From 96ac0e4bb2aaab161b95127df6db73f7595ce99c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 20 Sep 2021 18:08:25 +0200 Subject: [PATCH] FIX action=deletecomment --- htdocs/opensurvey/card.php | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php index 2885575be23..bc63b319efd 100644 --- a/htdocs/opensurvey/card.php +++ b/htdocs/opensurvey/card.php @@ -156,14 +156,16 @@ if (empty($reshook)) { } // Delete comment - $idcomment = GETPOST('deletecomment', 'int'); - if ($idcomment) { - // Security check - if (!$user->rights->opensurvey->write) { - accessforbidden(); - } + if ($action == 'deletecomment') { + $idcomment = GETPOST('idcomment', 'int'); + if ($idcomment > 0) { + // Security check + if (!$user->rights->opensurvey->write) { + accessforbidden(); + } - $resql = $object->deleteComment($idcomment); + $resql = $object->deleteComment($idcomment); + } } if ($action == 'edit') { @@ -356,7 +358,7 @@ print '
'; if ($action != 'edit' && $user->rights->opensurvey->write) { //Modify button - print ''.$langs->trans("Modify").''; + print ''.$langs->trans("Modify").''; if ($object->status == Opensurveysondage::STATUS_VALIDATED) { //Close button @@ -368,20 +370,23 @@ if ($action != 'edit' && $user->rights->opensurvey->write) { } //Delete button - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } print '
'; if ($action == 'delete') { - print $form->formconfirm($_SERVER["PHP_SELF"].'?&id='.$numsondage, $langs->trans("RemovePoll"), $langs->trans("ConfirmRemovalOfPoll", $id), 'delete_confirm', '', '', 1); + print $form->formconfirm($_SERVER["PHP_SELF"].'?&id='.urlencode($numsondage), $langs->trans("RemovePoll"), $langs->trans("ConfirmRemovalOfPoll", $id), 'delete_confirm', '', '', 1); } -print '
'."\n"; +print ''."\n"; print ''; +print ''; +print ''; +print ''; print load_fiche_titre($langs->trans("CommentsOfVoters"), '', ''); @@ -391,7 +396,7 @@ $comments = $object->getComments(); if ($comments) { foreach ($comments as $comment) { if ($user->rights->opensurvey->write) { - print ' '.img_picto('', 'delete.png', '', false, 0, 0, '', '', 0).' '; + print ' '.img_picto('', 'delete.png', '', false, 0, 0, '', '', 0).' '; } print dol_htmlentities($comment->usercomment).': '.dol_nl2br(dol_htmlentities($comment->comment))."
"; @@ -407,10 +412,7 @@ if ($object->allow_comments) { print $langs->trans("AddACommentForPoll").'
'; print '
'."\n"; print $langs->trans("Name").': '."\n"; - print '
'."\n"; - if (isset($erreur_commentaire_vide) && $erreur_commentaire_vide == "yes") { - print "".$langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Name")).""; - } + print '
'."\n"; } print '
';