From 2bae308e35feb460be4123f0980d8417d95bdcea Mon Sep 17 00:00:00 2001
From: Arthur Suzuki <arthur.suzuki@biblibre.com>
Date: Tue, 4 Feb 2020 17:10:56 +0100
Subject: [PATCH] =?UTF-8?q?hotline#105040:=20Formulaire=20:=20l'antispam?=
=?UTF-8?q?=20filtrait=20des=20donn=C3=A9es=20valides=20et=20empechait=20l?=
=?UTF-8?q?a=20saisie=20de=20valeurs=20dans=20un=20formulaire?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
VERSIONS_HOTLINE/105040 | 1 +
.../opac/controllers/FormulaireController.php | 9 +-
.../controllers/FormulaireControllerTest.php | 105 ++++++++++++++++++
3 files changed, 114 insertions(+), 1 deletion(-)
create mode 100644 VERSIONS_HOTLINE/105040
diff --git a/VERSIONS_HOTLINE/105040 b/VERSIONS_HOTLINE/105040
new file mode 100644
index 00000000000..7269bda673e
--- /dev/null
+++ b/VERSIONS_HOTLINE/105040
@@ -0,0 +1 @@
+ - ticket #105040 : Formulaire articles ne marche pas avec des noms d'input contenant des espaces, des tirets bas et des crochets droits
\ No newline at end of file
diff --git a/application/modules/opac/controllers/FormulaireController.php b/application/modules/opac/controllers/FormulaireController.php
index 145902b4e22..a5525e7bd37 100644
--- a/application/modules/opac/controllers/FormulaireController.php
+++ b/application/modules/opac/controllers/FormulaireController.php
@@ -56,7 +56,14 @@ class FormulaireController extends ZendAfi_Controller_Action {
$article->getContenu(),
$all_inputs);
- if (array_diff(array_keys($post), $all_inputs[1]))
+ $clean_input = array_map(function($input)
+ {
+ return str_replace(['.',' ','['],
+ '_',
+ $input);
+ },
+ $all_inputs[1]);
+ if (array_diff(array_keys($post), $clean_input))
return true;
return false;
diff --git a/tests/application/modules/opac/controllers/FormulaireControllerTest.php b/tests/application/modules/opac/controllers/FormulaireControllerTest.php
index 94357837739..7eea1070deb 100644
--- a/tests/application/modules/opac/controllers/FormulaireControllerTest.php
+++ b/tests/application/modules/opac/controllers/FormulaireControllerTest.php
@@ -31,6 +31,10 @@ abstract class FormulaireControllerPostActionTestCase extends AbstractController
'contenu' => '<form action="/formulaire/add/id_article/45" method="POST" name="Nous écrire">'
. '<p>Votre nom<input name="nom" type="text" /></p>'
. '<p>Votre prénom<input name="prenom" type="text" /></p>'
+ . '<p><input name="Dejeuner" required="required" type="radio" value="libre">Libre</p>'
+ . '<p><input name="Dejeuner" required="required" type="radio" value="Restaurant">Restaurant avec le groupe (sur réservation)</p>'
+ . '<p><input name="option1" type="checkbox" value="wifi">Wifi</p>'
+ . '<p><input name="option2" type="checkbox" value="piscine">Piscine</p>'
. '</form>']);
$this->fixture('Class_Formulaire',
['id' => 1,
@@ -237,6 +241,107 @@ class FormulaireControllerPostAsBotTest extends FormulaireControllerPostActionTe
$this->assertRedirectTo('/');
}
+
+
+ /** @test */
+ public function withValidDataShouldCreateANewForm() {
+ $this->postDispatch('/formulaire/add/id_article/45',
+ ['nom' => 'Tinguette' ,
+ 'prenom' => 'Quentin',
+ 'Dejeuner' => 'libre',
+ 'option1' => 'cafe',
+ 'option2' => 'wifi',
+ 'website' => ''],
+ true);
+ $this->assertNotRedirectTo('/');
+ }
+
+}
+
+
+
+
+class FormulaireControllerPostActionDebugTestCase extends AbstractControllerTestCase {
+ protected
+ $_storm_default_to_volatile = true;
+
+
+ public function setUp() {
+ parent::setUp();
+
+ Class_Article::newInstanceWithId(45, ['titre' => 'Contactez nous',
+ 'contenu' => '<form action="/arthur/formulaire/add/id_article/1618" method="POST">
+<p><input name="Inscription Journée Bokeh 2 avril Talence" type="hidden" value="Inscription Journée Bokeh 2 avril Talence" />Nom, Prénom<br />
+<input data-tc-id="w-0.29026469748912975" name="Nom, Prénom" required="required" tc-textcontent="true" type="text" /></p>
+
+<p>Adresse mail<br />
+<input data-tc-id="w-0.07789243529520828" name="Mail" required="required" tc-textcontent="true" type="email" /></p>
+
+<p>Etablissement<br />
+<input data-tc-id="w-0.0005608611335192748" name="Etablissement" required="required" tc-textcontent="true" type="text" /></p>
+
+<p>SIGB (Nanook, Koha, PNB, Orphée NX etc....)<br />
+<input data-tc-id="w-0.8095451597979981" name="SIGB" required="required" tc-textcontent="true" type="text" /></p>
+
+<p>Adresse de votre portail Bokeh (url en http/s)<br />
+<input data-tc-id="w-0.20741370069209997" name="Site Web" tc-textcontent="true" type="url" /></p>
+
+<p>Déjeuner</p>
+
+<p><input data-tc-id="w-0.4082287663760651" name="Dejeuner" required="required" tc-textcontent="true" type="radio" value="libre" />Libre</p>
+
+<p><input data-tc-id="w-0.46758368222915037" name="Dejeuner" required="required" tc-textcontent="true" type="radio" value="Restaurant" />Restaurant avec le groupe (sur réservation)</p>
+
+<p> </p>
+
+<p><input data-tc-id="w-0.42382856730050433" tc-textcontent="true" type="submit" value="Envoyer" /></p>
+<input autocomplete="off" data-spambots="true" data-tc-id="w-0.997230006041362" name="website" tc-textcontent="true" type="text" /> </form>
+<form action="/arthur/formulaire/add/id_article/1618" method="POST">
+<p><input name="Inscription Journée Bokeh 2 avril Talence" type="hidden" value="Inscription Journée Bokeh 2 avril Talence" />Nom, Prénom<br />
+<input data-tc-id="w-0.29026469748912975" name="Nom, Prénom" required="required" tc-textcontent="true" type="text" /></p>
+
+<p>Adresse mail<br />
+<input data-tc-id="w-0.07789243529520828" name="Mail" required="required" tc-textcontent="true" type="email" /></p>
+
+<p>Etablissement<br />
+<input data-tc-id="w-0.0005608611335192748" name="Etablissement" required="required" tc-textcontent="true" type="text" /></p>
+
+<p>SIGB (Nanook, Koha, PNB, Orphée NX etc....)<br />
+<input data-tc-id="w-0.8095451597979981" name="SIGB" required="required" tc-textcontent="true" type="text" /></p>
+
+<p>Adresse de votre portail Bokeh (url en http/s)<br />
+<input data-tc-id="w-0.20741370069209997" name="Site Web" tc-textcontent="true" type="url" /></p>
+
+<p>Déjeuner</p>
+
+<p><input data-tc-id="w-0.4082287663760651" name="Dejeuner" required="required" tc-textcontent="true" type="radio" value="libre" />Libre</p>
+
+<p><input data-tc-id="w-0.46758368222915037" name="Dejeuner" required="required" tc-textcontent="true" type="radio" value="Restaurant" />Restaurant avec le groupe (sur réservation)</p>
+
+<p> </p>
+
+<p><input data-tc-id="w-0.42382856730050433" tc-textcontent="true" type="submit" value="Envoyer" /></p>
+<input autocomplete="off" data-spambots="true" data-tc-id="w-0.997230006041362" name="website" tc-textcontent="true" type="text" /> </form>
+']);
+
+ $this->postDispatch('/formulaire/add/id_article/45',
+ [
+ 'Inscription_Journée_Bokeh_2_avril_Talence' => 'Inscription Journée Bokeh 2 avril Talence',
+ 'Nom,_Prénom' => 'Suzuki',
+ 'Mail' => 'arthur.suzuki@free.fr',
+ 'Etablissement' => 'AFI',
+ 'SIGB' => 'koha',
+ 'Site_Web' => 'http://sandbox.afi-sa.fr/arthur/cms/articleview/id/1618',
+ 'Dejeuner' => 'libre',
+ 'website' => ''
+ ],
+ true);
+ }
+
+ /** @test */
+ public function responseShouldNotRedirect() {
+ $this->assertNotRedirectTo('/');
+ }
}
?>
\ No newline at end of file
--
GitLab