From 6d1f0ada0ef199c8ba66e73715c4de514feee7ca Mon Sep 17 00:00:00 2001 From: Olivier PEREZ Date: Sat, 11 Apr 2015 17:13:16 +0200 Subject: [PATCH] Don't allow black title, name or comment --- adminstuds.php | 8 +++---- .../Framadate/Services/InputService.php | 23 ++++++++++++++++--- locale/de.json | 3 +-- locale/en.json | 3 +-- locale/es.json | 3 +-- locale/fr.json | 3 +-- studs.php | 8 +++---- tpl/studs.tpl | 2 +- 8 files changed, 33 insertions(+), 20 deletions(-) diff --git a/adminstuds.php b/adminstuds.php index dc372a6..96efd40 100644 --- a/adminstuds.php +++ b/adminstuds.php @@ -176,8 +176,8 @@ if (!empty($_POST['save'])) { // Save edition of an old vote $name = $inputService->filterName($_POST['name']); $choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => CHOICE_REGEX]]); - if (empty($name)) { - $message = new Message('danger', __('Error', 'The name is invalid')); + if ($name == null) { + $message = new Message('danger', __('Error', 'The name is invalid.')); } if (count($choices) != count($_POST['choices'])) { $message = new Message('danger', __('Error', 'There is a problem with your choices')); @@ -234,8 +234,8 @@ if (isset($_POST['add_comment'])) { $name = $inputService->filterName($_POST['name']); $comment = $inputService->filterComment($_POST['comment']); - if (empty($name)) { - $message = new Message('danger', __('Error', 'The name is invalid')); + if ($name == null) { + $message = new Message('danger', __('Error', 'The name is invalid.')); } if ($message == null) { diff --git a/app/classes/Framadate/Services/InputService.php b/app/classes/Framadate/Services/InputService.php index 848f104..a6c8fae 100644 --- a/app/classes/Framadate/Services/InputService.php +++ b/app/classes/Framadate/Services/InputService.php @@ -51,11 +51,13 @@ class InputService { } public function filterTitle($title) { - return filter_var($title, FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => TITLE_REGEX]]); + $filtered = filter_var($title, FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => TITLE_REGEX]]); + return $this->returnIfNotBlank($filtered); } public function filterName($name) { - return filter_var($name, FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => NAME_REGEX]]); + $filtered = filter_var($name, FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => NAME_REGEX]]); + return $this->returnIfNotBlank($filtered); } public function filterMail($mail) { @@ -76,7 +78,22 @@ class InputService { } public function filterComment($comment) { - return filter_var($comment, FILTER_SANITIZE_STRING); + $filtered = filter_var($comment, FILTER_SANITIZE_STRING); + return $this->returnIfNotBlank($filtered); + } + + /** + * Return the value if it's not blank. + * + * @param string $filtered The value + * @return string|null + */ + private function returnIfNotBlank($filtered) { + if ($filtered && !empty(str_replace(' ', '', $filtered))) { + return $filtered; + } else { + return null; + } } } \ No newline at end of file diff --git a/locale/de.json b/locale/de.json index 4d3f3a2..eceb45f 100644 --- a/locale/de.json +++ b/locale/de.json @@ -119,7 +119,6 @@ "Votes are editable solely by their owner.": "DE_Les votes sont modifiables uniquement par leur créateur", "Save the new rules": "Neue Regeln speichern", "Cancel the rules edit": "Neue Regeln nicht speichern", - "The name is invalid.": "Der Name ist ungültig.", "Results are hidden.": "DE_Les résultats sont cachés.", "Results are visible.": "DE_Les résultats sont visibles." }, @@ -308,7 +307,7 @@ "Cookies are disabled on your browser. Theirs activation is required to create a poll.": "Cookies werden auf Ihrem Browser deaktiviert. Deren Aktivierung ist erforderlich, um eine Umfrage zu erstellen.", "This poll doesn't exist !": "Diese Umfrage existiert nicht!", "Enter a name": "Geben Sie einen Namen ein", - "Name is incorrect": "Name ist falsch", + "The name is invalid.": "Der Name ist ungültig.", "The name you've chosen already exist in this poll!": "Der von Ihnen eingegebenen Name existiert bereits in dieser Umfrage", "Enter a name and a comment!": "Geben Sie einen Namen und ein Kommentar ein!", "Failed to insert the comment!": "Einfügen des Kommentars gescheitert!", diff --git a/locale/en.json b/locale/en.json index c736ec9..34b76f9 100644 --- a/locale/en.json +++ b/locale/en.json @@ -119,7 +119,6 @@ "Votes are editable solely by their owner.": "Votes are editable solely by their owner", "Save the new rules": "Save the new rules", "Cancel the rules edit": "Cancel the rules edit", - "The name is invalid.": "The name is invalid.", "Results are hidden.": "Results are hidden.", "Results are visible.": "Results are visible." }, @@ -308,7 +307,7 @@ "Cookies are disabled on your browser. Theirs activation is required to create a poll.": "Cookies are disabled on your browser. Theirs activation is required to create a poll.", "This poll doesn't exist !": "This poll doesn't exist !", "Enter a name": "Enter a name", - "Name is incorrect": "Name is incorrect", + "The name is invalid.": "The name is invalid.", "The name you've chosen already exist in this poll!": "The name you've chosen already exist in this poll!", "Enter a name and a comment!": "Enter a name and a comment!", "Failed to insert the comment!": "Failed to insert the comment!", diff --git a/locale/es.json b/locale/es.json index 84189b6..df9febf 100644 --- a/locale/es.json +++ b/locale/es.json @@ -119,7 +119,6 @@ "Votes are editable solely by their owner.": "ES_Les votes sont modifiables uniquement par leur créateur", "Save the new rules": "ES_Enregistrer les nouvelles permissions", "Cancel the rules edit": "ES_Annuler le changement de permissions", - "The name is invalid.": "ES_Le nom n'est pas valide.", "Results are hidden.": "ES_Les résultats sont cachés.", "Results are visible.": "ES_Les résultats sont visibles." }, @@ -308,7 +307,7 @@ "Cookies are disabled on your browser. Theirs activation is required to create a poll.": "ES_Les cookies sont désactivés sur votre navigateur. Leur activation est requise pour la création d'un sondage.", "This poll doesn't exist !": "Este encuesta no existe!", "Enter a name": "Introduzca un nombre", - "Name is incorrect": "ES_Le nom est pas correct", + "The name is invalid.": "ES_Le nom n'est pas valide.", "The name you've chosen already exist in this poll!": "El nombre entrado existe ya!", "Enter a name and a comment!": "Introduzca su nombre y un comentario!", "Failed to insert the comment!": "ES_Échec à l'insertion du commentaire !", diff --git a/locale/fr.json b/locale/fr.json index eef8aea..f60c445 100644 --- a/locale/fr.json +++ b/locale/fr.json @@ -119,7 +119,6 @@ "Votes are editable solely by their owner.": "Les votes sont modifiables uniquement par leur créateur", "Save the new rules": "Enregistrer les nouvelles permissions", "Cancel the rules edit": "Annuler le changement de permissions", - "The name is invalid.": "Le nom n'est pas valide.", "Results are hidden.": "Les résultats sont cachés.", "Results are visible.": "Les résultats sont visibles." }, @@ -308,7 +307,7 @@ "Cookies are disabled on your browser. Theirs activation is required to create a poll.": "Les cookies sont désactivés sur votre navigateur. Leur activation est requise pour la création d'un sondage.", "This poll doesn't exist !": "Ce sondage n'existe pas !", "Enter a name": "Vous n'avez pas saisi de nom !", - "Name is incorrect": "Le nom est pas correct", + "The name is invalid.": "Le nom n'est pas valide.", "The name you've chosen already exist in this poll!": "Le nom que vous avez choisi existe déjà !", "Enter a name and a comment!": "Merci de remplir les deux champs !", "Failed to insert the comment!": "Échec à l'insertion du commentaire !", diff --git a/studs.php b/studs.php index aa0b25b..ed3466a 100644 --- a/studs.php +++ b/studs.php @@ -149,8 +149,8 @@ if (!empty($_POST['save'])) { // Save edition of an old vote $name = $inputService->filterName($_POST['name']); $choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => CHOICE_REGEX]]); - if (empty($name)) { - $message = new Message('danger', __('Error', 'Name is incorrect')); + if ($name == null) { + $message = new Message('danger', __('Error', 'The name is invalid.')); } if (count($choices) != count($_POST['choices'])) { $message = new Message('danger', __('There is a problem with your choices')); @@ -181,8 +181,8 @@ if (isset($_POST['add_comment'])) { $name = $inputService->filterName($_POST['name']); $comment = $inputService->filterComment($_POST['comment']); - if (empty($name)) { - $message = new Message('danger', __('Error', 'Name is incorrect')); + if ($name == null) { + $message = new Message('danger', __('Error', 'The name is invalid.')); } if ($message == null) { diff --git a/tpl/studs.tpl b/tpl/studs.tpl index e553fd4..4a9828f 100644 --- a/tpl/studs.tpl +++ b/tpl/studs.tpl @@ -12,7 +12,7 @@ {/if} - + {* Global informations about the current poll *}