Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

form : allow selected to be disabled and to send correctely the data

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2058 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2015-03-23 14:53:04 +00:00
parent ede724a76d
commit aa72825d21
1 changed files with 36 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
form.php
View File

@@ -386,13 +386,17 @@ die ("FORM/VERIFY : UNUSED and dirty\n");
{ {
foreach ($field->defaults as $key=>$val) foreach ($field->defaults as $key=>$val)
{ {
$res .= "<input type='hidden'"; $res .= " <input type='hidden'";
if (isset ($field->multiple) && $field->multiple !== FALSE)
$res .= " name='$this->formName"."[". $res .= " name='$this->formName"."[".
htmlspecialchars ($field->name, ENT_QUOTES)."][". htmlspecialchars ($field->name, ENT_QUOTES)."][".
htmlspecialchars ($key, ENT_QUOTES)."]'"; htmlspecialchars ($key, ENT_QUOTES)."]'";
else
$res .= " name='$this->formName"."[".
htmlspecialchars ($field->name, ENT_QUOTES)."]'";
$res .= " value='"; $res .= " value='";
$res .= htmlspecialchars ($val, ENT_QUOTES)."'"; $res .= htmlspecialchars ($key, ENT_QUOTES)."'";
$res .= "/>"; $res .= "/>\n";
} }
} }
@@ -445,7 +449,9 @@ die ("FORM/VERIFY : UNUSED and dirty\n");
case "submit": case "submit":
// No $field->label, $field->multiple, $field->error // No $field->label, $field->multiple, $field->error
$res .= "<input type='submit'"; $res .= "<div class='form-group'>\n";
$res .= " <div class='col-sm-12'>\n";
$res .= " <input type='submit'";
$res .= " name='$this->formName"."[". $res .= " name='$this->formName"."[".
htmlspecialchars ($field->name, ENT_QUOTES)."]'"; htmlspecialchars ($field->name, ENT_QUOTES)."]'";
$res .= " id='$this->formName"."_". $res .= " id='$this->formName"."_".
@@ -461,6 +467,8 @@ die ("FORM/VERIFY : UNUSED and dirty\n");
if (isset ($field->hidden) && $field->hidden !== FALSE) if (isset ($field->hidden) && $field->hidden !== FALSE)
$res .= " style='display:none'"; $res .= " style='display:none'";
$res .= "/>\n"; $res .= "/>\n";
$res .= " </div>\n";
$res .= " </div>\n";
break; break;
default: default:
@@ -597,6 +605,10 @@ class csrf
$this->csrfToken = $s; $this->csrfToken = $s;
$_SESSION["domframework"]["form"]["csrf"] = $this->csrfToken; $_SESSION["domframework"]["form"]["csrf"] = $this->csrfToken;
$_SESSION["domframework"]["form"]["csrfStart"] = microtime (TRUE); $_SESSION["domframework"]["form"]["csrfStart"] = microtime (TRUE);
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."createToken : $this->csrfToken\n", FILE_APPEND);
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ").$_SERVER["REQUEST_METHOD"]."-".$_SERVER["REQUEST_URI"]."\n", FILE_APPEND);
$e = new Exception();
file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e->getTraceAsString()."\n"), TRUE), FILE_APPEND);
return $this->csrfToken; return $this->csrfToken;
} }
@@ -605,24 +617,41 @@ class csrf
@param string $tokenFromUser The value form the user's token */ @param string $tokenFromUser The value form the user's token */
public function checkToken ($tokenFromUser) public function checkToken ($tokenFromUser)
{ {
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser)\n", FILE_APPEND);
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ").$_SERVER["REQUEST_METHOD"]."-".$_SERVER["REQUEST_URI"]."\n", FILE_APPEND);
$e = new Exception();
file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e->getTraceAsString()."\n"), TRUE), FILE_APPEND);
if ($this->csrf === FALSE ) if ($this->csrf === FALSE )
return TRUE; return TRUE;
if (! isset ($_SESSION["domframework"]["form"]["csrf"])) if (! isset ($_SESSION["domframework"]["form"]["csrf"]))
{
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser) : No previous CSRF token\n", FILE_APPEND);
throw new Exception (dgettext("domframework", throw new Exception (dgettext("domframework",
"No previous CSRF token : abort")); "No previous CSRF token : abort"));
}
if ($_SESSION["domframework"]["form"]["csrf"] !== $tokenFromUser) if ($_SESSION["domframework"]["form"]["csrf"] !== $tokenFromUser)
{
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser) : Invalid CSRF token provided\n", FILE_APPEND);
throw new Exception (dgettext("domframework", throw new Exception (dgettext("domframework",
"Invalid CSRF token provided")); "Invalid CSRF token provided"));
}
if (($_SESSION["domframework"]["form"]["csrfStart"] + $this->csrfTimeout) < if (($_SESSION["domframework"]["form"]["csrfStart"] + $this->csrfTimeout) <
microtime (TRUE)) microtime (TRUE))
{
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser) : Obsolete CSRF token provided\n", FILE_APPEND);
throw new Exception (dgettext("domframework", throw new Exception (dgettext("domframework",
"Obsolete CSRF token provided")); "Obsolete CSRF token provided"));
}
return TRUE; return TRUE;
} }
/** Return the CSRF token in a hidden field */ /** Return the CSRF token in a hidden field */
public function displayFormCSRF () public function displayFormCSRF ()
{ {
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."displayFormCSRF\n", FILE_APPEND);
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ").$_SERVER["REQUEST_METHOD"]."-".$_SERVER["REQUEST_URI"]."\n", FILE_APPEND);
$e = new Exception();
file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e->getTraceAsString()."\n"), TRUE), FILE_APPEND);
if ($this->csrfToken == "") if ($this->csrfToken == "")
$this->createToken (); $this->createToken ();
$res = "<input type='hidden' name='$this->field' "; $res = "<input type='hidden' name='$this->field' ";