forked from Wavyzz/dolibarr
FIX Only voters can send comments in public survey page
This commit is contained in:
Laurent Destailleur
@@ -3097,7 +3097,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
|
|||||||
|
|
||||||
//if (in_array($picto, array('switch_off', 'switch_on', 'off', 'on')))
|
//if (in_array($picto, array('switch_off', 'switch_on', 'off', 'on')))
|
||||||
if (empty($srconly) && in_array($pictowithoutext, array(
|
if (empty($srconly) && in_array($pictowithoutext, array(
|
||||||
'bank', 'close_title', 'delete', 'edit', 'filter', 'grip', 'grip_title', 'off', 'on', 'play', 'playdisabled', 'printer', 'resize',
|
'bank', 'close_title', 'delete', 'edit', 'ellipsis-h', 'filter', 'grip', 'grip_title', 'off', 'on', 'play', 'playdisabled', 'printer', 'resize',
|
||||||
'switch_off', 'switch_on', 'unlink', 'uparrow')
|
'switch_off', 'switch_on', 'unlink', 'uparrow')
|
||||||
)) {
|
)) {
|
||||||
$fakey = $pictowithoutext;
|
$fakey = $pictowithoutext;
|
||||||
|
|||||||
@@ -57,4 +57,5 @@ ErrorInsertingComment=There was an error while inserting your comment
|
|||||||
MoreChoices=Enter more choices for the voters
|
MoreChoices=Enter more choices for the voters
|
||||||
SurveyExpiredInfo=The poll has been closed or voting delay has expired.
|
SurveyExpiredInfo=The poll has been closed or voting delay has expired.
|
||||||
EmailSomeoneVoted=%s has filled a line.\nYou can find your poll at the link: \n%s
|
EmailSomeoneVoted=%s has filled a line.\nYou can find your poll at the link: \n%s
|
||||||
ShowSurvey=Show survey
|
ShowSurvey=Show survey
|
||||||
|
UserMustBeSameThanUserUsedToVote=You must have voted and use the same user name, that the one used to vote, to post a comment
|
||||||
@@ -66,22 +66,28 @@ if (GETPOST('ajoutcomment','alpha'))
|
|||||||
|
|
||||||
$error=0;
|
$error=0;
|
||||||
|
|
||||||
if (! GETPOST('comment','none'))
|
$comment = GETPOST("comment",'none');
|
||||||
|
$comment_user = GETPOST('commentuser','nohtml');
|
||||||
|
|
||||||
|
if (! $comment)
|
||||||
{
|
{
|
||||||
$error++;
|
$error++;
|
||||||
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Comment")), null, 'errors');
|
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Comment")), null, 'errors');
|
||||||
}
|
}
|
||||||
if (! GETPOST('commentuser','nohtml'))
|
if (! $comment_user)
|
||||||
{
|
{
|
||||||
$error++;
|
$error++;
|
||||||
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("User")), null, 'errors');
|
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("User")), null, 'errors');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (! in_array($comment_user, $listofvoters))
|
||||||
|
{
|
||||||
|
setEventMessages($langs->trans("UserMustBeSameThanUserUsedToVote"), null, 'errors');
|
||||||
|
$error++;
|
||||||
|
}
|
||||||
|
|
||||||
if (! $error)
|
if (! $error)
|
||||||
{
|
{
|
||||||
$comment = GETPOST("comment",'none');
|
|
||||||
$comment_user = GETPOST('commentuser','nohtml');
|
|
||||||
|
|
||||||
$resql = $object->addComment($comment, $comment_user);
|
$resql = $object->addComment($comment, $comment_user);
|
||||||
|
|
||||||
if (! $resql) dol_print_error($db);
|
if (! $resql) dol_print_error($db);
|
||||||
@@ -729,8 +735,12 @@ if ($comments)
|
|||||||
print "<br><b>" . $langs->trans("CommentsOfVoters") . ":</b><br>\n";
|
print "<br><b>" . $langs->trans("CommentsOfVoters") . ":</b><br>\n";
|
||||||
|
|
||||||
foreach ($comments as $obj) {
|
foreach ($comments as $obj) {
|
||||||
|
// ligne d'un usager pré-authentifié
|
||||||
|
//$mod_ok = (in_array($obj->name, $listofvoters));
|
||||||
|
|
||||||
print '<div class="comment"><span class="usercomment">';
|
print '<div class="comment"><span class="usercomment">';
|
||||||
if (in_array($obj->usercomment, $listofvoters)) print '<a href="'.$_SERVER["PHP_SELF"].'?deletecomment='.$obj->id_comment.'&sondage='.$numsondage.'"> '.img_picto('', 'delete.png').'</a> ';
|
if (in_array($obj->usercomment, $listofvoters)) print '<a href="'.$_SERVER["PHP_SELF"].'?deletecomment='.$obj->id_comment.'&sondage='.$numsondage.'"> '.img_picto('', 'delete.png', '', false, 0, 0, '', 'nomarginleft').'</a> ';
|
||||||
|
//else print img_picto('', 'ellipsis-h', '', false, 0, 0, '', 'nomarginleft').' ';
|
||||||
print dol_htmlentities($obj->usercomment).':</span> <span class="comment">'.dol_nl2br(dol_htmlentities($obj->comment))."</span></div>";
|
print dol_htmlentities($obj->usercomment).':</span> <span class="comment">'.dol_nl2br(dol_htmlentities($obj->comment))."</span></div>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -722,6 +722,9 @@ select.flat.selectlimit {
|
|||||||
.marginleftonly {
|
.marginleftonly {
|
||||||
margin-left: 10px !important;
|
margin-left: 10px !important;
|
||||||
}
|
}
|
||||||
|
.nomarginleft {
|
||||||
|
margin-left: 0px !important;
|
||||||
|
}
|
||||||
.selectlimit, .selectlimit:focus {
|
.selectlimit, .selectlimit:focus {
|
||||||
border-left: none !important;
|
border-left: none !important;
|
||||||
border-top: none !important;
|
border-top: none !important;
|
||||||
|
|||||||
@@ -716,6 +716,9 @@ select.flat.selectlimit {
|
|||||||
.marginleftonly {
|
.marginleftonly {
|
||||||
margin-left: 10px !important;
|
margin-left: 10px !important;
|
||||||
}
|
}
|
||||||
|
.nomarginleft {
|
||||||
|
margin-left: 0px !important;
|
||||||
|
}
|
||||||
.selectlimit, .selectlimit:focus {
|
.selectlimit, .selectlimit:focus {
|
||||||
border-left: none !important;
|
border-left: none !important;
|
||||||
border-top: none !important;
|
border-top: none !important;
|
||||||
|
|||||||
Reference in New Issue
Block a user