From 88fb61660a6431039b199bfbfef8760fb6e43723 Mon Sep 17 00:00:00 2001
From: Thomas De Backer <thomasisdebacker5@gmail.com>
Date: Thu, 17 May 2018 16:22:41 +0200
Subject: [PATCH] restrict custom urls

fixed coding standard issues

added error message to locale

Remove unecessary variable

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 create_poll.php | 3 +++
 locale/en.json  | 1 +
 2 files changed, 4 insertions(+)

diff --git a/create_poll.php b/create_poll.php
index 91b8ed0..179846a 100644
--- a/create_poll.php
+++ b/create_poll.php
@@ -112,6 +112,9 @@ if ($goToStep2) {
         } else if ($pollRepository->existsById($customized_url)) {
             $error_on_customized_url = true;
             $error_on_customized_url_msg = __('Error', 'Poll id already used');
+        } else if (in_array($customized_url, ['admin', 'vote', 'action'], true)) {
+            $error_on_customized_url = true;
+            $error_on_customized_url_msg = __('Error', 'This id is not allowed');
         }
     }
 
diff --git a/locale/en.json b/locale/en.json
index d932c55..dd6b2d2 100644
--- a/locale/en.json
+++ b/locale/en.json
@@ -150,6 +150,7 @@
       "The name is invalid.": "The name is invalid.",
       "The name you've chosen already exist in this poll!": "The name you've chosen already exists in this poll!",
       "There is a problem with your choices": "There is a problem with your choices",
+      "This id is not allowed": "This id is not allowed",
       "This poll doesn't exist !": "This poll doesn't exist!",
       "Update vote failed": "Update vote failed",
       "You already voted": "You already voted",