[geeklog-cvs] geeklog: Fixed handling of poll IDs in Polls editor (bug #0000753)

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Fri Oct 3 16:16:02 EDT 2008 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/acd44b7538e0
changeset: 6417:acd44b7538e0
user:      Dirk Haun <dirk at haun-online.de>
date:      Fri Oct 03 22:15:16 2008 +0200
description:
Fixed handling of poll IDs in Polls editor (bug #0000753)

diffstat:

3 files changed, 53 insertions(+), 14 deletions(-)
plugins/polls/templates/admin/polleditor.thtml |    9 +++-
public_html/admin/plugins/polls/index.php      |   54 ++++++++++++++++++------
public_html/docs/history                       |    4 +

diffs (151 lines):

diff -r 47b75abdf9bc -r acd44b7538e0 plugins/polls/templates/admin/polleditor.thtml
--- a/plugins/polls/templates/admin/polleditor.thtml	Fri Oct 03 20:26:20 2008 +0200
+++ b/plugins/polls/templates/admin/polleditor.thtml	Fri Oct 03 22:15:16 2008 +0200
@@ -4,7 +4,7 @@
                                     <table cellspacing="0" cellpadding="2" width="100%">
                                         <tr>
                                             <td align="right">{lang_pollid}:</td>
-                                            <td><input type="text" dir="ltr" name="pid" value="{poll_id}" size="20"{xhtml}> {lang_donotusespaces}</td>
+                                            <td><input type="text" dir="ltr" name="pid" value="{poll_id}" size="20" maxlength="20"{xhtml}> {lang_donotusespaces}</td>
                                         </tr>
                                         <tr>
                                             <td align="right">{lang_topic}:</td>
@@ -42,5 +42,10 @@
                                     <p>{lang_permissionskey}</p>
                                     <div>{permissions_editor}</div>
                                     <p>{lang_permissions_msg}</p>
-                                    <p><input type="submit" name="mode" value="{lang_save}"{xhtml}><input type="submit" name="mode" value="{lang_cancel}"{xhtml}>{delete_option}<input type="hidden" name="{gltoken_name}" value="{gltoken}"{xhtml}></p>
+                                    <p>
+                                    <input type="submit" name="mode" value="{lang_save}"{xhtml}>
+                                    <input type="submit" name="mode" value="{lang_cancel}"{xhtml}>{delete_option}
+                                    <input type="hidden" name="{gltoken_name}" value="{gltoken}"{xhtml}>
+                                    <input type="hidden" value="{poll_id}" name="old_pid"{xhtml}>
+                                    </p>
                                 </form>
diff -r 47b75abdf9bc -r acd44b7538e0 public_html/admin/plugins/polls/index.php
--- a/public_html/admin/plugins/polls/index.php	Fri Oct 03 20:26:20 2008 +0200
+++ b/public_html/admin/plugins/polls/index.php	Fri Oct 03 22:15:16 2008 +0200
@@ -124,6 +124,7 @@
 * Saves a poll topic and potential answers to the database
 *
 * @param    string  $pid            Poll topic ID
+* @param    string  $old_pid        Previous poll topic ID
 * @param    array   $Q              Array of poll questions
 * @param    string  $mainpage       Checkbox: poll appears on homepage
 * @param    string  $topic          The text for the topic
@@ -143,9 +144,9 @@
 * @return   string                  HTML redirect or error message
 *
 */
-function savepoll($pid, $Q, $mainpage, $topic, $statuscode, $open, $hideresults,
-                  $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner,
-                  $perm_group, $perm_members, $perm_anon)
+function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $statuscode, $open,
+                  $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id,
+                  $perm_owner, $perm_group, $perm_members, $perm_anon)
 
 {
     global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE,
@@ -156,8 +157,16 @@
     // Convert array values to numeric permission values
     list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
 
+    $topic = COM_stripslashes($topic);
     $pid = COM_sanitizeID($pid);
-    $topic = COM_stripslashes($topic);
+    $old_pid = COM_sanitizeID($old_pid);
+    if (empty($pid)) {
+        if (empty($old_pid)) {
+            $pid = COM_makeSid();
+        } else {
+            $pid = $old_pid;
+        }
+    }
 
     // check if any question was entered
     if (empty($topic) or (sizeof($Q) == 0) or (strlen($Q[0]) == 0) or
@@ -177,12 +186,21 @@
                            . '/plugins/polls/index.php');
     }
 
+    // check for poll id change
+    if (!empty($old_pid) && ($pid != $old_pid)) {
+        // check if new pid is already in use
+        if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
+            // TBD: abort, display editor with all content intact again
+            $pid = $old_pid; // for now ...
+        }
+    }
+
     // start processing the poll topic
     if ($_POLL_VERBOSE) {
         COM_errorLog ('**** Inside savepoll() in '
                       . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
     }
-    $pid = str_replace (' ', '', $pid); // strip spaces from poll id
+
     $access = 0;
     if (DB_count ($_TABLES['polltopics'], 'pid', $pid) > 0) {
         $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
@@ -217,10 +235,15 @@
         COM_errorLog('member permissions: ' . $perm_members, 1);
         COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
     }
+
     // we delete everything and re-create it with the input from the form
-    DB_delete ($_TABLES['polltopics'], 'pid', $pid);
-    DB_delete ($_TABLES['pollanswers'], 'pid', $pid);
-    DB_delete ($_TABLES['pollquestions'], 'pid', $pid);
+    $del_pid = $pid;
+    if (!empty($old_pid) && ($pid != $old_pid)) {
+        $del_pid = $old_pid; // delete by old pid, create using new pid below
+    }
+    DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
+    DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
+    DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
 
     $topic = addslashes ($topic);
 
@@ -531,8 +554,15 @@
     $display .= editpoll ($pid);
     $display .= COM_siteFooter ();
 } elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save'])) {
-    $pid = COM_applyFilter ($_POST['pid']);
-    if (!empty ($pid)) {
+    $pid = COM_applyFilter($_POST['pid']);
+    $old_pid = '';
+    if (isset($_POST['old_pid'])) {
+        $old_pid = COM_applyFilter($_POST['old_pid']);
+    }
+    if (empty($pid) && !empty($old_pid)) {
+        $pid = $old_pid;
+    }
+    if (!empty($pid)) {
         $statuscode = 0;
         if (isset ($_POST['statuscode'])) {
             $statuscode = COM_applyFilter ($_POST['statuscode'], true);
@@ -549,8 +579,8 @@
         if (isset ($_POST['hideresults'])) {
             $hideresults = COM_applyFilter ($_POST['hideresults']);
         }
-        $display .= savepoll ($pid, $_POST['question'], $mainpage, $_POST['topic'],
-                        $statuscode, $open, $hideresults,
+        $display .= savepoll ($pid, $old_pid, $_POST['question'], $mainpage,
+                        $_POST['topic'], $statuscode, $open, $hideresults,
                         COM_applyFilter ($_POST['commentcode'], true),
                         $_POST['answer'], $_POST['votes'], $_POST['remark'],
                         COM_applyFilter ($_POST['owner_id'], true),
diff -r 47b75abdf9bc -r acd44b7538e0 public_html/docs/history
--- a/public_html/docs/history	Fri Oct 03 20:26:20 2008 +0200
+++ b/public_html/docs/history	Fri Oct 03 22:15:16 2008 +0200
@@ -21,6 +21,10 @@
 
 - Updated Polish language files, provided by Robert Stadnik
 - Updated Slovenian language file for the Links plugin, provided by gape
+
+Polls plugin
+------------
+- Fixed handling of poll IDs in Polls editor (bug #0000753) [Dirk]
 
 Static Pages plugin
 -------------------

More information about the geeklog-cvs mailing list