From 39aef07c6bb31fcd77cd735460313ed3a01acac8 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 25 Apr 2018 17:14:18 +0200
Subject: [PATCH] FIX Only voters can send comments in public survey page

---
 htdocs/core/lib/functions.lib.php  |  2 +-
 htdocs/langs/en_US/opensurvey.lang |  3 ++-
 htdocs/public/opensurvey/studs.php | 22 ++++++++++++++++------
 htdocs/theme/eldy/style.css.php    |  3 +++
 htdocs/theme/md/style.css.php      |  3 +++
 5 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index d8fa9651d98..dcf4b6fb998 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -3097,7 +3097,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
 
 		//if (in_array($picto, array('switch_off', 'switch_on', 'off', 'on')))
 		if (empty($srconly) && in_array($pictowithoutext, array(
-				'bank', 'close_title', 'delete', 'edit', 'filter', 'grip', 'grip_title', 'off', 'on', 'play', 'playdisabled', 'printer', 'resize',
+				'bank', 'close_title', 'delete', 'edit', 'ellipsis-h', 'filter', 'grip', 'grip_title', 'off', 'on', 'play', 'playdisabled', 'printer', 'resize',
 				'switch_off', 'switch_on', 'unlink', 'uparrow')
 			)) {
 			$fakey = $pictowithoutext;
diff --git a/htdocs/langs/en_US/opensurvey.lang b/htdocs/langs/en_US/opensurvey.lang
index 1f8a90b5657..0819a077f71 100644
--- a/htdocs/langs/en_US/opensurvey.lang
+++ b/htdocs/langs/en_US/opensurvey.lang
@@ -57,4 +57,5 @@ ErrorInsertingComment=There was an error while inserting your comment
 MoreChoices=Enter more choices for the voters
 SurveyExpiredInfo=The poll has been closed or voting delay has expired.
 EmailSomeoneVoted=%s has filled a line.\nYou can find your poll at the link: \n%s
-ShowSurvey=Show survey
\ No newline at end of file
+ShowSurvey=Show survey
+UserMustBeSameThanUserUsedToVote=You must have voted and use the same user name, that the one used to vote, to post a comment
\ No newline at end of file
diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php
index 742b949e27c..32cb5f2e1ba 100644
--- a/htdocs/public/opensurvey/studs.php
+++ b/htdocs/public/opensurvey/studs.php
@@ -66,22 +66,28 @@ if (GETPOST('ajoutcomment','alpha'))
 
 	$error=0;
 
-	if (! GETPOST('comment','none'))
+	$comment = GETPOST("comment",'none');
+	$comment_user = GETPOST('commentuser','nohtml');
+
+	if (! $comment)
 	{
 		$error++;
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Comment")), null, 'errors');
 	}
-	if (! GETPOST('commentuser','nohtml'))
+	if (! $comment_user)
 	{
 		$error++;
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("User")), null, 'errors');
 	}
 
+	if (! in_array($comment_user, $listofvoters))
+	{
+		setEventMessages($langs->trans("UserMustBeSameThanUserUsedToVote"), null, 'errors');
+		$error++;
+	}
+
 	if (! $error)
 	{
-		$comment = GETPOST("comment",'none');
-		$comment_user = GETPOST('commentuser','nohtml');
-
 		$resql = $object->addComment($comment, $comment_user);
 
 		if (! $resql) dol_print_error($db);
@@ -729,8 +735,12 @@ if ($comments)
 	print "<br><b>" . $langs->trans("CommentsOfVoters") . ":</b><br>\n";
 
 	foreach ($comments as $obj) {
+		// ligne d'un usager pré-authentifié
+		//$mod_ok = (in_array($obj->name, $listofvoters));
+
 		print '<div class="comment"><span class="usercomment">';
-		if (in_array($obj->usercomment, $listofvoters)) print '<a href="'.$_SERVER["PHP_SELF"].'?deletecomment='.$obj->id_comment.'&sondage='.$numsondage.'"> '.img_picto('', 'delete.png').'</a> ';
+		if (in_array($obj->usercomment, $listofvoters)) print '<a href="'.$_SERVER["PHP_SELF"].'?deletecomment='.$obj->id_comment.'&sondage='.$numsondage.'"> '.img_picto('', 'delete.png', '', false, 0, 0, '', 'nomarginleft').'</a> ';
+		//else print img_picto('', 'ellipsis-h', '', false, 0, 0, '', 'nomarginleft').' ';
 		print dol_htmlentities($obj->usercomment).':</span> <span class="comment">'.dol_nl2br(dol_htmlentities($obj->comment))."</span></div>";
 	}
 }
diff --git a/htdocs/theme/eldy/style.css.php b/htdocs/theme/eldy/style.css.php
index b7fa85d5194..578ec142ad5 100644
--- a/htdocs/theme/eldy/style.css.php
+++ b/htdocs/theme/eldy/style.css.php
@@ -722,6 +722,9 @@ select.flat.selectlimit {
 .marginleftonly {
 	margin-left: 10px !important;
 }
+.nomarginleft {
+	margin-left: 0px !important;
+}
 .selectlimit, .selectlimit:focus {
     border-left: none !important;
     border-top: none !important;
diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php
index fdc0a3e908b..0cafac9a6c2 100644
--- a/htdocs/theme/md/style.css.php
+++ b/htdocs/theme/md/style.css.php
@@ -716,6 +716,9 @@ select.flat.selectlimit {
 .marginleftonly {
 	margin-left: 10px !important;
 }
+.nomarginleft {
+	margin-left: 0px !important;
+}
 .selectlimit, .selectlimit:focus {
     border-left: none !important;
     border-top: none !important;