From cba255f52ccba9ccb60a77fa2d09ea2a62bb2cef Mon Sep 17 00:00:00 2001 From: afornerot Date: Fri, 13 Dec 2019 16:14:58 +0100 Subject: [PATCH] =?UTF-8?q?caract=C3=A8re=20interdit=20dans=20nom=20de=20g?= =?UTF-8?q?roupe=20(fixes=20#61)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/Cadoles/CoreBundle/Command/data/core-init-01.sql | 2 +- .../Cadoles/CoreBundle/Controller/GroupController.php | 7 +++++++ .../Cadoles/CoreBundle/Controller/Niveau01Controller.php | 9 ++++++++- .../Cadoles/CoreBundle/Controller/Niveau02Controller.php | 7 +++++++ .../src/Cadoles/CoreBundle/Controller/UserController.php | 2 +- .../CoreBundle/Resources/views/Group/edit.html.twig | 3 +++ .../CoreBundle/Resources/views/Niveau01/edit.html.twig | 4 ++++ .../CoreBundle/Resources/views/Niveau02/edit.html.twig | 4 ++++ 8 files changed, 35 insertions(+), 3 deletions(-) diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Command/data/core-init-01.sql b/src/ninegate-1.0/src/Cadoles/CoreBundle/Command/data/core-init-01.sql index f9f396ff..ec9460ac 100644 --- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Command/data/core-init-01.sql +++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Command/data/core-init-01.sql @@ -8,7 +8,7 @@ INSERT IGNORE INTO `niveau01` (`id`, `label`, `siren`) VALUES (-100, 'DRAAF', '130007107'); INSERT IGNORE INTO `user` (`id`, `niveau01_id`, `username`, `firstname`, `lastname`, `password`, `email`, `avatar`, `role`,`siren`,`authlevel`) VALUES -(-100, -100, 'admin', 'Administrateur', 'draaf', '{SSHA}aTs3IqgN93ehIEqy93uWTTyxg5wNa+80 +(-100, -100, 'admin', 'Administrateur', 'draaf', '{SSHA}W19NNpFWpdE/5tLu1a2+Fw2KWVZfpZpy ', 'admin@ldapbundle.ac-arno.fr', 'admin.jpg', 'ROLE_ADMIN', '130007107', 'simple'); diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/GroupController.php b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/GroupController.php index c0a40dd6..f26ac5df 100644 --- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/GroupController.php +++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/GroupController.php @@ -1037,6 +1037,13 @@ class GroupController extends Controller $tmp=$this->getEntityBy("CadolesCoreBundle:Niveau02","label",$data->getLabel()); if($tmp) $form->addError(new FormError('Un niveau de rang 02 utilise déjà ce label')); + // On s'assure que le label ne contient pas des caractères speciaux + $string = preg_replace('~[^@a-zA-Z0-9._-]~', '', $data->getLabel()); + if($string!=$data->getLabel()) + { + $form->addError(new FormError('Caractères interdit dans ce label')); + } + if($data->getFgcanshare()&&is_null($data->getPagetemplate())) $form->addError(new FormError("Un groupe de travail doit avoir un modèle de page d'accueil")); } diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/Niveau01Controller.php b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/Niveau01Controller.php index 4e08c28b..e5f5f40f 100644 --- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/Niveau01Controller.php +++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/Niveau01Controller.php @@ -273,7 +273,7 @@ class Niveau01Controller extends Controller if($data->getNiveau02s()->count() > 0) { $form->addError(new FormError('Un niveau de rang 02 utilise ce niveau de rang 01 : suppression impossible')); - } + } } if ($form->get('submit')->isClicked() && ($mode=="submit" || $mode=="update")) { @@ -282,6 +282,13 @@ class Niveau01Controller extends Controller $tmp=$this->getEntityBy("CadolesCoreBundle:Niveau02","label",$data->getLabel()); if($tmp) $form->addError(new FormError('Un niveau de rang 02 utilise déjà ce label')); + + // On s'assure que le label ne contient pas des caractères speciaux + $string = preg_replace('~[^@a-zA-Z0-9._-]~', '', $data->getLabel()); + if($string!=$data->getLabel()) + { + $form->addError(new FormError('Caractères interdit dans ce label')); + } } if ($form->get('submit')->isClicked() && !$form->isValid()) { diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/Niveau02Controller.php b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/Niveau02Controller.php index f05fd500..4a39c44a 100644 --- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/Niveau02Controller.php +++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/Niveau02Controller.php @@ -267,6 +267,13 @@ class Niveau02Controller extends Controller $tmp=$this->getEntityBy("CadolesCoreBundle:Niveau01","label",$data->getLabel()); if($tmp) $form->addError(new FormError('Un niveau de rang 01 utilise déjà ce label')); + + // On s'assure que le label ne contient pas des caractères speciaux + $string = preg_replace('~[^@a-zA-Z0-9._-]~', '', $data->getLabel()); + if($string!=$data->getLabel()) + { + $form->addError(new FormError('Caractères interdit dans ce label')); + } } if ($form->get('submit')->isClicked() && !$form->isValid()) { diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/UserController.php b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/UserController.php index 0c50a841..42521c91 100644 --- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/UserController.php +++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/UserController.php @@ -654,7 +654,7 @@ class UserController extends Controller $fields=$this->getDefaultDatauser(); // Si un acces modo via console d'admin on s'assure qu'il a les droit dessus sinon retour à la liste - if($this->isGranted('ROLE_MODO')&&$access=="config") { + if($this->isGranted('ROLE_MODO')) { $niveau01=$data->getNiveau01(); $modos=$this->get('security.token_storage')->getToken()->getUser()->getmodos(); $fgperm=false; diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Group/edit.html.twig b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Group/edit.html.twig index 25f8f093..56c9d576 100755 --- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Group/edit.html.twig +++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Group/edit.html.twig @@ -45,6 +45,9 @@
{% if form.label is defined %} {{ form_row(form.label) }} +
+ Caractères interdits = accent, espace, caractères spéciaux sauf @ . - _
+
{% if form.fgassoc is defined %} {% if masteridentity=="LDAP" %} diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Niveau01/edit.html.twig b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Niveau01/edit.html.twig index 759a25be..ebc256bd 100755 --- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Niveau01/edit.html.twig +++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Niveau01/edit.html.twig @@ -40,6 +40,10 @@
{{ form_row(form.label) }} +
+ Caractères interdits = accent, espace, caractères spéciaux sauf @ . - _
+
+ {{ form_row(form.siren) }} {{ form_row(form.showsubappname) }} {% if masteridentity=="LDAP" %} diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Niveau02/edit.html.twig b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Niveau02/edit.html.twig index e0619b3b..a73677c3 100755 --- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Niveau02/edit.html.twig +++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Niveau02/edit.html.twig @@ -41,6 +41,10 @@
{{ form_row(form.niveau01) }} {{ form_row(form.label) }} +
+ Caractères interdits = accent, espace, caractères spéciaux sauf @ . - _
+
+ {{ form_row(form.siret) }} {{ form_row(form.postaladress) }}