From f5e579437a0b8db7b2622a548f7f5d0ac1733bf7 Mon Sep 17 00:00:00 2001
From: Antonin <antonin.murtin@gmail.com>
Date: Fri, 14 Oct 2016 09:02:47 +0200
Subject: [PATCH] =?UTF-8?q?Probl=C3=A8mes=20d'envois=20de=20commentaire=20?=
 =?UTF-8?q?de=20l'administrateur=20sur=20un=20sondage=20avec=20mot=20de=20?=
 =?UTF-8?q?passe.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 action/add_comment.php | 10 +++++++++-
 tpl/part/comments.tpl  |  3 +++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/action/add_comment.php b/action/add_comment.php
index dd3e247c..13ec5d52 100644
--- a/action/add_comment.php
+++ b/action/add_comment.php
@@ -34,6 +34,7 @@ $poll = null;
 $message = null;
 $result = false;
 $comments = array();
+$is_admin = false;
 
 /* Services */
 /*----------*/
@@ -53,9 +54,16 @@ if (!empty($_POST['poll'])) {
     $poll = $pollService->findById($poll_id);
 }
 
+if (!empty($_POST['poll_admin'])) {
+    $admin_poll_id = filter_input(INPUT_POST, 'poll_admin', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
+    if (strlen($admin_poll_id) === 24) {
+        $is_admin = ($pollService->findByAdminId($admin_poll_id) != null);
+    }
+}
+
 if (!$poll) {
     $message = new Message('error',  __('Error', 'This poll doesn\'t exist !'));
-} else if ($poll && !$securityService->canAccessPoll($poll)) {
+} else if ($poll && !$securityService->canAccessPoll($poll) && !$is_admin) {
     $message = new Message('error',  __('Password', 'Wrong password'));
 } else {
     $name = $inputService->filterName($_POST['name']);
diff --git a/tpl/part/comments.tpl b/tpl/part/comments.tpl
index 7c5e4583..1eb8ee45 100644
--- a/tpl/part/comments.tpl
+++ b/tpl/part/comments.tpl
@@ -8,6 +8,9 @@
     <form action="{'action/add_comment.php'|resource}" method="POST" id="comment_form">
 
         <input type="hidden" name="poll" value="{$poll_id}"/>
+        {if !empty($admin_poll_id)}
+            <input type="hidden" name="poll_admin" value="{$admin_poll_id}"/>
+        {/if}
         <div class="hidden-print jumbotron">
             <div class="col-md-6 col-md-offset-3">
                 <fieldset id="add-comment"><legend>{__('Comments', 'Add a comment to the poll')}</legend>
-- 
GitLab