Move URL encore to Utils::getUrlSondage

171d4593 · Olivier PEREZ · afe8eac8 · 171d4593 · 171d4593 · 171d4593
Commit 171d4593 authored 9 years ago by Olivier PEREZ
--- a/app/classes/Framadate/Utils.php
+++ b/app/classes/Framadate/Utils.php
@@ -104,6 +104,9 @@ class Utils {
     * @return  string The poll's URL.
     */
    public static function getUrlSondage($id, $admin = false, $vote_id = '', $action = null, $action_value = null) {
+        // URL-Encode $action_value
+        $action_value = $action_value == null ? null : urlencode($action_value);
        if (URL_PROPRE) {
            if ($admin === true) {
                $url = self::get_server_name() . $id . '/admin';

--- a/app/inc/smarty.php
+++ b/app/inc/smarty.php
@@ -49,7 +49,7 @@ function smarty_function_poll_url($params, Smarty_Internal_Template $template) {
    $poll_id =  filter_var($params['id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
    $admin =  (isset($params['admin']) && $params['admin']) ? true : false;
    $action =  (isset($params['action']) && !empty($params['action'])) ? Utils::htmlEscape($params['action']) : false;
-    $action_value = (isset($params['action_value']) && !empty($params['action_value'])) ? Utils::htmlEscape($params['action_value']) : false;
+    $action_value = (isset($params['action_value']) && !empty($params['action_value'])) ? $params['action_value'] : false;
    $vote_unique_id = isset($params['vote_id']) ? filter_var($params['vote_id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]) : '';
    // If filter_var fails (i.e.: hack tentative), it will return false. At least no leak is possible from this.

--- a/tpl/part/vote_table_classic.tpl
+++ b/tpl/part/vote_table_classic.tpl
@@ -14,7 +14,7 @@
                    <th role="presentation"></th>
                    {foreach $slots as $id=>$slot}
                        <td headers="C{$id}">
-                            <a href="{poll_url id=$admin_poll_id admin=true action='delete_column' action_value=urlencode($slot->title)}"
+                            <a href="{poll_url id=$admin_poll_id admin=true action='delete_column' action_value=$slot->title}"
                               class="btn btn-link btn-sm" title="{__('adminstuds', 'Remove the column')} {$slot->title|html}">
                                <i class="glyphicon glyphicon-remove text-danger"></i><span class="sr-only">{__('Generic', 'Remove')}</span>
                            </a>

--- a/tpl/part/vote_table_date.tpl
+++ b/tpl/part/vote_table_date.tpl
@@ -17,7 +17,7 @@
                    {foreach $slots as $slot}
                        {foreach $slot->moments as $id=>$moment}
                            <td headers="M{$slot@key} D{$headersDCount} H{$headersDCount}">
-                                <a href="{poll_url id=$admin_poll_id admin=true action='delete_column' action_value=$slot->day|cat:'@'|cat:urlencode($moment)}"
+                                <a href="{poll_url id=$admin_poll_id admin=true action='delete_column' action_value=$slot->day|cat:'@'|cat:$moment}"
                                   class="btn btn-link btn-sm"
                                   title="{__('adminstuds', 'Remove the column')} {$slot->day|date_format:$date_format.txt_short|html} - {$moment|html}">
                                    <i class="glyphicon glyphicon-remove text-danger"></i><span class="sr-only">{__('Generic', 'Remove')}</span>