a title": "Cal picar un títol !",
     "Something is going wrong...": "I a quicòm que truca...",
     "Something is wrong with the format": "I a quicòm que truca amb lo format.",
diff --git a/tpl/part/poll_info.tpl b/tpl/part/poll_info.tpl
index c568721..ebf3562 100644
--- a/tpl/part/poll_info.tpl
+++ b/tpl/part/poll_info.tpl
@@ -21,7 +21,13 @@
             <div class="col-md-5 hidden-print">
                 <div class="btn-group pull-right">
                     <button onclick="print(); return false;" class="btn btn-default"><span class="glyphicon glyphicon-print"></span> {__('PollInfo', 'Print')}</button>
-                    <a href="{$SERVER_URL|html}exportcsv.php?poll={$poll_id|html}" class="btn btn-default"><span class="glyphicon glyphicon-download-alt"></span> {__('PollInfo', 'Export to CSV')}</a>
+                    {if $admin}
+                        <a href="{$SERVER_URL|html}exportcsv.php?admin={$admin_poll_id|html}" class="btn btn-default"><span class="glyphicon glyphicon-download-alt"></span> {__('PollInfo', 'Export to CSV')}</a>
+                    {else}
+                        {if !$hidden}
+                            <a href="{$SERVER_URL|html}exportcsv.php?poll={$poll_id|html}" class="btn btn-default"><span class="glyphicon glyphicon-download-alt"></span> {__('PollInfo', 'Export to CSV')}</a>
+                        {/if}
+                    {/if}
                     {if $admin}
                         {if !$expired}
                         <button type="button" class="btn btn-danger dropdown-toggle" data-toggle="dropdown">

From 73de6199fab35905b9126b452151f31e49351008 Mon Sep 17 00:00:00 2001
From: Olivier PEREZ <olivier@olivierperez.fr>
Date: Thu, 6 Oct 2016 22:42:57 +0200
Subject: [PATCH 4/4] Password protected polls cannot be exported

---
 exportcsv.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/exportcsv.php b/exportcsv.php
index 4f89f28..5f07e1d 100644
--- a/exportcsv.php
+++ b/exportcsv.php
@@ -18,6 +18,7 @@
  */
 use Framadate\Services\LogService;
 use Framadate\Services\PollService;
+use Framadate\Services\SecurityService;
 use Framadate\Utils;
 
 include_once __DIR__ . '/app/inc/init.php';
@@ -35,6 +36,7 @@ $poll = null;
 
 $logService = new LogService();
 $pollService = new PollService($connect, $logService);
+$securityService = new SecurityService();
 
 /* PAGE */
 /* ---- */
@@ -56,10 +58,15 @@ if (!$poll) {
     exit;
 }
 
-if ($poll->hidden && empty($admin_id)) {
-    $smarty->assign('error', __('Error', 'Forbidden!'));
-    $smarty->display('error.tpl');
-    exit;
+if (empty($admin_id)) {
+    $forbiddenBecauseOfPassword = !$poll->results_publicly_visible && !$securityService->canAccessPoll($poll);
+    $resultsAreHidden = $poll->hidden;
+
+    if ($resultsAreHidden || $forbiddenBecauseOfPassword) {
+        $smarty->assign('error', __('Error', 'Forbidden!'));
+        $smarty->display('error.tpl');
+        exit;
+    }
 }
 
 $slots = $pollService->allSlotsByPoll($poll);