choix_sondage"> if ((isset($_GET['choix_sondage']) && $_GET['choix_sondage'] == 'date') || (isset($_POST["choix_sondage"]) && $_POST["choix_sondage"] == 'creation_sondage_date')) { $choix_sondage = "creation_sondage_date"; $_SESSION['form']->choix_sondage = $choix_sondage; } else { $choix_sondage = "creation_sondage_autre"; $_SESSION['form']->choix_sondage = $choix_sondage; } // On teste toutes les variables pour supprimer l'ensemble des warnings PHP // On transforme en entites html les données afin éviter les failles XSS $post_var = array('poursuivre', 'titre', 'nom', 'adresse', 'commentaires', 'editable', 'receiveNewVotes', 'creation_sondage_date', 'creation_sondage_autre'); foreach ($post_var as $var) { if (isset($_POST[$var]) === true) { $$var = htmlentities($_POST[$var], ENT_QUOTES, 'UTF-8'); } else { $$var = null; } } // On initialise également les autres variables $erreur_adresse = false; $erreur_injection_titre = false; $erreur_injection_nom = false; $erreur_injection_commentaires = false; #tests if (!empty($_POST['poursuivre'])){ $_SESSION['form']->title = $titre; $_SESSION['form']->admin_name = $nom; $_SESSION['form']->admin_mail = $adresse; $_SESSION['form']->description = $commentaires; $_SESSION['form']->editable = ($editable !== null) ? true : false; $_SESSION['form']->receiveNewVotes = ($receiveNewVotes !== null) ? true : false; if ($config['use_smtp']==true){ if (Utils::isValidEmail($adresse) === false) { $erreur_adresse = true; } } if (preg_match(';<|>|";',$titre)) { $erreur_injection_titre = true; } if (preg_match(';<|>|";',$nom)) { $erreur_injection_nom = true; } if (preg_match(';<|>|";',$commentaires)) { $erreur_injection_commentaires = true; } // Si pas d'erreur dans l'adresse alors on change de page vers date ou autre if($config['use_smtp'] == true){ $email_OK = $adresse && !$erreur_adresse; } else{ $email_OK = true; } if ($titre && $nom && $email_OK && ! $erreur_injection_titre && ! $erreur_injection_commentaires && ! $erreur_injection_nom) { if ( $poursuivre == "creation_sondage_date" ) { header("Location:choix_date.php"); exit(); } if ( $poursuivre == "creation_sondage_autre" ) { header("Location:choix_autre.php"); exit(); } } else { // Title Erreur ! Utils::print_header( _("Error!").' - '._("Poll creation (1 on 3)") ); } } else { // Title OK (formulaire pas encore rempli) Utils::print_header( _("Poll creation (1 on 3)") ); } bandeau_titre( _("Poll creation (1 on 3)") ); /* * Préparation des messages d'erreur */ $errors = array( 'title' => array ( 'msg' => '', 'aria' => '', 'class' => '' ), 'description' => array ( 'msg' => '', 'aria' => '', 'class' => '' ), 'name' => array ( 'msg' => '', 'aria' => '', 'class' => '' ), 'email' => array ( 'msg' => '', 'aria' => '', 'class' => '' ) ); if (!$_SESSION['form']->title && !empty($_POST['poursuivre'])) { $errors['title']['aria'] = 'aria-describeby="poll_title_error" '; $errors['title']['class'] = ' has-error'; $errors['title']['msg'] = '

' . _("Enter a title") . '

'; } elseif ($erreur_injection_titre) { $errors['title']['aria'] = 'aria-describeby="poll_title_error" '; $errors['title']['class'] = ' has-error'; $errors['title']['inject'] = '

' . _("Characters < > and \" are not permitted") . '

'; } if ($erreur_injection_commentaires) { $errors['description']['aria'] = 'aria-describeby="poll_comment_error" '; $errors['description']['class'] = ' has-error'; $errors['description']['msg'] = '

' . _("Characters < > and \" are not permitted") . '

'; } if (!$_SESSION['form']->admin_name && !empty($_POST['poursuivre'])) { $errors['name']['aria'] = 'aria-describeby="poll_name_error" '; $errors['name']['class'] = ' has-error'; $errors['name']['msg'] = '

' . _("Enter a name") . '

'; } elseif ($erreur_injection_nom) { $errors['name']['aria'] = 'aria-describeby="poll_name_error" '; $errors['name']['class'] = ' has-error'; $errors['name']['msg'] = '

' . _("Characters < > and \" are not permitted") . '

'; } if (!$_SESSION['form']->admin_mail && !empty($_POST['poursuivre'])) { $errors['email']['aria'] = 'aria-describeby="poll_name_error" '; $errors['email']['class'] = ' has-error'; $errors['email']['msg'] = '

' . _("Enter an email address") . '

'; } elseif ($erreur_adresse && !empty($_POST['poursuivre'])) { $errors['email']['aria'] = 'aria-describeby="poll_email_error" '; $errors['email']['class'] = ' has-error'; $errors['email']['msg'] = '

' . _("The address is not correct! You should enter a valid email address (like r.stallman@outlock.com) in order to receive the link to your poll.") . '

'; } /* * Préparation en fonction des paramètres de session */ // REMOTE_USER ? if (USE_REMOTE_USER && isset($_SERVER['REMOTE_USER'])) { $input_name = ''.stripslashes($_SESSION['form']->admin_name); } else { $input_name = ''; } if (USE_REMOTE_USER && isset($_SERVER['REMOTE_USER'])) { $input_email = ''.$_SESSION['form']->admin_mail; } else { $input_email = ''; } // Checkbox checked ? if ($_SESSION['form']->editable) { $editable = 'checked'; } if ($_SESSION['form']->receiveNewVotes) { $receiveNewVotes = 'checked'; } // Display form echo '

'. _("You are in the poll creation section.").'
'._("Required fields cannot be left blank.") .'

'.$errors['title']['msg'].'
'.$errors['description']['msg'].'
'.$input_name.'
'.$errors['name']['msg']; if($config['use_smtp']==true){ echo '
'.$input_email.'
'.$errors['email']['msg']; } echo '
'; if($config['use_smtp']==true){ echo '
'; } echo '

'; bandeau_pied();