diff --git a/app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php b/app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php
index 7e387393d0d87aba47a3b66adeca4f1979574934..b30d2bb307252d00a3d68ec22aa34aebb3353519 100644
--- a/app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php
+++ b/app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php
@@ -72,7 +72,7 @@ CREATE TABLE IF NOT EXISTS `sondage` (
`titre` text,
`id_sondage_admin` char(24) DEFAULT NULL,
`date_creation` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
- `date_fin` timestamp NOT NULL DEFAULT \'0000-00-00 00:00:00\',
+ `date_fin` timestamp NOT NULL,
`format` varchar(2) DEFAULT NULL,
`mailsonde` tinyint(1) DEFAULT \'0\',
`statut` int(11) NOT NULL DEFAULT \'1\' COMMENT \'1 = actif ; 0 = inactif ; \',
diff --git a/app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php b/app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php
index 58f242183b939541034e3ec5f907869c92295afe..5f8b7d79c44bd7e6ed500ad1734db173e69cb5ad 100644
--- a/app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php
+++ b/app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php
@@ -90,7 +90,7 @@ CREATE TABLE IF NOT EXISTS `' . Utils::table('poll') . '` (
`admin_name` VARCHAR(64) DEFAULT NULL,
`admin_mail` VARCHAR(128) DEFAULT NULL,
`creation_date` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
- `end_date` TIMESTAMP NOT NULL DEFAULT \'0000-00-00 00:00:00\',
+ `end_date` TIMESTAMP NOT NULL,
`format` VARCHAR(1) DEFAULT NULL,
`editable` TINYINT(1) DEFAULT \'0\',
`receiveNewVotes` TINYINT(1) DEFAULT \'0\',
diff --git a/app/classes/Framadate/Repositories/PollRepository.php b/app/classes/Framadate/Repositories/PollRepository.php
index e2315a37548cf13e6c46d6792c35e4932667b5bf..9cbebf0a174e355b486acd68a88979b81e5a451e 100644
--- a/app/classes/Framadate/Repositories/PollRepository.php
+++ b/app/classes/Framadate/Repositories/PollRepository.php
@@ -16,7 +16,7 @@ class PollRepository extends AbstractRepository {
(id, admin_id, title, description, admin_name, admin_mail, end_date, format, editable, receiveNewVotes, receiveNewComments, hidden, password_hash, results_publicly_visible)
VALUES (?,?,?,?,?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?)';
$prepared = $this->prepare($sql);
- $prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $form->password_hash, $form->results_publicly_visible));
+ $prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable ? 1 : 0, $form->receiveNewVotes ? 1 : 0, $form->receiveNewComments ? 1 : 0, $form->hidden ? 1 : 0, $form->password_hash, $form->results_publicly_visible ? 1 : 0));
}
function findById($poll_id) {
@@ -58,7 +58,7 @@ class PollRepository extends AbstractRepository {
function update($poll) {
$prepared = $this->prepare('UPDATE `' . Utils::table('poll') . '` SET title=?, admin_name=?, admin_mail=?, description=?, end_date=?, active=?, editable=?, hidden=?, password_hash=?, results_publicly_visible=? WHERE id = ?');
- return $prepared->execute([$poll->title, $poll->admin_name, $poll->admin_mail, $poll->description, $poll->end_date, $poll->active, $poll->editable, $poll->hidden, $poll->password_hash, $poll->results_publicly_visible, $poll->id]);
+ return $prepared->execute([$poll->title, $poll->admin_name, $poll->admin_mail, $poll->description, $poll->end_date, $poll->active, $poll->editable ? 1 : 0, $poll->hidden ? 1 : 0, $poll->password_hash, $poll->results_publicly_visible ? 1 : 0, $poll->id]);
}
function deleteById($poll_id) {
diff --git a/exportcsv.php b/exportcsv.php
index db8832a582dc9d8020ce6d4ff86b9ec3aa0e34c3..5f07e1dd597201d98ff62143a0ff70786392fe45 100644
--- a/exportcsv.php
+++ b/exportcsv.php
@@ -18,6 +18,7 @@
*/
use Framadate\Services\LogService;
use Framadate\Services\PollService;
+use Framadate\Services\SecurityService;
use Framadate\Utils;
include_once __DIR__ . '/app/inc/init.php';
@@ -35,6 +36,7 @@ $poll = null;
$logService = new LogService();
$pollService = new PollService($connect, $logService);
+$securityService = new SecurityService();
/* PAGE */
/* ---- */
@@ -42,6 +44,12 @@ $pollService = new PollService($connect, $logService);
if (!empty($_GET['poll'])) {
$poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
$poll = $pollService->findById($poll_id);
+} else if (!empty($_GET['admin'])) {
+ $admin_id = filter_input(INPUT_GET, 'admin', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => ADMIN_POLL_REGEX]]);
+ $poll = $pollService->findByAdminId($admin_id);
+ if ($poll) {
+ $poll_id = $poll->id;
+ }
}
if (!$poll) {
@@ -50,6 +58,16 @@ if (!$poll) {
exit;
}
+if (empty($admin_id)) {
+ $forbiddenBecauseOfPassword = !$poll->results_publicly_visible && !$securityService->canAccessPoll($poll);
+ $resultsAreHidden = $poll->hidden;
+
+ if ($resultsAreHidden || $forbiddenBecauseOfPassword) {
+ $smarty->assign('error', __('Error', 'Forbidden!'));
+ $smarty->display('error.tpl');
+ exit;
+ }
+}
$slots = $pollService->allSlotsByPoll($poll);
$votes = $pollService->allVotesByPollId($poll_id);
diff --git a/locale/br.json b/locale/br.json
index 163fba356ff9b267f4b0cf6a57343ef4e35c8eda..f50059c95e0982d9ccfe98d0c2b84272a0484826 100644
--- a/locale/br.json
+++ b/locale/br.json
@@ -369,6 +369,7 @@
},
"Error": {
"Error!": "Fazi!",
+ "Forbidden!": "BR_Interdit !",
"Enter a title": "Ret eo enankañ un titl!",
"Something is going wrong...": "Un dra bennak a-dreuz a zo...",
"Something is wrong with the format": "Un dra bennak a-dreuz a zo gant ar mentrezh",
diff --git a/locale/de.json b/locale/de.json
index 6bf5ed54343cfa86869529320c29b1bfb0f8e993..94f5632de9c8cdbc3ffeb1eac0f1880d17337537 100644
--- a/locale/de.json
+++ b/locale/de.json
@@ -370,6 +370,7 @@
},
"Error": {
"Error!": "Fehler!",
+ "Forbidden!": "Verboten!",
"Enter a title": "Titel eingeben",
"Something is going wrong...": "Etwas geht schief...",
"Something is wrong with the format": "Mit dem Format stimmt etwas nicht",
diff --git a/locale/en.json b/locale/en.json
index 0b550dd2d1b7f394a578087cf3cd160182f195e9..2f47a4477eb64cf5e9ff2be83fa78c6d3a418fcf 100644
--- a/locale/en.json
+++ b/locale/en.json
@@ -371,6 +371,7 @@
},
"Error": {
"Error!": "Error!",
+ "Forbidden!": "Forbidden!",
"Enter a title": "Enter a title",
"Something is going wrong...": "Something has gone wrong...",
"Something is wrong with the format": "Something is wrong with the format",
diff --git a/locale/es.json b/locale/es.json
index 1491b86f12663453a4bb653583588e670a5de33f..9bcaa1115dbf892756b236aecdda559756ebecf0 100644
--- a/locale/es.json
+++ b/locale/es.json
@@ -370,6 +370,7 @@
},
"Error": {
"Error!": "¡Error!",
+ "Forbidden!": "¡Prohibido!",
"Enter a title": "Introducza un tÃtulo",
"Something is going wrong...": "Algo anda mal...",
"Something is wrong with the format": "Algo está mal con el formato",
diff --git a/locale/fr.json b/locale/fr.json
index 5b4799bffa031aab5112aa4f9a63fc3dad8ceed5..a6c2ec733bc2caeb9d3a230926cb997c95eb2e72 100644
--- a/locale/fr.json
+++ b/locale/fr.json
@@ -370,6 +370,7 @@
},
"Error": {
"Error!": "Erreur !",
+ "Forbidden!": "Interdit !",
"Enter a title": "Il faut saisir un titre !",
"Something is going wrong...": "Quelque chose ne va pas...",
"Something is wrong with the format": "Quelque chose ne va pas avec le format",
diff --git a/locale/it.json b/locale/it.json
index f9fe2413a80739a85b301b80bfc1dd1f9c1046a6..0920be8375199e6746026fb4631102457e80d701 100644
--- a/locale/it.json
+++ b/locale/it.json
@@ -370,6 +370,7 @@
},
"Error": {
"Error!": "Errore!",
+ "Forbidden!": "Proibito!",
"Enter a title": "È necessario inserire un titolo !",
"Something is going wrong...": "Qualcosa non è corretto...",
"Something is wrong with the format": "Qualche errore nel formato",
diff --git a/locale/oc.json b/locale/oc.json
index 7e0423de7c76c6278d668233471b054ed327431f..fadc23c869bddf1812768b37362737fafaeae34b 100644
--- a/locale/oc.json
+++ b/locale/oc.json
@@ -370,6 +370,7 @@
},
"Error": {
"Error!": "Error !",
+ "Forbidden!": "OC_Interdit !",
"Enter a title": "Cal picar un tÃtol !",
"Something is going wrong...": "I a quicòm que truca...",
"Something is wrong with the format": "I a quicòm que truca amb lo format.",
diff --git a/tpl/part/poll_info.tpl b/tpl/part/poll_info.tpl
index c56872131638fe66db75ebc315b286e2b4798806..ebf3562c9e24b830f44e173bb70db2f389789b87 100644
--- a/tpl/part/poll_info.tpl
+++ b/tpl/part/poll_info.tpl
@@ -21,7 +21,13 @@
<div class="col-md-5 hidden-print">
<div class="btn-group pull-right">
<button onclick="print(); return false;" class="btn btn-default"><span class="glyphicon glyphicon-print"></span> {__('PollInfo', 'Print')}</button>
- <a href="{$SERVER_URL|html}exportcsv.php?poll={$poll_id|html}" class="btn btn-default"><span class="glyphicon glyphicon-download-alt"></span> {__('PollInfo', 'Export to CSV')}</a>
+ {if $admin}
+ <a href="{$SERVER_URL|html}exportcsv.php?admin={$admin_poll_id|html}" class="btn btn-default"><span class="glyphicon glyphicon-download-alt"></span> {__('PollInfo', 'Export to CSV')}</a>
+ {else}
+ {if !$hidden}
+ <a href="{$SERVER_URL|html}exportcsv.php?poll={$poll_id|html}" class="btn btn-default"><span class="glyphicon glyphicon-download-alt"></span> {__('PollInfo', 'Export to CSV')}</a>
+ {/if}
+ {/if}
{if $admin}
{if !$expired}
<button type="button" class="btn btn-danger dropdown-toggle" data-toggle="dropdown">