--- /tmp/dsg/dolibarr/htdocs/public/opensurvey/github_19.0.3_studs.php
+++ /tmp/dsg/dolibarr/htdocs/public/opensurvey/client_studs.php
@@ -25,14 +25,2 @@
-if (!defined('NOLOGIN')) {
- define("NOLOGIN", 1); // This means this output page does not require to be logged.
-}
-if (!defined('NOCSRFCHECK')) {
- define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
-}
-if (!defined('NOBROWSERNOTIF')) {
- define('NOBROWSERNOTIF', '1');
-}
-if (!defined('NOIPCHECK')) {
- define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
-}
-
-// Load Dolibarr environment
+define("NOLOGIN", 1); // This means this output page does not require to be logged.
+define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
@@ -43,2 +31 @@
-require_once DOL_DOCUMENT_ROOT."/opensurvey/lib/opensurvey.lib.php";
-require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
+require_once DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php";
@@ -50 +37,2 @@
-if (GETPOST('sondage')) {
+if (GETPOST('sondage'))
+{
@@ -63,3 +51 @@
-if (empty($conf->opensurvey->enabled)) {
- httponly_accessforbidden('Module Survey not enabled');
-}
+if (empty($conf->opensurvey->enabled)) accessforbidden('', 0, 0, 1);
@@ -77,4 +63,3 @@
-if (GETPOST('ajoutcomment', 'alpha')) {
- if (!$canbemodified) {
- httponly_accessforbidden('ErrorForbidden');
- }
+if (GETPOST('ajoutcomment', 'alpha'))
+{
+ if (!$canbemodified) accessforbidden('', 0, 0, 1);
@@ -84,4 +69,5 @@
- $comment = GETPOST("comment", 'alphanohtml');
- $comment_user = GETPOST('commentuser', 'alphanohtml');
-
- if (!$comment) {
+ $comment = GETPOST("comment", 'none');
+ $comment_user = GETPOST('commentuser', 'nohtml');
+
+ if (!$comment)
+ {
@@ -91 +77,2 @@
- if (!$comment_user) {
+ if (!$comment_user)
+ {
@@ -93,4 +80,5 @@
- setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Name")), null, 'errors');
- }
-
- if (!in_array($comment_user, $listofvoters)) {
+ setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("User")), null, 'errors');
+ }
+
+ if (!in_array($comment_user, $listofvoters))
+ {
@@ -101,34 +89,5 @@
- $user_ip = getUserRemoteIP();
- $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200);
- $now = dol_now();
- $minmonthpost = dol_time_plus_duree($now, -1, "m");
- // Calculate nb of post for IP
- $nb_post_ip = 0;
- if ($nb_post_max > 0) { // Calculate only if there is a limit to check
- $sql = "SELECT COUNT(id_comment) as nb_comments";
- $sql .= " FROM ".MAIN_DB_PREFIX."opensurvey_comments";
- $sql .= " WHERE ip = '".$db->escape($user_ip)."'";
- $sql .= " AND date_creation > '".$db->idate($minmonthpost)."'";
- $resql = $db->query($sql);
- if ($resql) {
- $num = $db->num_rows($resql);
- $i = 0;
- while ($i < $num) {
- $i++;
- $obj = $db->fetch_object($resql);
- $nb_post_ip = $obj->nb_comments;
- }
- }
- }
-
- if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
- setEventMessages($langs->trans("AlreadyTooMuchPostOnThisIPAdress"), null, 'errors');
- $error++;
- }
-
- if (!$error) {
- $resql = $object->addComment($comment, $comment_user, $user_ip);
-
- if (!$resql) {
- dol_print_error($db);
- }
+ if (!$error)
+ {
+ $resql = $object->addComment($comment, $comment_user);
+
+ if (!$resql) dol_print_error($db);
@@ -139,4 +98,3 @@
-if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // boutonp for chrome, boutonp_x for firefox
- if (!$canbemodified) {
- httponly_accessforbidden('ErrorForbidden');
- }
+if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) // boutonp for chrome, boutonp_x for firefox
+{
+ if (!$canbemodified) accessforbidden('', 0, 0, 1);
@@ -145 +103,2 @@
- if (GETPOST('nom', 'alphanohtml')) {
+ if (GETPOST('nom', 'nohtml'))
+ {
@@ -147,2 +106,4 @@
- for ($i = 0; $i < $nbcolonnes; $i++) {
- if (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '1') {
+ for ($i = 0; $i < $nbcolonnes; $i++)
+ {
+ if (isset($_POST["choix$i"]) && $_POST["choix$i"] == '1')
+ {
@@ -150 +111,3 @@
- } elseif (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '2') {
+ }
+ elseif (isset($_POST["choix$i"]) && $_POST["choix$i"] == '2')
+ {
@@ -152 +115,2 @@
- } else {
+ }
+ else { // sinon c'est 0
@@ -157,25 +121 @@
- $user_ip = getUserRemoteIP();
- $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200);
- $now = dol_now();
- $minmonthpost = dol_time_plus_duree($now, -1, "m");
- // Calculate nb of post for IP
- $nb_post_ip = 0;
- if ($nb_post_max > 0) { // Calculate only if there is a limit to check
- $sql = "SELECT COUNT(id_users) as nb_records";
- $sql .= " FROM ".MAIN_DB_PREFIX."opensurvey_user_studs";
- $sql .= " WHERE ip = '".$db->escape($user_ip)."'";
- $sql .= " AND date_creation > '".$db->idate($minmonthpost)."'";
- $resql = $db->query($sql);
- if ($resql) {
- $num = $db->num_rows($resql);
- $i = 0;
- while ($i < $num) {
- $i++;
- $obj = $db->fetch_object($resql);
- $nb_post_ip = $obj->nb_records;
- }
- }
- }
-
-
- $nom = substr(GETPOST("nom", 'alphanohtml'), 0, 64);
+ $nom = substr(GETPOST("nom", 'nohtml'), 0, 64);
@@ -188,3 +128 @@
- if (!$resql) {
- dol_print_error($db);
- }
+ if (!$resql) dol_print_error($db);
@@ -193,2 +131,2 @@
-
- if ($num_rows > 0) {
+ if ($num_rows > 0)
+ {
@@ -197,7 +135,5 @@
- } elseif ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
- setEventMessages($langs->trans("AlreadyTooMuchPostOnThisIPAdress"), null, 'errors');
- $error++;
- } else {
- $now = dol_now();
- $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'opensurvey_user_studs (nom, id_sondage, reponses, ip, date_creation)';
- $sql .= " VALUES ('".$db->escape($nom)."', '".$db->escape($numsondage)."','".$db->escape($nouveauchoix)."', '".$db->escape($user_ip)."', '".$db->idate($now)."')";
+ }
+ else
+ {
+ $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'opensurvey_user_studs (nom, id_sondage, reponses)';
+ $sql .= " VALUES ('".$db->escape($nom)."', '".$db->escape($numsondage)."','".$db->escape($nouveauchoix)."')";
@@ -206 +142,2 @@
- if ($resql) {
+ if ($resql)
+ {
@@ -211 +148,2 @@
- if ($object->mailsonde) {
+ if ($object->mailsonde)
+ {
@@ -227,3 +165 @@
- $link = getUrlSondage($numsondage, true);
- $link = ''.$link.'';
- $body = str_replace('\n', '
', $langs->transnoentities('EmailSomeoneVoted', $nom, $link));
+ $body = str_replace('\n', '
', $langs->transnoentities('EmailSomeoneVoted', $nom, getUrlSondage($numsondage, true)));
@@ -232 +168 @@
- $cmailfile = new CMailFile("[".$application."] ".$langs->trans("Poll").': '.$object->title, $email, $conf->global->MAIN_MAIL_EMAIL_FROM, $body, null, null, null, '', '', 0, -1);
+ $cmailfile = new CMailFile("[".$application."] ".$langs->trans("Poll").': '.$object->titre, $email, $conf->global->MAIN_MAIL_EMAIL_FROM, $body, null, null, null, '', '', 0, -1);
@@ -236,5 +172,6 @@
- } else {
- dol_print_error($db);
- }
- }
- } else {
+ }
+ else dol_print_error($db);
+ }
+ }
+ else
+ {
@@ -250,2 +187,4 @@
-for ($i = 0; $i < $nblines; $i++) {
- if (GETPOSTISSET('modifierligne'.$i)) {
+for ($i = 0; $i < $nblines; $i++)
+{
+ if (isset($_POST['modifierligne'.$i]))
+ {
@@ -257 +196,2 @@
- if (GETPOSTISSET('validermodifier'.$i)) {
+ if (isset($_POST['validermodifier'.$i]))
+ {
@@ -263 +203,3 @@
-if ($testmodifier) {
+if ($testmodifier)
+{
+ //var_dump($_POST);exit;
@@ -265,2 +207,5 @@
- for ($i = 0; $i < $nbcolonnes; $i++) {
- if (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '1') {
+ for ($i = 0; $i < $nbcolonnes; $i++)
+ {
+ //var_dump($_POST["choix$i"]);
+ if (isset($_POST["choix".$i]) && $_POST["choix".$i] == '1')
+ {
@@ -268 +213,3 @@
- } elseif (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '2') {
+ }
+ elseif (isset($_POST["choix".$i]) && $_POST["choix".$i] == '2')
+ {
@@ -270 +217,2 @@
- } else {
+ }
+ else { // sinon c'est 0
@@ -275,5 +223,3 @@
- if (!$canbemodified) {
- httponly_accessforbidden('ErrorForbidden');
- }
-
- $idtomodify = GETPOST("idtomodify".$modifier);
+ if (!$canbemodified) accessforbidden('', 0, 0, 1);
+
+ $idtomodify = $_POST["idtomodify".$modifier];
@@ -285,3 +231 @@
- if (!$resql) {
- dol_print_error($db);
- }
+ if (!$resql) dol_print_error($db);
@@ -292,4 +236,3 @@
-if ($idcomment) {
- if (!$canbemodified) {
- httponly_accessforbidden('ErrorForbidden');
- }
+if ($idcomment)
+{
+ if (!$canbemodified) accessforbidden('', 0, 0, 1);
@@ -311,3 +254,4 @@
-llxHeaderSurvey($object->title, "", 0, 0, $arrayofjs, $arrayofcss, $numsondage);
-
-if (empty($object->ref)) { // For survey, id is a hex string
+llxHeaderSurvey($object->titre, "", 0, 0, $arrayofjs, $arrayofcss, $numsondage);
+
+if (empty($object->ref)) // For survey, id is a hex string
+{
@@ -326 +270,2 @@
-foreach ($toutsujet as $value) {
+foreach ($toutsujet as $value)
+{
@@ -328 +273 @@
- $listofanswers[] = array('label'=>$tmp[0], 'format'=>(!empty($tmp[1]) ? $tmp[1] : 'checkbox'));
+ $listofanswers[] = array('label'=>$tmp[0], 'format'=>($tmp[1] ? $tmp[1] : 'checkbox'));
@@ -333 +278 @@
-print '
'.$langs->trans('SurveyExpiredInfo').'
\n"; - - print '
'."\n"; +if ($object->allow_comments) { + print '
\n"; + + print '
'."\n"; @@ -854,2 +755,2 @@ - print ' '."\n"; - print '
'."\n"; + print ' '."\n"; + print '
'."\n";