From cb0e74fba8df9d1ee1e57604ce003a5f9c186f70 Mon Sep 17 00:00:00 2001
From: Olivier PEREZ <olivier@olivierperez.fr>
Date: Tue, 8 Dec 2015 00:12:20 +0100
Subject: [PATCH] Fixes #124 - vote deletion

---
 adminstuds.php        | 4 ++--
 app/inc/constants.php | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/adminstuds.php b/adminstuds.php
index b9497dd..d09b218 100644
--- a/adminstuds.php
+++ b/adminstuds.php
@@ -245,9 +245,9 @@ if (!empty($_POST['save'])) { // Save edition of an old vote
 // -------------------------------
 
 if (!empty($_GET['delete_vote'])) {
-    $vote_id = filter_input(INPUT_GET, 'delete_vote', FILTER_VALIDATE_INT);
+    $vote_id = filter_input(INPUT_GET, 'delete_vote', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => BASE64_REGEX]]);
     $vote_id = Utils::base64url_decode($vote_id);
-    if ($adminPollService->deleteVote($poll_id, $vote_id)) {
+    if ($vote_id && $adminPollService->deleteVote($poll_id, $vote_id)) {
         $message = new Message('success', __('adminstuds', 'Vote deleted'));
     } else {
         $message = new Message('danger', __('Error', 'Failed to delete the vote'));
diff --git a/app/inc/constants.php b/app/inc/constants.php
index 166b21b..227b129 100644
--- a/app/inc/constants.php
+++ b/app/inc/constants.php
@@ -26,6 +26,7 @@ const CHOICE_REGEX = '/^[012]$/';
 const BOOLEAN_REGEX = '/^(on|off|true|false|1|0)$/i';
 const BOOLEAN_TRUE_REGEX = '/^(on|true|1)$/i';
 const EDITABLE_CHOICE_REGEX = '/^[0-2]$/';
+const BASE64_REGEX = '/^[A-Za-z0-9]+$/';
 
 // CSRF (300s = 5min)
 const TOKEN_TIME = 300;