FIX Only voters can send comments in public survey page

htdocs/core/lib/functions.lib.php

@@ -3097,7 +3097,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
 
 		//if (in_array($picto, array('switch_off', 'switch_on', 'off', 'on')))
 		if (empty($srconly) && in_array($pictowithoutext, array(
-				'bank', 'close_title', 'delete', 'edit', 'filter', 'grip', 'grip_title', 'off', 'on', 'play', 'playdisabled', 'printer', 'resize',
+				'bank', 'close_title', 'delete', 'edit', 'ellipsis-h', 'filter', 'grip', 'grip_title', 'off', 'on', 'play', 'playdisabled', 'printer', 'resize',
 				'switch_off', 'switch_on', 'unlink', 'uparrow')
 			)) {
 			$fakey = $pictowithoutext;

htdocs/langs/en_US/opensurvey.lang

@@ -58,3 +58,4 @@ MoreChoices=Enter more choices for the voters
 SurveyExpiredInfo=The poll has been closed or voting delay has expired.
 EmailSomeoneVoted=%s has filled a line.\nYou can find your poll at the link: \n%s
 ShowSurvey=Show survey
+UserMustBeSameThanUserUsedToVote=You must have voted and use the same user name, that the one used to vote, to post a comment

htdocs/public/opensurvey/studs.php

@@ -66,22 +66,28 @@ if (GETPOST('ajoutcomment','alpha'))
 
 	$error=0;
 
-	if (! GETPOST('comment','none'))
+	$comment = GETPOST("comment",'none');
+	$comment_user = GETPOST('commentuser','nohtml');
+
+	if (! $comment)
 	{
 		$error++;
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Comment")), null, 'errors');
 	}
-	if (! GETPOST('commentuser','nohtml'))
+	if (! $comment_user)
 	{
 		$error++;
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("User")), null, 'errors');
 	}
 
+	if (! in_array($comment_user, $listofvoters))
+	{
+		setEventMessages($langs->trans("UserMustBeSameThanUserUsedToVote"), null, 'errors');
+		$error++;
+	}
+
 	if (! $error)
 	{
-		$comment = GETPOST("comment",'none');
-		$comment_user = GETPOST('commentuser','nohtml');
-
 		$resql = $object->addComment($comment, $comment_user);
 
 		if (! $resql) dol_print_error($db);
@@ -729,8 +735,12 @@ if ($comments)
 	print "<br><b>" . $langs->trans("CommentsOfVoters") . ":</b><br>\n";
 
 	foreach ($comments as $obj) {
+		// ligne d'un usager pré-authentifié
+		//$mod_ok = (in_array($obj->name, $listofvoters));
+
 		print '<div class="comment"><span class="usercomment">';
-		if (in_array($obj->usercomment, $listofvoters)) print '<a href="'.$_SERVER["PHP_SELF"].'?deletecomment='.$obj->id_comment.'&sondage='.$numsondage.'"> '.img_picto('', 'delete.png').'</a> ';
+		if (in_array($obj->usercomment, $listofvoters)) print '<a href="'.$_SERVER["PHP_SELF"].'?deletecomment='.$obj->id_comment.'&sondage='.$numsondage.'"> '.img_picto('', 'delete.png', '', false, 0, 0, '', 'nomarginleft').'</a> ';
+		//else print img_picto('', 'ellipsis-h', '', false, 0, 0, '', 'nomarginleft').' ';
 		print dol_htmlentities($obj->usercomment).':</span> <span class="comment">'.dol_nl2br(dol_htmlentities($obj->comment))."</span></div>";
 	}
 }

htdocs/theme/eldy/style.css.php

@@ -722,6 +722,9 @@ select.flat.selectlimit {
 .marginleftonly {
 	margin-left: 10px !important;
 }
+.nomarginleft {
+	margin-left: 0px !important;
+}
 .selectlimit, .selectlimit:focus {
     border-left: none !important;
     border-top: none !important;

htdocs/theme/md/style.css.php

@@ -716,6 +716,9 @@ select.flat.selectlimit {
 .marginleftonly {
 	margin-left: 10px !important;
 }
+.nomarginleft {
+	margin-left: 0px !important;
+}
 .selectlimit, .selectlimit:focus {
     border-left: none !important;
     border-top: none !important;