lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add protection to avoid to overwrite a page with another similar name

Browse Source
This commit is contained in:
Laurent Destailleur 2021-04-11 18:49:17 +02:00
parent 6f6c9058c1
commit 70383cca73
1 changed files with 45 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
htdocs/website/index.php
View File

@ -943,10 +943,45 @@ if ($action == 'addcontainer' && $usercanedit) {
}
}
} else {
$newaliasnames = '';
if (!$error && GETPOST('WEBSITE_ALIASALT', 'alpha')) {
$arrayofaliastotest = explode(',', str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alpha')));
$websitepagetemp = new WebsitePage($db);
foreach ($arrayofaliastotest as $aliastotest) {
$aliastotest = trim(preg_replace('/\.php$/i', '', $aliastotest));
// Disallow alias name pageX (already used to save the page with id)
if (preg_match('/^page\d+/i', $aliastotest)) {
$error++;
$langs->load("errors");
setEventMessages("Alias name 'pageX' is not allowed", null, 'errors');
$action = 'createcontainer';
break;
} else {
$result = $websitepagetemp->fetch(0, $object->id, $aliastotest);
if ($result < 0) {
$error++;
$langs->load("errors");
setEventMessages($websitepagetemp->error, $websitepagetemp->errors, 'errors');
$action = 'createcontainer';
break;
}
if ($result > 0) {
$error++;
$langs->load("errors");
setEventMessages($langs->trans("ErrorAPageWithThisNameOrAliasAlreadyExists", $websitepagetemp->pageurl), null, 'errors');
$action = 'createcontainer';
break;
}
$newaliasnames .= ($newaliasnames ? ', ' : '').$aliastotest;
}
}
}
$objectpage->title = str_replace(array('<', '>'), '', GETPOST('WEBSITE_TITLE', 'alphanohtml'));
$objectpage->type_container = GETPOST('WEBSITE_TYPE_CONTAINER', 'aZ09');
$objectpage->pageurl = GETPOST('WEBSITE_PAGENAME', 'alpha');
$objectpage->aliasalt = str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alphanohtml'));
$objectpage->aliasalt = $newaliasnames;
$objectpage->description = str_replace(array('<', '>'), '', GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml'));
$objectpage->lang = GETPOST('WEBSITE_LANG', 'aZ09');
$objectpage->otherlang = GETPOST('WEBSITE_OTHERLANG', 'aZ09comma');
@ -1632,15 +1667,20 @@ if ($action == 'updatemeta' && $usercanedit) {
$action = 'editmeta';
}
}
$newaliasnames = '';
if (!$error && GETPOST('WEBSITE_ALIASALT', 'alpha')) {
$arrayofaliastotest = explode(',', GETPOST('WEBSITE_ALIASALT', 'alpha'));
$arrayofaliastotest = explode(',', str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alpha')));
$websitepagetemp = new WebsitePage($db);
foreach ($arrayofaliastotest as $aliastotest) {
$aliastotest = trim(preg_replace('/\.php$/i', '', $aliastotest));
// Disallow alias name pageX (already used to save the page with id)
if (preg_match('/^page\d+/i', $aliastotest)) {
$error++;
$langs->load("errors");
setEventMessages("Alias 'pageX' is not allowed", null, 'errors');
setEventMessages("Alias name 'pageX' is not allowed", null, 'errors');
$action = 'editmeta';
break;
} else {
@ -1659,6 +1699,7 @@ if ($action == 'updatemeta' && $usercanedit) {
$action = 'editmeta';
break;
}
$newaliasnames .= ($newaliasnames ? ', ' : '').$aliastotest;
}
}
}
@ -1669,7 +1710,7 @@ if ($action == 'updatemeta' && $usercanedit) {
$objectpage->title = str_replace(array('<', '>'), '', GETPOST('WEBSITE_TITLE', 'alphanohtml'));
$objectpage->type_container = GETPOST('WEBSITE_TYPE_CONTAINER', 'aZ09');
$objectpage->pageurl = GETPOST('WEBSITE_PAGENAME', 'alpha');
$objectpage->aliasalt = str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alphanohtml'));
$objectpage->aliasalt = $newaliasnames;
$objectpage->lang = GETPOST('WEBSITE_LANG', 'aZ09');
$objectpage->otherlang = GETPOST('WEBSITE_OTHERLANG', 'aZ09comma');
$objectpage->description = str_replace(array('<', '>'), '', GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml'));