Don't allow black title, name or comment

This commit is contained in:
Olivier PEREZ 2015-04-11 17:13:16 +02:00
parent e4b61ff54b
commit 6d1f0ada0e
8 changed files with 33 additions and 20 deletions

View File

@ -176,8 +176,8 @@ if (!empty($_POST['save'])) { // Save edition of an old vote
$name = $inputService->filterName($_POST['name']);
$choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => CHOICE_REGEX]]);
if (empty($name)) {
$message = new Message('danger', __('Error', 'The name is invalid'));
if ($name == null) {
$message = new Message('danger', __('Error', 'The name is invalid.'));
}
if (count($choices) != count($_POST['choices'])) {
$message = new Message('danger', __('Error', 'There is a problem with your choices'));
@ -234,8 +234,8 @@ if (isset($_POST['add_comment'])) {
$name = $inputService->filterName($_POST['name']);
$comment = $inputService->filterComment($_POST['comment']);
if (empty($name)) {
$message = new Message('danger', __('Error', 'The name is invalid'));
if ($name == null) {
$message = new Message('danger', __('Error', 'The name is invalid.'));
}
if ($message == null) {

View File

@ -51,11 +51,13 @@ class InputService {
}
public function filterTitle($title) {
return filter_var($title, FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => TITLE_REGEX]]);
$filtered = filter_var($title, FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => TITLE_REGEX]]);
return $this->returnIfNotBlank($filtered);
}
public function filterName($name) {
return filter_var($name, FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => NAME_REGEX]]);
$filtered = filter_var($name, FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => NAME_REGEX]]);
return $this->returnIfNotBlank($filtered);
}
public function filterMail($mail) {
@ -76,7 +78,22 @@ class InputService {
}
public function filterComment($comment) {
return filter_var($comment, FILTER_SANITIZE_STRING);
$filtered = filter_var($comment, FILTER_SANITIZE_STRING);
return $this->returnIfNotBlank($filtered);
}
/**
* Return the value if it's not blank.
*
* @param string $filtered The value
* @return string|null
*/
private function returnIfNotBlank($filtered) {
if ($filtered && !empty(str_replace(' ', '', $filtered))) {
return $filtered;
} else {
return null;
}
}
}

View File

@ -119,7 +119,6 @@
"Votes are editable solely by their owner.": "DE_Les votes sont modifiables uniquement par leur créateur",
"Save the new rules": "Neue Regeln speichern",
"Cancel the rules edit": "Neue Regeln nicht speichern",
"The name is invalid.": "Der Name ist ungültig.",
"Results are hidden.": "DE_Les résultats sont cachés.",
"Results are visible.": "DE_Les résultats sont visibles."
},
@ -308,7 +307,7 @@
"Cookies are disabled on your browser. Theirs activation is required to create a poll.": "Cookies werden auf Ihrem Browser deaktiviert. Deren Aktivierung ist erforderlich, um eine Umfrage zu erstellen.",
"This poll doesn't exist !": "Diese Umfrage existiert nicht!",
"Enter a name": "Geben Sie einen Namen ein",
"Name is incorrect": "Name ist falsch",
"The name is invalid.": "Der Name ist ungültig.",
"The name you've chosen already exist in this poll!": "Der von Ihnen eingegebenen Name existiert bereits in dieser Umfrage",
"Enter a name and a comment!": "Geben Sie einen Namen und ein Kommentar ein!",
"Failed to insert the comment!": "Einfügen des Kommentars gescheitert!",

View File

@ -119,7 +119,6 @@
"Votes are editable solely by their owner.": "Votes are editable solely by their owner",
"Save the new rules": "Save the new rules",
"Cancel the rules edit": "Cancel the rules edit",
"The name is invalid.": "The name is invalid.",
"Results are hidden.": "Results are hidden.",
"Results are visible.": "Results are visible."
},
@ -308,7 +307,7 @@
"Cookies are disabled on your browser. Theirs activation is required to create a poll.": "Cookies are disabled on your browser. Theirs activation is required to create a poll.",
"This poll doesn't exist !": "This poll doesn't exist !",
"Enter a name": "Enter a name",
"Name is incorrect": "Name is incorrect",
"The name is invalid.": "The name is invalid.",
"The name you've chosen already exist in this poll!": "The name you've chosen already exist in this poll!",
"Enter a name and a comment!": "Enter a name and a comment!",
"Failed to insert the comment!": "Failed to insert the comment!",

View File

@ -119,7 +119,6 @@
"Votes are editable solely by their owner.": "ES_Les votes sont modifiables uniquement par leur créateur",
"Save the new rules": "ES_Enregistrer les nouvelles permissions",
"Cancel the rules edit": "ES_Annuler le changement de permissions",
"The name is invalid.": "ES_Le nom n'est pas valide.",
"Results are hidden.": "ES_Les résultats sont cachés.",
"Results are visible.": "ES_Les résultats sont visibles."
},
@ -308,7 +307,7 @@
"Cookies are disabled on your browser. Theirs activation is required to create a poll.": "ES_Les cookies sont désactivés sur votre navigateur. Leur activation est requise pour la création d'un sondage.",
"This poll doesn't exist !": "Este encuesta no existe!",
"Enter a name": "Introduzca un nombre",
"Name is incorrect": "ES_Le nom est pas correct",
"The name is invalid.": "ES_Le nom n'est pas valide.",
"The name you've chosen already exist in this poll!": "El nombre entrado existe ya!",
"Enter a name and a comment!": "Introduzca su nombre y un comentario!",
"Failed to insert the comment!": "ES_Échec à l'insertion du commentaire !",

View File

@ -119,7 +119,6 @@
"Votes are editable solely by their owner.": "Les votes sont modifiables uniquement par leur créateur",
"Save the new rules": "Enregistrer les nouvelles permissions",
"Cancel the rules edit": "Annuler le changement de permissions",
"The name is invalid.": "Le nom n'est pas valide.",
"Results are hidden.": "Les résultats sont cachés.",
"Results are visible.": "Les résultats sont visibles."
},
@ -308,7 +307,7 @@
"Cookies are disabled on your browser. Theirs activation is required to create a poll.": "Les cookies sont désactivés sur votre navigateur. Leur activation est requise pour la création d'un sondage.",
"This poll doesn't exist !": "Ce sondage n'existe pas !",
"Enter a name": "Vous n'avez pas saisi de nom !",
"Name is incorrect": "Le nom est pas correct",
"The name is invalid.": "Le nom n'est pas valide.",
"The name you've chosen already exist in this poll!": "Le nom que vous avez choisi existe déjà !",
"Enter a name and a comment!": "Merci de remplir les deux champs !",
"Failed to insert the comment!": "Échec à l'insertion du commentaire !",

View File

@ -149,8 +149,8 @@ if (!empty($_POST['save'])) { // Save edition of an old vote
$name = $inputService->filterName($_POST['name']);
$choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => CHOICE_REGEX]]);
if (empty($name)) {
$message = new Message('danger', __('Error', 'Name is incorrect'));
if ($name == null) {
$message = new Message('danger', __('Error', 'The name is invalid.'));
}
if (count($choices) != count($_POST['choices'])) {
$message = new Message('danger', __('There is a problem with your choices'));
@ -181,8 +181,8 @@ if (isset($_POST['add_comment'])) {
$name = $inputService->filterName($_POST['name']);
$comment = $inputService->filterComment($_POST['comment']);
if (empty($name)) {
$message = new Message('danger', __('Error', 'Name is incorrect'));
if ($name == null) {
$message = new Message('danger', __('Error', 'The name is invalid.'));
}
if ($message == null) {

View File

@ -12,7 +12,7 @@
<div class="alert alert-dismissible alert-{$message->type|html}" role="alert">{$message->message|html}{if $message->link != null}<br/><a href="{$message->link}">{$message->link}</a>{/if}<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button></div>
{/if}
</div>
<div id="nameErrorMessage" class="hidden alert alert-dismissible alert-danger" role="alert">{__('PollInfo', 'The name is invalid.')}<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button></div>
<div id="nameErrorMessage" class="hidden alert alert-dismissible alert-danger" role="alert">{__('Error', 'The name is invalid.')}<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button></div>
{* Global informations about the current poll *}