form : allow selected to be disabled and to send correctely the data

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2058 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
2015-03-23 14:53:04 +00:00
parent ede724a76d
commit aa72825d21
1 changed files with 36 additions and 7 deletions
--- a/form.php
+++ b/form.php
@@ -387,12 +387,16 @@ die ("FORM/VERIFY : UNUSED and dirty\n");
            foreach ($field->defaults as $key=>$val)
            {
              $res .= "      <input type='hidden'";
              if (isset ($field->multiple) && $field->multiple !== FALSE)
                $res .= " name='$this->formName"."[".
                        htmlspecialchars ($field->name, ENT_QUOTES)."][".
                        htmlspecialchars ($key, ENT_QUOTES)."]'";
              else
                $res .= " name='$this->formName"."[".
                        htmlspecialchars ($field->name, ENT_QUOTES)."]'";
              $res .= " value='";
-              $res .= htmlspecialchars ($val, ENT_QUOTES)."'";
+              $res .= htmlspecialchars ($key, ENT_QUOTES)."'";
-              $res .= "/>";
+              $res .= "/>\n";
            }
          }
@@ -445,6 +449,8 @@ die ("FORM/VERIFY : UNUSED and dirty\n");
      case "submit":
        // No $field->label, $field->multiple, $field->error
        $res .= "<div class='form-group'>\n";
        $res .= "    <div class='col-sm-12'>\n";
        $res .= "      <input type='submit'";
        $res .= " name='$this->formName"."[".
                htmlspecialchars ($field->name, ENT_QUOTES)."]'";
@@ -461,6 +467,8 @@ die ("FORM/VERIFY : UNUSED and dirty\n");
        if (isset ($field->hidden) && $field->hidden !== FALSE)
          $res .= " style='display:none'";
        $res .= "/>\n";
        $res .= "    </div>\n";
        $res .= "  </div>\n";
        break;
      default:
@@ -597,6 +605,10 @@ class csrf
    $this->csrfToken = $s;
    $_SESSION["domframework"]["form"]["csrf"] = $this->csrfToken;
    $_SESSION["domframework"]["form"]["csrfStart"] = microtime (TRUE);
 file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."createToken : $this->csrfToken\n", FILE_APPEND);
 file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ").$_SERVER["REQUEST_METHOD"]."-".$_SERVER["REQUEST_URI"]."\n", FILE_APPEND);
 $e = new Exception();
 file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e->getTraceAsString()."\n"), TRUE), FILE_APPEND);
    return $this->csrfToken;
  }
@@ -605,24 +617,41 @@ class csrf
      @param string $tokenFromUser The value form the user's token */
  public function checkToken ($tokenFromUser)
  {
 file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser)\n", FILE_APPEND);
 file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ").$_SERVER["REQUEST_METHOD"]."-".$_SERVER["REQUEST_URI"]."\n", FILE_APPEND);
 $e = new Exception();
 file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e->getTraceAsString()."\n"), TRUE), FILE_APPEND);
    if ($this->csrf === FALSE )
      return TRUE;
    if (! isset ($_SESSION["domframework"]["form"]["csrf"]))
    {
 file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser) : No previous CSRF token\n", FILE_APPEND);
      throw new Exception (dgettext("domframework", 
                                    "No previous CSRF token : abort"));
    }
    if ($_SESSION["domframework"]["form"]["csrf"] !== $tokenFromUser)
    {
 file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser) : Invalid CSRF token provided\n", FILE_APPEND);
      throw new Exception (dgettext("domframework", 
                                    "Invalid CSRF token provided"));
    }
    if (($_SESSION["domframework"]["form"]["csrfStart"] + $this->csrfTimeout) <
        microtime (TRUE))
    {
 file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser) : Obsolete CSRF token provided\n", FILE_APPEND);
      throw new Exception (dgettext("domframework", 
                                    "Obsolete CSRF token provided"));
    }
    return TRUE;
  }
  /** Return the CSRF token in a hidden field */
  public function displayFormCSRF ()
  {
 file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."displayFormCSRF\n", FILE_APPEND);
 file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ").$_SERVER["REQUEST_METHOD"]."-".$_SERVER["REQUEST_URI"]."\n", FILE_APPEND);
 $e = new Exception();
 file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e->getTraceAsString()."\n"), TRUE), FILE_APPEND);
    if ($this->csrfToken == "")
      $this->createToken ();
    $res = "<input type='hidden' name='$this->field' ";