Changing some actions from POST to GET.

This commit is contained in:
Antonin 2015-04-13 12:33:43 +02:00
parent c34e34d728
commit fbd45960b7
6 changed files with 42 additions and 16 deletions

View File

@ -198,8 +198,8 @@ if (!empty($_POST['save'])) { // Save edition of an old vote
// Delete a votes // Delete a votes
// ------------------------------- // -------------------------------
if (!empty($_POST['delete_vote'])) { if (!empty($_GET['delete_vote'])) {
$vote_id = filter_input(INPUT_POST, 'delete_vote', FILTER_VALIDATE_INT); $vote_id = filter_input(INPUT_GET, 'delete_vote', FILTER_VALIDATE_INT);
if ($adminPollService->deleteVote($poll_id, $vote_id)) { if ($adminPollService->deleteVote($poll_id, $vote_id)) {
$message = new Message('success', __('adminstuds', 'Vote deleted')); $message = new Message('success', __('adminstuds', 'Vote deleted'));
} else { } else {
@ -312,8 +312,8 @@ if (isset($_POST['confirm_delete_poll'])) {
// Delete a slot // Delete a slot
// ------------------------------- // -------------------------------
if (!empty($_POST['delete_column'])) { if (!empty($_GET['delete_column'])) {
$column = filter_input(INPUT_POST, 'delete_column', FILTER_DEFAULT); $column = filter_input(INPUT_GET, 'delete_column', FILTER_DEFAULT);
if ($poll->format === 'D') { if ($poll->format === 'D') {
$ex = explode('@', $column); $ex = explode('@', $column);
@ -338,7 +338,7 @@ if (!empty($_POST['delete_column'])) {
// Add a slot // Add a slot
// ------------------------------- // -------------------------------
if (isset($_POST['add_slot'])) { if (isset($_GET['add_slot'])) {
$smarty->assign('poll_id', $poll_id); $smarty->assign('poll_id', $poll_id);
$smarty->assign('admin_poll_id', $admin_poll_id); $smarty->assign('admin_poll_id', $admin_poll_id);
$smarty->assign('format', $poll->format); $smarty->assign('format', $poll->format);

View File

@ -103,7 +103,7 @@ class Utils {
* @param string $vote_id (optional) The vote's unique id * @param string $vote_id (optional) The vote's unique id
* @return string The poll's URL. * @return string The poll's URL.
*/ */
public static function getUrlSondage($id, $admin = false, $vote_id='') { public static function getUrlSondage($id, $admin = false, $vote_id='', $action=null, $action_value=null) {
if (URL_PROPRE) { if (URL_PROPRE) {
if ($admin === true) { if ($admin === true) {
$url = self::get_server_name() . $id . '/admin'; $url = self::get_server_name() . $id . '/admin';
@ -113,6 +113,9 @@ class Utils {
if ($vote_id != '') { if ($vote_id != '') {
$url .= '/vote/'.$vote_id."#edit"; $url .= '/vote/'.$vote_id."#edit";
} }
if ($action != null && $action_value != null) {
$url .= '/action/'.$action.'/'.$action_value;
}
} else { } else {
if ($admin === true) { if ($admin === true) {
$url = self::get_server_name() . 'adminstuds.php?poll=' . $id; $url = self::get_server_name() . 'adminstuds.php?poll=' . $id;
@ -122,6 +125,9 @@ class Utils {
if ($vote_id != '') { if ($vote_id != '') {
$url .= '&vote='.$vote_id."#edit"; $url .= '&vote='.$vote_id."#edit";
} }
if ($action != null && $action_value != null) {
$url .= '&'.$action."=".$action_value;
}
} }
return $url; return $url;

View File

@ -48,11 +48,13 @@ if (isset($_SERVER['FRAMADATE_DEVMODE']) && $_SERVER['FRAMADATE_DEVMODE']) {
function smarty_function_poll_url($params, Smarty_Internal_Template $template) { function smarty_function_poll_url($params, Smarty_Internal_Template $template) {
$poll_id = filter_var($params['id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); $poll_id = filter_var($params['id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
$admin = (isset($params['admin']) && $params['admin']) ? true : false; $admin = (isset($params['admin']) && $params['admin']) ? true : false;
$action = (isset($params['action']) && !empty($params['action'])) ? Utils::htmlEscape($params['action']) : false;
$action_value = (isset($params['action_value']) && !empty($params['action_value'])) ? Utils::htmlEscape($params['action_value']) : false;
$vote_unique_id = isset($params['vote_id']) ? filter_var($params['vote_id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]) : ''; $vote_unique_id = isset($params['vote_id']) ? filter_var($params['vote_id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]) : '';
// If filter_var fails (i.e.: hack tentative), it will return false. At least no leak is possible from this. // If filter_var fails (i.e.: hack tentative), it will return false. At least no leak is possible from this.
return Utils::getUrlSondage($poll_id, $admin, $vote_unique_id); return Utils::getUrlSondage($poll_id, $admin, $vote_unique_id, $action, $action_value);
} }
function smarty_modifier_markdown($md, $clear = false) { function smarty_modifier_markdown($md, $clear = false) {

View File

@ -8,6 +8,7 @@
RewriteCond %{REQUEST_FILENAME} -d RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^([a-zA-Z0-9]{16})$ studs.php?poll=$1 RewriteRule ^([a-zA-Z0-9]{16})$ studs.php?poll=$1
RewriteRule ^([a-zA-Z0-9]{16})/action/([a-zA-Z]+)/(.+)$ studs.php?poll=$1&$2=$3
RewriteRule ^([a-zA-Z0-9]{16})/vote/([a-zA-Z0-9]{16})$ studs.php?poll=$1&vote_id=$2 RewriteRule ^([a-zA-Z0-9]{16})/vote/([a-zA-Z0-9]{16})$ studs.php?poll=$1&vote_id=$2
RewriteRule ^([a-zA-Z0-9]{24})/admin$ adminstuds.php?poll=$1 RewriteRule ^([a-zA-Z0-9]{24})/admin$ adminstuds.php?poll=$1
</IfModule> </IfModule>

View File

@ -14,11 +14,17 @@
<th role="presentation"></th> <th role="presentation"></th>
{foreach $slots as $id=>$slot} {foreach $slots as $id=>$slot}
<td headers="C{$id}"> <td headers="C{$id}">
<button type="submit" name="delete_column" value="{$slot->title|html}" class="btn btn-link btn-sm" title="{__('adminstuds', 'Remove the column')} {$slot->title|html}"><span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Genric', 'Remove')}</span></button> <a href="{poll_url id=$admin_poll_id admin=true action='delete_column' action_value=$slot->title}"
</td> class="btn btn-link btn-sm" title="{__('adminstuds', 'Remove the column')} {$slot->title|html}">
<span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Genric', 'Remove')}</span>
</a>
</td>
{/foreach} {/foreach}
<td> <td>
<button type="submit" name="add_slot" class="btn btn-link btn-sm" title="{__('adminstuds', 'Add a column')}"><span class="glyphicon glyphicon-plus text-success"></span><span class="sr-only">{__('Poll results', 'Add a column')}</span></button> <a href="{poll_url id=$admin_poll_id admin=true action='add_slot' action_value=true}"
class="btn btn-link btn-sm" title="{__('adminstuds', 'Add a column')} {$slot->title|html}">
<span class="glyphicon glyphicon-plus text-success"></span><span class="sr-only">{__('Poll results', 'Add a column')}</span>
</a>
</td> </td>
</tr> </tr>
{/if} {/if}
@ -93,9 +99,11 @@
<span class="glyphicon glyphicon-pencil"></span><span class="sr-only">{__('Generic', 'Edit')}</span> <span class="glyphicon glyphicon-pencil"></span><span class="sr-only">{__('Generic', 'Edit')}</span>
</a> </a>
{if $admin} {if $admin}
<button type="submit" class="btn btn-link btn-sm" name="delete_vote" value="{$vote->id|html}" title="{__('Poll results', 'Remove the line:')|html} {$vote->name|html}"> <a href="{poll_url id=$admin_poll_id admin=true action='delete_vote' action_value=$vote->id}"
class="btn btn-link btn-sm"
title="{__('Poll results', 'Remove the line:')} {$vote->name|html}">
<span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Generic', 'Remove')}</span> <span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Generic', 'Remove')}</span>
</button> </a>
{/if} {/if}
</td> </td>
{else} {else}

View File

@ -17,13 +17,20 @@
{foreach $slots as $slot} {foreach $slots as $slot}
{foreach $slot->moments as $id=>$moment} {foreach $slot->moments as $id=>$moment}
<td headers="M{$slot@key} D{$headersDCount} H{$headersDCount}"> <td headers="M{$slot@key} D{$headersDCount} H{$headersDCount}">
<button type="submit" name="delete_column" value="{$slot->day|html}@{$moment|html}" class="btn btn-link btn-sm" title="{__('adminstuds', 'Remove the column')} {$slot->day|date_format:$date_format.txt_short|html} - {$moment|html}"><span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Generic', 'Remove')}</span></button> <a href="{poll_url id=$admin_poll_id admin=true action='delete_column' action_value=$slot->day|cat:'@'|cat:$moment}"
class="btn btn-link btn-sm"
title="{__('adminstuds', 'Remove the column')} {$slot->day|date_format:$date_format.txt_short|html} - {$moment|html}">
<span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Genric', 'Remove')}</span>
</a>
</td> </td>
{$headersDCount = $headersDCount+1} {$headersDCount = $headersDCount+1}
{/foreach} {/foreach}
{/foreach} {/foreach}
<td> <td>
<button type="submit" name="add_slot" class="btn btn-link btn-sm" title="{__('adminstuds', 'Add a column')}"><span class="glyphicon glyphicon-plus text-success"></span><span class="sr-only">{__('Poll results', 'Add a column')}</span></button> <a href="{poll_url id=$admin_poll_id admin=true action='add_slot' action_value=true}"
class="btn btn-link btn-sm" title="{__('adminstuds', 'Add a column')} {$slot->title|html}">
<span class="glyphicon glyphicon-plus text-success"></span><span class="sr-only">{__('Poll results', 'Add a column')}</span>
</a>
</td> </td>
</tr> </tr>
{/if} {/if}
@ -141,9 +148,11 @@
<span class="glyphicon glyphicon-pencil"></span><span class="sr-only">{__('Generic', 'Edit')}</span> <span class="glyphicon glyphicon-pencil"></span><span class="sr-only">{__('Generic', 'Edit')}</span>
</a> </a>
{if $admin} {if $admin}
<button type="submit" class="btn btn-link btn-sm" name="delete_vote" value="{$vote->id|html}" title="{__('Poll results', 'Remove the line:')} {$vote->name|html}"> <a href="{poll_url id=$admin_poll_id admin=true action='delete_vote' action_value=$vote->id}"
class="btn btn-link btn-sm"
title="{__('Poll results', 'Remove the line:')} {$vote->name|html}">
<span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Generic', 'Remove')}</span> <span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Generic', 'Remove')}</span>
</button> </a>
{/if} {/if}
</td> </td>
{else} {else}