From fbd45960b7d06af4c48a930809ad6a40091acee4 Mon Sep 17 00:00:00 2001
From: Antonin <zepcome@gmail.com>
Date: Mon, 13 Apr 2015 12:33:43 +0200
Subject: [PATCH] Changing some actions from POST to GET.
---
adminstuds.php | 10 +++++-----
app/classes/Framadate/Utils.php | 8 +++++++-
app/inc/smarty.php | 4 +++-
htaccess.txt | 1 +
tpl/part/vote_table_classic.tpl | 18 +++++++++++++-----
tpl/part/vote_table_date.tpl | 17 +++++++++++++----
6 files changed, 42 insertions(+), 16 deletions(-)
diff --git a/adminstuds.php b/adminstuds.php
index 96efd401..4e8eb6d2 100644
--- a/adminstuds.php
+++ b/adminstuds.php
@@ -198,8 +198,8 @@ if (!empty($_POST['save'])) { // Save edition of an old vote
// Delete a votes
// -------------------------------
-if (!empty($_POST['delete_vote'])) {
- $vote_id = filter_input(INPUT_POST, 'delete_vote', FILTER_VALIDATE_INT);
+if (!empty($_GET['delete_vote'])) {
+ $vote_id = filter_input(INPUT_GET, 'delete_vote', FILTER_VALIDATE_INT);
if ($adminPollService->deleteVote($poll_id, $vote_id)) {
$message = new Message('success', __('adminstuds', 'Vote deleted'));
} else {
@@ -312,8 +312,8 @@ if (isset($_POST['confirm_delete_poll'])) {
// Delete a slot
// -------------------------------
-if (!empty($_POST['delete_column'])) {
- $column = filter_input(INPUT_POST, 'delete_column', FILTER_DEFAULT);
+if (!empty($_GET['delete_column'])) {
+ $column = filter_input(INPUT_GET, 'delete_column', FILTER_DEFAULT);
if ($poll->format === 'D') {
$ex = explode('@', $column);
@@ -338,7 +338,7 @@ if (!empty($_POST['delete_column'])) {
// Add a slot
// -------------------------------
-if (isset($_POST['add_slot'])) {
+if (isset($_GET['add_slot'])) {
$smarty->assign('poll_id', $poll_id);
$smarty->assign('admin_poll_id', $admin_poll_id);
$smarty->assign('format', $poll->format);
diff --git a/app/classes/Framadate/Utils.php b/app/classes/Framadate/Utils.php
index 6d5254d8..700fb85f 100644
--- a/app/classes/Framadate/Utils.php
+++ b/app/classes/Framadate/Utils.php
@@ -103,7 +103,7 @@ class Utils {
* @param string $vote_id (optional) The vote's unique id
* @return string The poll's URL.
*/
- public static function getUrlSondage($id, $admin = false, $vote_id='') {
+ public static function getUrlSondage($id, $admin = false, $vote_id='', $action=null, $action_value=null) {
if (URL_PROPRE) {
if ($admin === true) {
$url = self::get_server_name() . $id . '/admin';
@@ -113,6 +113,9 @@ class Utils {
if ($vote_id != '') {
$url .= '/vote/'.$vote_id."#edit";
}
+ if ($action != null && $action_value != null) {
+ $url .= '/action/'.$action.'/'.$action_value;
+ }
} else {
if ($admin === true) {
$url = self::get_server_name() . 'adminstuds.php?poll=' . $id;
@@ -122,6 +125,9 @@ class Utils {
if ($vote_id != '') {
$url .= '&vote='.$vote_id."#edit";
}
+ if ($action != null && $action_value != null) {
+ $url .= '&'.$action."=".$action_value;
+ }
}
return $url;
diff --git a/app/inc/smarty.php b/app/inc/smarty.php
index 1e9436b2..83dddedf 100644
--- a/app/inc/smarty.php
+++ b/app/inc/smarty.php
@@ -48,11 +48,13 @@ if (isset($_SERVER['FRAMADATE_DEVMODE']) && $_SERVER['FRAMADATE_DEVMODE']) {
function smarty_function_poll_url($params, Smarty_Internal_Template $template) {
$poll_id = filter_var($params['id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
$admin = (isset($params['admin']) && $params['admin']) ? true : false;
+ $action = (isset($params['action']) && !empty($params['action'])) ? Utils::htmlEscape($params['action']) : false;
+ $action_value = (isset($params['action_value']) && !empty($params['action_value'])) ? Utils::htmlEscape($params['action_value']) : false;
$vote_unique_id = isset($params['vote_id']) ? filter_var($params['vote_id'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]) : '';
// If filter_var fails (i.e.: hack tentative), it will return false. At least no leak is possible from this.
- return Utils::getUrlSondage($poll_id, $admin, $vote_unique_id);
+ return Utils::getUrlSondage($poll_id, $admin, $vote_unique_id, $action, $action_value);
}
function smarty_modifier_markdown($md, $clear = false) {
diff --git a/htaccess.txt b/htaccess.txt
index 8b223e9d..e1495ffc 100644
--- a/htaccess.txt
+++ b/htaccess.txt
@@ -8,6 +8,7 @@
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^([a-zA-Z0-9]{16})$ studs.php?poll=$1
+ RewriteRule ^([a-zA-Z0-9]{16})/action/([a-zA-Z]+)/(.+)$ studs.php?poll=$1&$2=$3
RewriteRule ^([a-zA-Z0-9]{16})/vote/([a-zA-Z0-9]{16})$ studs.php?poll=$1&vote_id=$2
RewriteRule ^([a-zA-Z0-9]{24})/admin$ adminstuds.php?poll=$1
</IfModule>
\ No newline at end of file
diff --git a/tpl/part/vote_table_classic.tpl b/tpl/part/vote_table_classic.tpl
index cc482366..89516f5d 100644
--- a/tpl/part/vote_table_classic.tpl
+++ b/tpl/part/vote_table_classic.tpl
@@ -14,11 +14,17 @@
<th role="presentation"></th>
{foreach $slots as $id=>$slot}
<td headers="C{$id}">
- <button type="submit" name="delete_column" value="{$slot->title|html}" class="btn btn-link btn-sm" title="{__('adminstuds', 'Remove the column')} {$slot->title|html}"><span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Genric', 'Remove')}</span></button>
- </td>
+ <a href="{poll_url id=$admin_poll_id admin=true action='delete_column' action_value=$slot->title}"
+ class="btn btn-link btn-sm" title="{__('adminstuds', 'Remove the column')} {$slot->title|html}">
+ <span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Genric', 'Remove')}</span>
+ </a>
+ </td>
{/foreach}
<td>
- <button type="submit" name="add_slot" class="btn btn-link btn-sm" title="{__('adminstuds', 'Add a column')}"><span class="glyphicon glyphicon-plus text-success"></span><span class="sr-only">{__('Poll results', 'Add a column')}</span></button>
+ <a href="{poll_url id=$admin_poll_id admin=true action='add_slot' action_value=true}"
+ class="btn btn-link btn-sm" title="{__('adminstuds', 'Add a column')} {$slot->title|html}">
+ <span class="glyphicon glyphicon-plus text-success"></span><span class="sr-only">{__('Poll results', 'Add a column')}</span>
+ </a>
</td>
</tr>
{/if}
@@ -93,9 +99,11 @@
<span class="glyphicon glyphicon-pencil"></span><span class="sr-only">{__('Generic', 'Edit')}</span>
</a>
{if $admin}
- <button type="submit" class="btn btn-link btn-sm" name="delete_vote" value="{$vote->id|html}" title="{__('Poll results', 'Remove the line:')|html} {$vote->name|html}">
+ <a href="{poll_url id=$admin_poll_id admin=true action='delete_vote' action_value=$vote->id}"
+ class="btn btn-link btn-sm"
+ title="{__('Poll results', 'Remove the line:')} {$vote->name|html}">
<span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Generic', 'Remove')}</span>
- </button>
+ </a>
{/if}
</td>
{else}
diff --git a/tpl/part/vote_table_date.tpl b/tpl/part/vote_table_date.tpl
index 37fa8768..25ca3a03 100644
--- a/tpl/part/vote_table_date.tpl
+++ b/tpl/part/vote_table_date.tpl
@@ -17,13 +17,20 @@
{foreach $slots as $slot}
{foreach $slot->moments as $id=>$moment}
<td headers="M{$slot@key} D{$headersDCount} H{$headersDCount}">
- <button type="submit" name="delete_column" value="{$slot->day|html}@{$moment|html}" class="btn btn-link btn-sm" title="{__('adminstuds', 'Remove the column')} {$slot->day|date_format:$date_format.txt_short|html} - {$moment|html}"><span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Generic', 'Remove')}</span></button>
+ <a href="{poll_url id=$admin_poll_id admin=true action='delete_column' action_value=$slot->day|cat:'@'|cat:$moment}"
+ class="btn btn-link btn-sm"
+ title="{__('adminstuds', 'Remove the column')} {$slot->day|date_format:$date_format.txt_short|html} - {$moment|html}">
+ <span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Genric', 'Remove')}</span>
+ </a>
</td>
{$headersDCount = $headersDCount+1}
{/foreach}
{/foreach}
<td>
- <button type="submit" name="add_slot" class="btn btn-link btn-sm" title="{__('adminstuds', 'Add a column')}"><span class="glyphicon glyphicon-plus text-success"></span><span class="sr-only">{__('Poll results', 'Add a column')}</span></button>
+ <a href="{poll_url id=$admin_poll_id admin=true action='add_slot' action_value=true}"
+ class="btn btn-link btn-sm" title="{__('adminstuds', 'Add a column')} {$slot->title|html}">
+ <span class="glyphicon glyphicon-plus text-success"></span><span class="sr-only">{__('Poll results', 'Add a column')}</span>
+ </a>
</td>
</tr>
{/if}
@@ -141,9 +148,11 @@
<span class="glyphicon glyphicon-pencil"></span><span class="sr-only">{__('Generic', 'Edit')}</span>
</a>
{if $admin}
- <button type="submit" class="btn btn-link btn-sm" name="delete_vote" value="{$vote->id|html}" title="{__('Poll results', 'Remove the line:')} {$vote->name|html}">
+ <a href="{poll_url id=$admin_poll_id admin=true action='delete_vote' action_value=$vote->id}"
+ class="btn btn-link btn-sm"
+ title="{__('Poll results', 'Remove the line:')} {$vote->name|html}">
<span class="glyphicon glyphicon-remove text-danger"></span><span class="sr-only">{__('Generic', 'Remove')}</span>
- </button>
+ </a>
{/if}
</td>
{else}
--
GitLab