hotline #56230 : contact message should not contain HTML

a660c576 · Patrick Barroca · 619d89e9 · a660c576 · a660c576 · a660c576
Commit a660c576 authored 8 years ago by Patrick Barroca
--- a/VERSIONS_HOTLINE/56230
+++ b/VERSIONS_HOTLINE/56230
+ - ticket #56230 : Formulaire de contact : Le message ne doit pas contenir de HTML
\ No newline at end of file
--- a/library/ZendAfi/Form/ContactForm.php
+++ b/library/ZendAfi/Form/ContactForm.php
@@ -66,32 +66,43 @@ class ZendAfi_Form_ContactForm extends ZendAfi_Form {
                                   'size' => 50,
                                   'required' => true,
                                   'allowEmpty' => false])
+
      ->addElement('text', 'prenom', ['label' => $this->_('Prénom').' *',
                                      'size'  => 50,
                                      'required' => true,
                                      'allowEmpty' => false])
+
      ->addElement('text', 'adresse', ['label' => $this->_('Adresse'),
                                       'size' => 50])
+
      ->addElement('text', 'code_postal', ['label' => $this->_('Code postal').' *',
                                           'size' => 8,
                                           'required' => true,
                                           'allowEmpty' => false])
+
      ->addElement('text', 'ville', ['label' => $this->_('Ville'),
                                     'size' => 50])
+
      ->addElement('email', 'mail', ['label' => $this->_('E-mail').' *',
                                    'size'  => 50,
                                    'required' => true,
                                     'allowEmpty' => false])
+
      ->addElement('text', 'sujet', [
                                     'label' => $this->_('Sujet').' *',
                                     'size' => 50,
                                     'required' => true,
                                     'allowEmpty' => false])
+
      ->addElement('textarea', 'message', ['label' => $this->_('Message').' *',
                                           'cols' => 60,
                                           'required' => true,
-                                           'allowEmpty' => false])
+                                           'allowEmpty' => false,
+                                           'validators' => ['NoHtml']
+                                           ])
+
      ->addElement('text', 'emailCheck', ['data-spambots' => 'true'])
+
      ->addElement('timer', 'timer', ['session' => Zend_Registry::get('session'),
                                      'salt' => __CLASS__,
                                      'delaySeconds' => 10]);

--- a/library/ZendAfi/Validate/NoHtml.php
+++ b/library/ZendAfi/Validate/NoHtml.php
+<?php
+/**
+ * Copyright (c) 2012-2017, Agence Française Informatique (AFI). All rights reserved.
+ *
+ * BOKEH is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
+ * the Free Software Foundation.
+ *
+ * There are special exceptions to the terms and conditions of the AGPL as it
+ * is applied to this software (see README file).
+ *
+ * BOKEH is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * along with BOKEH; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
+ */
+
+
+class ZendAfi_Validate_NoHtml extends Zend_Validate_Abstract {
+  const CONTAINS_HTML = 'containsHtml';
+
+  protected $_messageTemplates = [self::CONTAINS_HTML => 'La mise en forme HTML n\'est pas autorisée'];
+
+
+  public function isValid($value) {
+    if ($value == strip_tags($value))
+      return true;
+
+    $this->_error(self::CONTAINS_HTML);
+    return false;
+  }
+}
--- a/tests/application/modules/opac/controllers/FormulaireContactTest.php
+++ b/tests/application/modules/opac/controllers/FormulaireContactTest.php
@@ -79,8 +79,9 @@ class FormulaireContactInvalidPostTest extends AbstractControllerTestCase {
  public function setUp() {
    parent::setUp();
    $this->postDispatch('/opac/index/formulairecontact',
-                        array('ville' => 'Annecy',
-                              'mail' => 'blabla'));
+                        ['ville' => 'Annecy',
+                         'mail' => 'blabla',
+                         'message' => 'String containing <a href="#">HTML</a>']);
  }

  /** @test */
@@ -88,14 +89,22 @@ class FormulaireContactInvalidPostTest extends AbstractControllerTestCase {
    $this->assertXPath('//input[@name="ville"]', 'Annecy');
  }

+
  /** @test */
  public function errorsShouldDisplayEmailInvalide() {
    $this->assertXPathContentContains('//ul[@class="errors"]', 'blabla');
  }
+
+
+  /** @test */
+  public function errorsShouldDisplayNoHtmlAllowed() {
+    $this->assertXPathContentContains('//ul[@class="errors"]', 'La mise en forme HTML');
+  }
 }



+
 class FormulaireContactInvalidEmailHoneyPotPostTest extends AbstractControllerTestCase {
  public function setUp() {
    parent::setUp();