From fbd45960b7d06af4c48a930809ad6a40091acee4 Mon Sep 17 00:00:00 2001 From: Antonin Date: Mon, 13 Apr 2015 12:33:43 +0200 Subject: [PATCH] Changing some actions from POST to GET. --- adminstuds.php | 10 +++++----- app/classes/Framadate/Utils.php | 8 +++++++- app/inc/smarty.php | 4 +++- htaccess.txt | 1 + tpl/part/vote_table_classic.tpl | 18 +++++++++++++----- tpl/part/vote_table_date.tpl | 17 +++++++++++++---- 6 files changed, 42 insertions(+), 16 deletions(-) diff --git a/adminstuds.php b/adminstuds.php index 96efd40..4e8eb6d 100644 --- a/adminstuds.php +++ b/adminstuds.php @@ -198,8 +198,8 @@ if (!empty($_POST['save'])) { // Save edition of an old vote // Delete a votes // ------------------------------- -if (!empty($_POST['delete_vote'])) { - $vote_id = filter_input(INPUT_POST, 'delete_vote', FILTER_VALIDATE_INT); +if (!empty($_GET['delete_vote'])) { + $vote_id = filter_input(INPUT_GET, 'delete_vote', FILTER_VALIDATE_INT); if ($adminPollService->deleteVote($poll_id, $vote_id)) { $message = new Message('success', __('adminstuds', 'Vote deleted')); } else { @@ -312,8 +312,8 @@ if (isset($_POST['confirm_delete_poll'])) { // Delete a slot // ------------------------------- -if (!empty($_POST['delete_column'])) { - $column = filter_input(INPUT_POST, 'delete_column', FILTER_DEFAULT); +if (!empty($_GET['delete_column'])) { + $column = filter_input(INPUT_GET, 'delete_column', FILTER_DEFAULT); if ($poll->format === 'D') { $ex = explode('@', $column); @@ -338,7 +338,7 @@ if (!empty($_POST['delete_column'])) { // Add a slot // ------------------------------- -if (isset($_POST['add_slot'])) { +if (isset($_GET['add_slot'])) { $smarty->assign('poll_id', $poll_id); $smarty->assign('admin_poll_id', $admin_poll_id); $smarty->assign('format', $poll->format); diff --git a/app/classes/Framadate/Utils.php b/app/classes/Framadate/Utils.php index 6d5254d..700fb85 100644 --- a/app/classes/Framadate/Utils.php +++ b/app/classes/Framadate/Utils.php @@ -103,7 +103,7 @@ class Utils { * @param string $vote_id (optional) The vote's unique id * @return string The poll's URL. */ - public static function getUrlSondage($id, $admin = false, $vote_id='') { + public static function getUrlSondage($id, $admin = false, $vote_id='', $action=null, $action_value=null) { if (URL_PROPRE) { if ($admin === true) { $url = self::get_server_name() . $id . '/admin'; @@ -113,6 +113,9 @@ class Utils { if ($vote_id != '') { $url .= '/vote/'.$vote_id."#edit"; } + if ($action != null && $action_value != null) { + $url .= '/action/'.$action.'/'.$action_value; + } } else { if ($admin === true) { $url = self::get_server_name() . 'adminstuds.php?poll=' . $id; @@ -122,6 +125,9 @@ class Utils { if ($vote_id != '') { $url .= '&vote='.$vote_id."#edit"; } + if ($action != null && $action_value != null) { + $url .= '&'.$action."=".$action_value; + } } return $url; diff --git a/app/inc/smarty.php b/app/inc/smarty.php index 1e9436b..83ddded 100644 --- a/app/inc/smarty.php +++ b/app/inc/smarty.php @@ -48,11 +48,13 @@ if (isset($_SERVER['FRAMADATE_DEVMODE']) && $_SERVER['FRAMADATE_DEVMODE']) { function smarty_function_poll_url($params, Smarty_Internal_Template $template) { $poll_id = filter_var($params['id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); $admin = (isset($params['admin']) && $params['admin']) ? true : false; + $action = (isset($params['action']) && !empty($params['action'])) ? Utils::htmlEscape($params['action']) : false; + $action_value = (isset($params['action_value']) && !empty($params['action_value'])) ? Utils::htmlEscape($params['action_value']) : false; $vote_unique_id = isset($params['vote_id']) ? filter_var($params['vote_id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]) : ''; // If filter_var fails (i.e.: hack tentative), it will return false. At least no leak is possible from this. - return Utils::getUrlSondage($poll_id, $admin, $vote_unique_id); + return Utils::getUrlSondage($poll_id, $admin, $vote_unique_id, $action, $action_value); } function smarty_modifier_markdown($md, $clear = false) { diff --git a/htaccess.txt b/htaccess.txt index 8b223e9..e1495ff 100644 --- a/htaccess.txt +++ b/htaccess.txt @@ -8,6 +8,7 @@ RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^([a-zA-Z0-9]{16})$ studs.php?poll=$1 + RewriteRule ^([a-zA-Z0-9]{16})/action/([a-zA-Z]+)/(.+)$ studs.php?poll=$1&$2=$3 RewriteRule ^([a-zA-Z0-9]{16})/vote/([a-zA-Z0-9]{16})$ studs.php?poll=$1&vote_id=$2 RewriteRule ^([a-zA-Z0-9]{24})/admin$ adminstuds.php?poll=$1 \ No newline at end of file diff --git a/tpl/part/vote_table_classic.tpl b/tpl/part/vote_table_classic.tpl index cc48236..89516f5 100644 --- a/tpl/part/vote_table_classic.tpl +++ b/tpl/part/vote_table_classic.tpl @@ -14,11 +14,17 @@ {foreach $slots as $id=>$slot} - - + + {__('Genric', 'Remove')} + + {/foreach} - + + {__('Poll results', 'Add a column')} + {/if} @@ -93,9 +99,11 @@ {__('Generic', 'Edit')} {if $admin} - + {/if} {else} diff --git a/tpl/part/vote_table_date.tpl b/tpl/part/vote_table_date.tpl index 37fa876..25ca3a0 100644 --- a/tpl/part/vote_table_date.tpl +++ b/tpl/part/vote_table_date.tpl @@ -17,13 +17,20 @@ {foreach $slots as $slot} {foreach $slot->moments as $id=>$moment} - + + {__('Genric', 'Remove')} + {$headersDCount = $headersDCount+1} {/foreach} {/foreach} - + + {__('Poll results', 'Add a column')} + {/if} @@ -141,9 +148,11 @@ {__('Generic', 'Edit')} {if $admin} - + {/if} {else}