Formulaire: s'assure que le tag <form> soit toujours en method=POST

2ffe7789 · llaffont · 80fc908b · 2ffe7789 · 2ffe7789
Commit 2ffe7789 authored 12 years ago by llaffont
--- a/library/Class/Article.php
+++ b/library/Class/Article.php
@@ -738,17 +738,22 @@ class Class_Article extends Storm_Model_Abstract {
 	public function getContenu() {
 		$contenu = parent::_get('contenu');

-		if (preg_match('/(<form[^>]+)action=[\"\']http/', $contenu))
+		$quote = '[\"\']';
+		$no_quotes = '[^\"\']+';
+		$quoted_value = $quote.$no_quotes.$quote;
+		if (preg_match('/(<form[^>]+)action='.$quote.'http/', $contenu))
 			return $contenu;

-		$replaced_form = preg_replace(['/(<form[^>]+)action=[\"\'][^\"\']+\"? /',
+		$replaced_form = preg_replace(['/(<form[^>]+)action='.$quoted_value.'/',
+																	 '/(<form[^>]+)method='.$quoted_value.'/',
 																	 '/(<form *)/'],
 																	['$1 ', 
-																	 '$1 action="'.BASE_URL.'/formulaire/add/id_article/'.$this->getId().'" '],
+																	 '$1 ',
+																	 '$1 action="'.BASE_URL.'/formulaire/add/id_article/'.$this->getId().'" method="POST" '],
 																	$contenu);

-		$typesubmit = 'type=[\'\"](?:submit|button)[\'\"]';
-		$namesubmit = 'name=[\"\'][^\"\']+[\'\"]';
+		$typesubmit = 'type='.$quote.'(?:submit|button)'.$quote;
+		$namesubmit = 'name='.$quoted_value;
 		$otherattributes = '[^>]+';
 		$inputtag = '<input';
 		return preg_replace([ '/('.$inputtag.$otherattributes.')('.$typesubmit.$otherattributes.')'.$namesubmit.'/',

--- a/tests/library/Class/ArticleFormulaireTest.php
+++ b/tests/library/Class/ArticleFormulaireTest.php
@@ -24,7 +24,7 @@ class ArticleFormulaireInternalTest extends Storm_Test_ModelTestCase {
 	public function setUp() {
 		parent::setUp();
 		$this->_article = Class_Article::newInstanceWithId(2,['titre' => 'Contactez-nous !',
-																				'contenu' => '<form id="idform" action="form" method="post" name="form" target="_blank">
+																				'contenu' => '<form id="idform" action=\'form\' method="post" name="form" target="_blank">
 	<p>		Donnee 1 :<br /><input name="champs texte" type="text" value="champtxt" />
  <input value="champ2"  name=\'champs texte\' type="text"/></p>
 	<p>	&nbsp;</p>
@@ -33,32 +33,32 @@ class ArticleFormulaireInternalTest extends Storm_Test_ModelTestCase {
 	<input type="submit" value="send" name="send"/>

  </form>
-  <form method="POST">
+  POST<form method="POST">
  
    <input type="button" value="likebutton" />
  </form>
-  <form>
+  EMPTY<form>
  </form>
  ']);
 	}

 	/** @test */
 	public function formIdFormActionShouldBeFormulaireAdd() {
-			$this->assertContains('<form  action="'.BASE_URL.'/formulaire/add/id_article/2" id="idform"', 
+			$this->assertContains('<form  action="'.BASE_URL.'/formulaire/add/id_article/2" method="POST" id="idform"     name="form" target="_blank', 
 														$this->_article->getContenu());
 	}


 	/** @test */
 	public function formWithMethodPostActionShouldBeFormulaireAdd() {
-			$this->assertContains('<form  action="'.BASE_URL.'/formulaire/add/id_article/2" method="POST">', 
+			$this->assertContains('POST<form   action="'.BASE_URL.'/formulaire/add/id_article/2" method="POST" >', 
 														$this->_article->getContenu());
 	}


 	/** @test */
 	public function emptyFormActionShouldBeFormulaireAdd() {
-			$this->assertContains('<form action="'.BASE_URL.'/formulaire/add/id_article/2" >', 
+			$this->assertContains('EMPTY<form action="'.BASE_URL.'/formulaire/add/id_article/2" method="POST" >', 
 														$this->_article->getContenu());
 	}