Skip to content

Commit

Permalink
fix(formanswer): missing validation checks when user updates a refuse…
Browse files Browse the repository at this point in the history
…d form

Signed-off-by: Thierry Bugier <tbugier@teclib.com>
  • Loading branch information
btry committed Jul 25, 2020
1 parent ca600d4 commit 788ac89
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 2 deletions.
4 changes: 3 additions & 1 deletion front/formanswer.form.php
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,9 @@
$formanswer->redirectToList();

} else if (isset($_POST['save_formanswer'])) {
$formanswer->updateAnswers($_POST);
if (!$formanswer->updateAnswers($_POST)) {
Html::back();
}
if (plugin_formcreator_replaceHelpdesk()) {
$issue = new PluginFormcreatorIssue();
$issue->redirectToList();
Expand Down
28 changes: 27 additions & 1 deletion inc/formanswer.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -848,10 +848,36 @@ public function updateAnswers($input) {
$form->getFromDB((int) $input['plugin_formcreator_forms_id']);
$input['status'] = self::STATUS_WAITING;

$valid = true;
$fieldValidities = [];

$fields = $form->getFields();
foreach ($fields as $id => $question) {
$fields[$id]->parseAnswerValues($input);
$fieldValidities[$id] = $fields[$id]->parseAnswerValues($input);
}
// any invalid field will invalidate the answers
$valid = !in_array(false, $fieldValidities, true);

// Mandatory field must be filled
// and fields must contain a value matching the constraints of the field (range for example)
if ($valid) {
foreach ($fields as $id => $field) {
if (!$fields[$id]->isPrerequisites()) {
continue;
}
if (PluginFormcreatorFields::isVisible($field->getQuestion(), $fields) && !$fields[$id]->isValid()) {
$valid = false;
break;
}
}
}

if (!$valid) {
// Save answers in session to display it again with the same values
$_SESSION['formcreator']['data'] = Toolbox::stripslashes_deep($input);
return false;
}

return $this->saveAnswers($form, $input, $fields);
}

Expand Down

0 comments on commit 788ac89

Please sign in to comment.