Skip to content

Commit 788ac89

Browse files
committed
fix(formanswer): missing validation checks when user updates a refused form
Signed-off-by: Thierry Bugier <tbugier@teclib.com>
1 parent ca600d4 commit 788ac89

File tree

2 files changed

+30
-2
lines changed

2 files changed

+30
-2
lines changed

front/formanswer.form.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,9 @@
5959
$formanswer->redirectToList();
6060

6161
} else if (isset($_POST['save_formanswer'])) {
62-
$formanswer->updateAnswers($_POST);
62+
if (!$formanswer->updateAnswers($_POST)) {
63+
Html::back();
64+
}
6365
if (plugin_formcreator_replaceHelpdesk()) {
6466
$issue = new PluginFormcreatorIssue();
6567
$issue->redirectToList();

inc/formanswer.class.php

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -848,10 +848,36 @@ public function updateAnswers($input) {
848848
$form->getFromDB((int) $input['plugin_formcreator_forms_id']);
849849
$input['status'] = self::STATUS_WAITING;
850850

851+
$valid = true;
852+
$fieldValidities = [];
853+
851854
$fields = $form->getFields();
852855
foreach ($fields as $id => $question) {
853-
$fields[$id]->parseAnswerValues($input);
856+
$fieldValidities[$id] = $fields[$id]->parseAnswerValues($input);
857+
}
858+
// any invalid field will invalidate the answers
859+
$valid = !in_array(false, $fieldValidities, true);
860+
861+
// Mandatory field must be filled
862+
// and fields must contain a value matching the constraints of the field (range for example)
863+
if ($valid) {
864+
foreach ($fields as $id => $field) {
865+
if (!$fields[$id]->isPrerequisites()) {
866+
continue;
867+
}
868+
if (PluginFormcreatorFields::isVisible($field->getQuestion(), $fields) && !$fields[$id]->isValid()) {
869+
$valid = false;
870+
break;
871+
}
872+
}
873+
}
874+
875+
if (!$valid) {
876+
// Save answers in session to display it again with the same values
877+
$_SESSION['formcreator']['data'] = Toolbox::stripslashes_deep($input);
878+
return false;
854879
}
880+
855881
return $this->saveAnswers($form, $input, $fields);
856882
}
857883

0 commit comments

Comments
 (0)