From 442fd174e9435c8b71c5fe948e0fa140e6ffbbfe Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Thu, 24 May 2018 17:45:22 +0200 Subject: [PATCH] Fix session by serializing the form object Signed-off-by: Thomas Citharel Fixup ! Signed-off-by: Thomas Citharel Fixup Signed-off-by: Thomas Citharel --- create_classic_poll.php | 46 ++++++++++++----------- create_date_poll.php | 58 ++++++++++++++++------------- create_poll.php | 81 +++++++++++++++++++++-------------------- 3 files changed, 99 insertions(+), 86 deletions(-) diff --git a/create_classic_poll.php b/create_classic_poll.php index 868bb27..8f5deba 100644 --- a/create_classic_poll.php +++ b/create_classic_poll.php @@ -40,8 +40,10 @@ if (is_file('bandeaux_local.php')) { include_once('bandeaux.php'); } +$form = unserialize($_SESSION['form']); + // Step 1/4 : error if $_SESSION from info_sondage are not valid -if (empty($_SESSION['form']->title) || empty($_SESSION['form']->admin_name) || (($config['use_smtp']) ? empty($_SESSION['form']->admin_mail) : false)) { +if (empty($form->title) || empty($form->admin_name) || (($config['use_smtp']) ? empty($form->admin_mail) : false)) { $smarty->assign('title', __('Error', 'Error!')); $smarty->assign('error', __('Error', 'You haven\'t filled the first section of the poll creation, or your session has expired.')); $smarty->display('error.tpl'); @@ -52,13 +54,13 @@ if (empty($_SESSION['form']->title) || empty($_SESSION['form']->admin_name) || ( $max_expiry_time = $pollService->maxExpiryDate(); // The poll format is other (A) if we are in this file - if (!isset($_SESSION['form']->format)) { - $_SESSION['form']->format = 'A'; + if (!isset($form->format)) { + $form->format = 'A'; } // If we come from another format, we need to clear choices - if (isset($_SESSION['form']->format) && $_SESSION['form']->format !== 'A') { - $_SESSION['form']->format = 'A'; - $_SESSION['form']->clearChoices(); + if (isset($form->format) && $form->format !== 'A') { + $form->format = 'A'; + $form->clearChoices(); } // Step 4 : Data prepare before insert in DB @@ -73,22 +75,22 @@ if (empty($_SESSION['form']->title) || empty($_SESSION['form']->admin_name) || ( $time = mktime(0, 0, 0, $registredate[1], $registredate[0], $registredate[2]); if ($time < $min_expiry_time) { - $_SESSION['form']->end_date = $min_expiry_time; + $form->end_date = $min_expiry_time; } elseif ($max_expiry_time < $time) { - $_SESSION['form']->end_date = $max_expiry_time; + $form->end_date = $max_expiry_time; } else { - $_SESSION['form']->end_date = $time; + $form->end_date = $time; } } } - if (empty($_SESSION['form']->end_date)) { + if (empty($form->end_date)) { // By default, expiration date is 6 months after last day - $_SESSION['form']->end_date = $max_expiry_time; + $form->end_date = $max_expiry_time; } // Insert poll in database - $ids = $pollService->createPoll($_SESSION['form']); + $ids = $pollService->createPoll($form); $poll_id = $ids[0]; $admin_poll_id = $ids[1]; @@ -96,15 +98,15 @@ if (empty($_SESSION['form']->title) || empty($_SESSION['form']->admin_name) || ( if ($config['use_smtp'] === true) { $message = __('Mail', "This is the message you have to send to the people you want to poll. \nNow, you have to send this message to everyone you want to poll."); $message .= '

'; - $message .= Utils::htmlMailEscape($_SESSION['form']->admin_name) . ' ' . __('Mail', 'hast just created a poll called') . ' : "' . Utils::htmlMailEscape($_SESSION['form']->title) . '".
'; + $message .= Utils::htmlMailEscape($form->admin_name) . ' ' . __('Mail', 'hast just created a poll called') . ' : "' . Utils::htmlMailEscape($form->title) . '".
'; $message .= sprintf(__('Mail', 'Thanks for filling the poll at the link above') . ' :

%1$s', Utils::getUrlSondage($poll_id)); $message_admin = __('Mail', "This message should NOT be sent to the polled people. It is private for the poll's creator.\n\nYou can now modify it at the link above"); $message_admin .= sprintf(' :

%1$s', Utils::getUrlSondage($admin_poll_id, true)); - if ($mailService->isValidEmail($_SESSION['form']->admin_mail)) { - $mailService->send($_SESSION['form']->admin_mail, '[' . NOMAPPLICATION . '][' . __('Mail', 'Author\'s message') . '] ' . __('Generic', 'Poll') . ': ' . $_SESSION['form']->title, $message_admin); - $mailService->send($_SESSION['form']->admin_mail, '[' . NOMAPPLICATION . '][' . __('Mail', 'For sending to the polled users') . '] ' . __('Generic', 'Poll') . ': ' . $_SESSION['form']->title, $message); + if ($mailService->isValidEmail($form->admin_mail)) { + $mailService->send($form->admin_mail, '[' . NOMAPPLICATION . '][' . __('Mail', 'Author\'s message') . '] ' . __('Generic', 'Poll') . ': ' . $form->title, $message_admin); + $mailService->send($form->admin_mail, '[' . NOMAPPLICATION . '][' . __('Mail', 'For sending to the polled users') . '] ' . __('Generic', 'Poll') . ': ' . $form->title, $message); } } @@ -123,22 +125,22 @@ if (empty($_SESSION['form']->title) || empty($_SESSION['form']->admin_name) || ( else if (isset($_POST['fin_sondage_autre'])) { // Store choices in $_SESSION if (isset($_POST['choices'])) { - $_SESSION['form']->clearChoices(); + $form->clearChoices(); foreach ($_POST['choices'] as $c) { if (!empty($c)) { $c = strip_tags($c); $choice = new Choice($c); - $_SESSION['form']->addChoice($choice); + $form->addChoice($choice); } } } // Expiration date is initialised with config parameter. Value will be modified in step 4 if user has defined an other date - $_SESSION['form']->end_date = $max_expiry_time; + $form->end_date = $max_expiry_time; // Summary $summary = '
    '; - foreach ($_SESSION['form']->getChoices() as $i=>$choice) { + foreach ($form->getChoices() as $i=>$choice) { preg_match_all('/\[!\[(.*?)\]\((.*?)\)\]\((.*?)\)/', $choice->getName(), $md_a_img); // Markdown [![alt](src)](href) preg_match_all('/!\[(.*?)\]\((.*?)\)/', $choice->getName(), $md_img); // Markdown ![alt](src) preg_match_all('/\[(.*?)\]\((.*?)\)/', $choice->getName(), $md_a); // Markdown [text](href) @@ -162,6 +164,8 @@ if (empty($_SESSION['form']->title) || empty($_SESSION['form']->admin_name) || ( $end_date_str = utf8_encode(strftime($date_format['txt_date'], $max_expiry_time)); //textual date + $_SESSION['form'] = serialize($form); + $smarty->assign('title', __('Step 3', 'Removal date and confirmation (3 on 3)')); $smarty->assign('summary', $summary); $smarty->assign('end_date_str', $end_date_str); @@ -189,7 +193,7 @@ if (empty($_SESSION['form']->title) || empty($_SESSION['form']->admin_name) || ( echo ' ' . "\n"; // Fields choices : 5 by default - $choices = $_SESSION['form']->getChoices(); + $choices = $form->getChoices(); $nb_choices = max(count($choices), 5); for ($i = 0; $i < $nb_choices; $i++) { $choice = isset($choices[$i]) ? $choices[$i] : new Choice(); diff --git a/create_date_poll.php b/create_date_poll.php index 749aac1..b27f7a0 100644 --- a/create_date_poll.php +++ b/create_date_poll.php @@ -44,21 +44,23 @@ if (is_readable('bandeaux_local.php')) { $min_expiry_time = $pollService->minExpiryDate(); $max_expiry_time = $pollService->maxExpiryDate(); +$form = unserialize($_SESSION['form']); + // The poll format is DATE if we are in this file -if (!isset($_SESSION['form']->format)) { - $_SESSION['form']->format = 'D'; +if (!isset($form->format)) { + $form->format = 'D'; } // If we come from another format, we need to clear choices -if (isset($_SESSION['form']->format) && $_SESSION['form']->format !== 'D') { - $_SESSION['form']->format = 'D'; - $_SESSION['form']->clearChoices(); +if (isset($form->format) && $form->format !== 'D') { + $form->format = 'D'; + $form->clearChoices(); } -if (!isset($_SESSION['form']->title) || !isset($_SESSION['form']->admin_name) || ($config['use_smtp'] && !isset($_SESSION['form']->admin_mail))) { +if (!isset($form->title) || !isset($form->admin_name) || ($config['use_smtp'] && !isset($form->admin_mail))) { $step = 1; } else if (!empty($_POST['confirmation'])) { $step = 4; -} else if (empty($_POST['choixheures']) || isset($_SESSION['form']->totalchoixjour)) { +} else if (empty($_POST['choixheures']) || isset($form->totalchoixjour)) { $step = 2; } else { $step = 3; @@ -76,7 +78,7 @@ switch ($step) { // Step 2/4 : Select dates of the poll // Prefill form->choices - foreach ($_SESSION['form']->getChoices() as $c) { + foreach ($form->getChoices() as $c) { /** @var Choice $c */ $count = 3 - count($c->getSlots()); for ($i = 0; $i < $count; $i++) { @@ -84,18 +86,20 @@ switch ($step) { } } - $count = 3 - count($_SESSION['form']->getChoices()); + $count = 3 - count($form->getChoices()); for ($i = 0; $i < $count; $i++) { $c = new Choice(''); $c->addSlot(''); $c->addSlot(''); $c->addSlot(''); - $_SESSION['form']->addChoice($c); + $form->addChoice($c); } + $_SESSION['form'] = serialize($form); + // Display step 2 $smarty->assign('title', __('Step 2 date', 'Poll dates (2 on 3)')); - $smarty->assign('choices', $_SESSION['form']->getChoices()); + $smarty->assign('choices', $form->getChoices()); $smarty->assign('error', null); $smarty->display('create_date_poll_step_2.tpl'); @@ -115,7 +119,7 @@ switch ($step) { if (count($_POST['days']) > MAX_SLOTS_PER_POLL) { // Display step 2 $smarty->assign('title', __('Step 2 date', 'Poll dates (2 on 3)')); - $smarty->assign('choices', $_SESSION['form']->getChoices()); + $smarty->assign('choices', $form->getChoices()); $smarty->assign('error', __f('Error', 'You can\'t select more than %d dates', MAX_SLOTS_PER_POLL)); $smarty->display('create_date_poll_step_2.tpl'); @@ -123,7 +127,7 @@ switch ($step) { } // Clear previous choices - $_SESSION['form']->clearChoices(); + $form->clearChoices(); // Reorder moments to deal with suppressed dates $moments = []; @@ -143,7 +147,7 @@ switch ($step) { $date = DateTime::createFromFormat(__('Date', 'datetime_parseformat'), $_POST['days'][$i])->setTime(0, 0, 0); $time = (string) $date->getTimestamp(); $choice = new Choice($time); - $_SESSION['form']->addChoice($choice); + $form->addChoice($choice); $schedules = $inputService->filterArray($moments[$i], FILTER_DEFAULT); for ($j = 0; $j < count($schedules); $j++) { @@ -153,12 +157,12 @@ switch ($step) { } } } - $_SESSION['form']->sortChoices(); + $form->sortChoices(); } // Display step 3 $summary = '
      '; - $choices = $_SESSION['form']->getChoices(); + $choices = $form->getChoices(); foreach ($choices as $choice) { /** @var Choice $choice */ $summary .= '
    • ' . strftime($date_format['txt_full'], $choice->getName()); @@ -174,6 +178,8 @@ switch ($step) { $end_date_str = utf8_encode(strftime($date_format['txt_date'], $max_expiry_time)); // textual date + $_SESSION['form'] = serialize($form); + $smarty->assign('title', __('Step 3', 'Removal date and confirmation (3 on 3)')); $smarty->assign('summary', $summary); $smarty->assign('end_date_str', $end_date_str); @@ -196,22 +202,22 @@ switch ($step) { $time = mktime(0, 0, 0, $registredate[1], $registredate[0], $registredate[2]); if ($time < $min_expiry_time) { - $_SESSION['form']->end_date = $min_expiry_time; + $form->end_date = $min_expiry_time; } elseif ($max_expiry_time < $time) { - $_SESSION['form']->end_date = $max_expiry_time; + $form->end_date = $max_expiry_time; } else { - $_SESSION['form']->end_date = $time; + $form->end_date = $time; } } } - if (empty($_SESSION['form']->end_date)) { + if (empty($form->end_date)) { // By default, expiration date is 6 months after last day - $_SESSION['form']->end_date = $max_expiry_time; + $form->end_date = $max_expiry_time; } // Insert poll in database - $ids = $pollService->createPoll($_SESSION['form']); + $ids = $pollService->createPoll($form); $poll_id = $ids[0]; $admin_poll_id = $ids[1]; @@ -219,7 +225,7 @@ switch ($step) { if ($config['use_smtp'] === true) { $message = __('Mail', "This is the message you have to send to the people you want to poll. \nNow, you have to send this message to everyone you want to poll."); $message .= '

      '; - $message .= Utils::htmlEscape($_SESSION['form']->admin_name) . ' ' . __('Mail', 'hast just created a poll called') . ' : "' . Utils::htmlEscape($_SESSION['form']->title) . '".
      '; + $message .= Utils::htmlEscape($form->admin_name) . ' ' . __('Mail', 'hast just created a poll called') . ' : "' . Utils::htmlEscape($form->title) . '".
      '; $message .= __('Mail', 'Thanks for filling the poll at the link above') . ' :

      %1$s'; $message_admin = __('Mail', "This message should NOT be sent to the polled people. It is private for the poll's creator.\n\nYou can now modify it at the link above"); @@ -228,9 +234,9 @@ switch ($step) { $message = sprintf($message, Utils::getUrlSondage($poll_id)); $message_admin = sprintf($message_admin, Utils::getUrlSondage($admin_poll_id, true)); - if ($mailService->isValidEmail($_SESSION['form']->admin_mail)) { - $mailService->send($_SESSION['form']->admin_mail, '[' . NOMAPPLICATION . '][' . __('Mail', 'Author\'s message') . '] ' . __('Generic', 'Poll') . ': ' . Utils::htmlEscape($_SESSION['form']->title), $message_admin); - $mailService->send($_SESSION['form']->admin_mail, '[' . NOMAPPLICATION . '][' . __('Mail', 'For sending to the polled users') . '] ' . __('Generic', 'Poll') . ': ' . Utils::htmlEscape($_SESSION['form']->title), $message); + if ($mailService->isValidEmail($form->admin_mail)) { + $mailService->send($form->admin_mail, '[' . NOMAPPLICATION . '][' . __('Mail', 'Author\'s message') . '] ' . __('Generic', 'Poll') . ': ' . Utils::htmlEscape($form->title), $message_admin); + $mailService->send($form->admin_mail, '[' . NOMAPPLICATION . '][' . __('Mail', 'For sending to the polled users') . '] ' . __('Generic', 'Poll') . ': ' . Utils::htmlEscape($form->title), $message); } } diff --git a/create_poll.php b/create_poll.php index 50b7ebf..de51c3b 100644 --- a/create_poll.php +++ b/create_poll.php @@ -35,18 +35,19 @@ $pollRepository = RepositoryFactory::pollRepository(); /* PAGE */ /* ---- */ +$form = isset($_SESSION['form']) ? unserialize($_SESSION['form']) : null; -if (!isset($_SESSION['form'])) { - $_SESSION['form'] = new Form(); +if ($form === null && !($form instanceof Form)) { + $form = new Form(); } // Type de sondage if (isset($_GET['type']) && $_GET['type'] === 'date') { $poll_type = 'date'; - $_SESSION['form']->choix_sondage = $poll_type; + $form->choix_sondage = $poll_type; } else { $poll_type = 'classic'; - $_SESSION['form']->choix_sondage = $poll_type; + $form->choix_sondage = $poll_type; } // We clean the data @@ -85,21 +86,21 @@ if ($goToStep2) { $error_on_customized_url = false; $error_on_ValueMax = false; - $_SESSION['form']->title = $title; - $_SESSION['form']->id = $customized_url; - $_SESSION['form']->use_customized_url = $use_customized_url; - $_SESSION['form']->use_ValueMax = $use_ValueMax; - $_SESSION['form']->ValueMax = $ValueMax; - $_SESSION['form']->admin_name = $name; - $_SESSION['form']->admin_mail = $mail; - $_SESSION['form']->description = $description; - $_SESSION['form']->editable = $editable; - $_SESSION['form']->receiveNewVotes = $receiveNewVotes; - $_SESSION['form']->receiveNewComments = $receiveNewComments; - $_SESSION['form']->hidden = $hidden; - $_SESSION['form']->collect_users_mail = $collect_users_mail; - $_SESSION['form']->use_password = ($use_password !== null); - $_SESSION['form']->results_publicly_visible = ($results_publicly_visible !== null); + $form->title = $title; + $form->id = $customized_url; + $form->use_customized_url = $use_customized_url; + $form->use_ValueMax = $use_ValueMax; + $form->ValueMax = $ValueMax; + $form->admin_name = $name; + $form->admin_mail = $mail; + $form->description = $description; + $form->editable = $editable; + $form->receiveNewVotes = $receiveNewVotes; + $form->receiveNewComments = $receiveNewComments; + $form->hidden = $hidden; + $form->collect_users_mail = $collect_users_mail; + $form->use_password = ($use_password !== null); + $form->results_publicly_visible = ($results_publicly_visible !== null); if ($config['use_smtp'] === true && empty($mail)) { $error_on_mail = true; @@ -152,13 +153,15 @@ if ($goToStep2) { && !$error_on_password && !$error_on_password_repeat &&!$error_on_ValueMax ) { // If no errors, we hash the password if needed - if ($_SESSION['form']->use_password) { - $_SESSION['form']->password_hash = PasswordHasher::hash($password); + if ($form->use_password) { + $form->password_hash = PasswordHasher::hash($password); } else { - $_SESSION['form']->password_hash = null; - $_SESSION['form']->results_publicly_visible = null; + $form->password_hash = null; + $form->results_publicly_visible = null; } + $_SESSION['form'] = serialize($form); + if ($goToStep2 === 'date') { header('Location:create_date_poll.php'); exit(); @@ -292,21 +295,21 @@ $smarty->assign('default_to_marldown_editor', $config['markdown_editor_by_defaul $smarty->assign('goToStep2', GO_TO_STEP_2); $smarty->assign('poll_type', $poll_type); -$smarty->assign('poll_title', Utils::fromPostOrDefault('title', $_SESSION['form']->title)); -$smarty->assign('customized_url', Utils::fromPostOrDefault('customized_url', $_SESSION['form']->id)); -$smarty->assign('use_customized_url', Utils::fromPostOrDefault('use_customized_url', $_SESSION['form']->use_customized_url)); -$smarty->assign('ValueMax', Utils::fromPostOrDefault('ValueMax', $_SESSION['form']->ValueMax)); -$smarty->assign('use_ValueMax', Utils::fromPostOrDefault('use_ValueMax', $_SESSION['form']->use_ValueMax)); -$smarty->assign('collect_users_mail', Utils::fromPostOrDefault('collect_users_mail', $_SESSION['form']->collect_users_mail)); -$smarty->assign('poll_description', !empty($_POST['description']) ? $_POST['description'] : $_SESSION['form']->description); -$smarty->assign('poll_name', Utils::fromPostOrDefault('name', $_SESSION['form']->admin_name)); -$smarty->assign('poll_mail', Utils::fromPostOrDefault('mail', $_SESSION['form']->admin_mail)); -$smarty->assign('poll_editable', Utils::fromPostOrDefault('editable', $_SESSION['form']->editable)); -$smarty->assign('poll_receiveNewVotes', Utils::fromPostOrDefault('receiveNewVotes', $_SESSION['form']->receiveNewVotes)); -$smarty->assign('poll_receiveNewComments', Utils::fromPostOrDefault('receiveNewComments', $_SESSION['form']->receiveNewComments)); -$smarty->assign('poll_hidden', Utils::fromPostOrDefault('hidden', $_SESSION['form']->hidden)); -$smarty->assign('poll_use_password', Utils::fromPostOrDefault('use_password', $_SESSION['form']->use_password)); -$smarty->assign('poll_results_publicly_visible', Utils::fromPostOrDefault('results_publicly_visible', $_SESSION['form']->results_publicly_visible)); -$smarty->assign('form', $_SESSION['form']); +$smarty->assign('poll_title', Utils::fromPostOrDefault('title', $form->title)); +$smarty->assign('customized_url', Utils::fromPostOrDefault('customized_url', $form->id)); +$smarty->assign('use_customized_url', Utils::fromPostOrDefault('use_customized_url', $form->use_customized_url)); +$smarty->assign('ValueMax', Utils::fromPostOrDefault('ValueMax', $form->ValueMax)); +$smarty->assign('use_ValueMax', Utils::fromPostOrDefault('use_ValueMax', $form->use_ValueMax)); +$smarty->assign('collect_users_mail', Utils::fromPostOrDefault('collect_users_mail', $form->collect_users_mail)); +$smarty->assign('poll_description', !empty($_POST['description']) ? $_POST['description'] : $form->description); +$smarty->assign('poll_name', Utils::fromPostOrDefault('name', $form->admin_name)); +$smarty->assign('poll_mail', Utils::fromPostOrDefault('mail', $form->admin_mail)); +$smarty->assign('poll_editable', Utils::fromPostOrDefault('editable', $form->editable)); +$smarty->assign('poll_receiveNewVotes', Utils::fromPostOrDefault('receiveNewVotes', $form->receiveNewVotes)); +$smarty->assign('poll_receiveNewComments', Utils::fromPostOrDefault('receiveNewComments', $form->receiveNewComments)); +$smarty->assign('poll_hidden', Utils::fromPostOrDefault('hidden', $form->hidden)); +$smarty->assign('poll_use_password', Utils::fromPostOrDefault('use_password', $form->use_password)); +$smarty->assign('poll_results_publicly_visible', Utils::fromPostOrDefault('results_publicly_visible', $form->results_publicly_visible)); +$smarty->assign('form', $form); $smarty->display('create_poll.tpl');