From 36c7007aaa0ccf270b1aad3de97733360306dc4e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 20 Aug 2018 19:10:33 +0200
Subject: [PATCH] Add control to avoid duplicate aliases

---
 htdocs/langs/en_US/errors.lang             |  3 +-
 htdocs/website/class/websitepage.class.php |  5 +-
 htdocs/website/index.php                   | 70 ++++++++++++++++++++--
 3 files changed, 71 insertions(+), 7 deletions(-)

diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang
index 5b5382480a1..cf88cf65cc9 100644
--- a/htdocs/langs/en_US/errors.lang
+++ b/htdocs/langs/en_US/errors.lang
@@ -209,6 +209,7 @@ ErrorFileNotFoundWithSharedLink=File was not found. May be the share key was mod
 ErrorProductBarCodeAlreadyExists=The product barcode %s already exists on another product reference.
 ErrorNoteAlsoThatSubProductCantBeFollowedByLot=Note also that using virtual product to have auto increase/decrease of subproducts is not possible when at least one subproduct (or subproduct of subproducts) needs a serial/lot number.
 ErrorDescRequiredForFreeProductLines=Description is mandatory for lines with free product
+ErrorAPageWithThisNameOrAliasAlreadyExists=The page/container <strong>%s</strong> has the same name or alternative alias that the one your try to use
 
 # Warnings
 WarningPasswordSetWithNoAccount=A password was set for this member. However, no user account was created. So this password is stored but can't be used to login to Dolibarr. It may be used by an external module/interface but if you don't need to define any login nor password for a member, you can disable option "Manage a login for each member" from Member module setup. If you need to manage a login but don't need any password, you can keep this field empty to avoid this warning. Note: Email can also be used as a login if the member is linked to a user.  
@@ -231,4 +232,4 @@ WarningSomeLinesWithNullHourlyRate=Some times were recorded by some users while
 WarningYourLoginWasModifiedPleaseLogin=Your login was modified. For security purpose you will have to login with your new login before next action.
 WarningAnEntryAlreadyExistForTransKey=An entry already exists for the translation key for this language
 WarningNumberOfRecipientIsRestrictedInMassAction=Warning, number of different recipient is limited to <b>%s</b> when using the mass actions on lists
-WarningDateOfLineMustBeInExpenseReportRange=Warning, the date of line is not in the range of the expense report
\ No newline at end of file
+WarningDateOfLineMustBeInExpenseReportRange=Warning, the date of line is not in the range of the expense report
diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php
index 10cbc3381f6..d816d1564bb 100644
--- a/htdocs/website/class/websitepage.class.php
+++ b/htdocs/website/class/websitepage.class.php
@@ -125,7 +125,9 @@ class WebsitePage extends CommonObject
 	/**
 	 * Load object in memory from the database
 	 *
-	 * @param int		$id         	Id object. If this is 0, the value into $page will be used. If not found of $page not defined, the default page of website_id will be used or the first page found if not set.
+	 * @param int		$id         	Id object.
+	 * 										If this is 0, the value into $page will be used. If not found of $page not defined, the default page of website_id will be used or the first page found if not set.
+	 * 										If value is < 0, we must exclude this ID.
 	 * @param string	$website_id 	Web site id (page name must also be filled if this parameter is used)
 	 * @param string	$page       	Page name (website id must also be filled if this parameter is used)
 	 * @param string	$aliasalt		Alternative alias to search page (slow)
@@ -162,6 +164,7 @@ class WebsitePage extends CommonObject
 		}
 		else
 		{
+			if ($id < 0) $sql .= ' AND t.rowid <> ' . abs($id);
 			if (null !== $website_id) {
 			    $sql .= " AND t.fk_website = '" . $this->db->escape($website_id) . "'";
 			    if ($page)		$sql .= " AND t.pageurl = '" . $this->db->escape($page) . "'";
diff --git a/htdocs/website/index.php b/htdocs/website/index.php
index 3297d63366b..5a7916f6bd9 100644
--- a/htdocs/website/index.php
+++ b/htdocs/website/index.php
@@ -229,6 +229,7 @@ if ($action == 'addsite')
 	if (! $error && ! GETPOST('WEBSITE_REF','alpha'))
 	{
 		$error++;
+		$langs->load("errors");
 		setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities("Ref")), null, 'errors');
 	}
 	if (! $error && ! preg_match('/^[a-z0-9_\-\.]+$/i', GETPOST('WEBSITE_REF','alpha')))
@@ -962,7 +963,7 @@ if ($action == 'updatemeta')
 {
 	$db->begin();
 
-	$object->fetch(0, $websitekey);
+	$result = $object->fetch(0, $websitekey);
 	$website = $object;
 
 	$objectpage->fk_website = $object->id;
@@ -976,13 +977,59 @@ if ($action == 'updatemeta')
 		$action='editmeta';
 	}
 
-	$res = $objectpage->fetch($pageid, $object->fk_website);
+	$res = $objectpage->fetch($pageid, $object->id);
 	if ($res <= 0)
 	{
 		$error++;
 		setEventMessages('Page not found '.$objectpage->error, $objectpage->errors, 'errors');
 	}
 
+	// Check alias not exists
+	if (! $error && GETPOST('WEBSITE_PAGENAME', 'alpha'))
+	{
+		$websitepagetemp=new WebsitePage($db);
+		$result = $websitepagetemp->fetch(-1 * $objectpage->id, $object->id, GETPOST('WEBSITE_PAGENAME', 'alpha'));
+		if ($result < 0)
+		{
+			$error++;
+			$langs->load("errors");
+			setEventMessages($websitepagetemp->error, $websitepagetemp->errors, 'errors');
+			$action = 'editmeta';
+		}
+		if ($result > 0)
+		{
+			$error++;
+			$langs->load("errors");
+			setEventMessages($langs->trans("ErrorAPageWithThisNameOrAliasAlreadyExists", $websitepagetemp->pageurl), null, 'errors');
+			$action = 'editmeta';
+		}
+	}
+	if (! $error && GETPOST('WEBSITE_ALIASALT', 'alpha'))
+	{
+		$arrayofaliastotest=explode(',', GETPOST('WEBSITE_ALIASALT', 'alpha'));
+		$websitepagetemp=new WebsitePage($db);
+		foreach($arrayofaliastotest as $aliastotest)
+		{
+			$result = $websitepagetemp->fetch(-1 * $objectpage->id, $object->id, $aliastotest);
+			if ($result < 0)
+			{
+				$error++;
+				$langs->load("errors");
+				setEventMessages($websitepagetemp->error, $websitepagetemp->errors, 'errors');
+				$action = 'editmeta';
+				break;
+			}
+			if ($result > 0)
+			{
+				$error++;
+				$langs->load("errors");
+				setEventMessages($langs->trans("ErrorAPageWithThisNameOrAliasAlreadyExists", $websitepagetemp->pageurl), null, 'errors');
+				$action = 'editmeta';
+				break;
+			}
+		}
+	}
+
 	if (! $error)
 	{
 		$objectpage->old_object = clone $objectpage;
@@ -997,10 +1044,23 @@ if ($action == 'updatemeta')
 		$objectpage->htmlheader = trim(GETPOST('htmlheader', 'none'));
 
 		$res = $objectpage->update($user);
-		if (! $res > 0)
+		if (! ($res > 0))
 		{
-			$error++;
-			setEventMessages($objectpage->error, $objectpage->errors, 'errors');
+			$langs->load("errors");
+			if ($db->lasterrno == 'DB_ERROR_RECORD_ALREADY_EXISTS')
+			{
+				$error++;
+				$langs->load("errors");
+				setEventMessages($langs->trans("ErrorAPageWithThisNameOrAliasAlreadyExists"), null, 'errors');
+				$action = 'editmeta';
+			}
+			else
+			{
+				$error++;
+				$langs->load("errors");
+				setEventMessages($objectpage->error, $objectpage->errors, 'errors');
+				$action = 'editmeta';
+			}
 		}
 	}