Fix wiki forms in public group, a=chris
Fix wiki forms in public group, a=chris
diff --git a/src/controllers/StaticController.php b/src/controllers/StaticController.php
index e7b6cf62e..3fa3f3df9 100644
--- a/src/controllers/StaticController.php
+++ b/src/controllers/StaticController.php
@@ -80,15 +80,18 @@ class StaticController extends Controller
$data = array_merge($data, $this->call($activity));
if (isset($_SESSION['USER_ID'])) {
$user = $_SESSION['USER_ID'];
+ $data['ADMIN'] = 1;
} else {
$user = L\remoteAddress();
}
$data[C\CSRF_TOKEN] = $this->generateCSRFToken($user);
- if (isset($_SESSION['USER_ID'])) {
- $user_id = $_SESSION['USER_ID'];
- $data['ADMIN'] = 1;
- } else {
- $user_id = L\remoteAddress();
+ if ((!empty($_POST['RCSVFORM']) || !empty($_POST['CSVFORM']))
+ && !empty($_POST[C\CSRF_TOKEN])) {
+ $this->component("social")->processWikiFormData($data, $user,
+ C\PUBLIC_GROUP_ID, $data["SUB_PATH"] ?? "");
+ }
+ if (strpos($data["PAGE"] ?? "", "[{image-captcha}]") !== false) {
+ $this->setupGraphicalCaptchaViewData($data);
}
$this->initializeAdFields($data);
$this->displayView($view, $data);
@@ -120,6 +123,7 @@ class StaticController extends Controller
$page = "404";
$page_string = $this->getPage($page);
}
+ $data['PAGE'] = explode("END_HEAD_VARS", $page_string)[1];
if (!isset($data["INCLUDE_SCRIPTS"])) {
$data["INCLUDE_SCRIPTS"] = [];
}
@@ -148,9 +152,6 @@ class StaticController extends Controller
EOD;
}
}
- if (strpos($page_string, "[{image-captcha}]") !== false) {
- $this->setupGraphicalCaptchaViewData($data);
- }
if (strpos($page_string, "spreadsheet_data") !== false) {
if (!in_array("spreadsheet", $data["INCLUDE_SCRIPTS"])) {
$data["INCLUDE_SCRIPTS"][] = "spreadsheet";
diff --git a/src/controllers/components/SocialComponent.php b/src/controllers/components/SocialComponent.php
index c72047188..cf6af1dd0 100644
--- a/src/controllers/components/SocialComponent.php
+++ b/src/controllers/components/SocialComponent.php
@@ -3573,7 +3573,7 @@ class SocialComponent extends Component implements CrawlConstants
* @param int $group_id group in which wiki page belongs
* @param string $sub_path any path within wiki page folder for resources
*/
- private function processWikiFormData($data, $user_id, $group_id,
+ public function processWikiFormData($data, $user_id, $group_id,
$sub_path)
{
$parent = $this->parent;
@@ -3581,7 +3581,6 @@ class SocialComponent extends Component implements CrawlConstants
if (empty($data['PAGE_ID']) || empty($group_id)) {
return;
}
- $user_id = $_SESSION['USER_ID'] ?? C\PUBLIC_USER_ID;
$default_folders = $group_model->getGroupPageResourcesFolders($group_id,
$data['PAGE_ID']);
$csv_filepath = $default_folders[0] . '/' . C\WIKI_FORM_CSV_FILE;
@@ -3590,8 +3589,9 @@ class SocialComponent extends Component implements CrawlConstants
tl('social_component_page_data_expired'),
['arg', 'page_name', 'settings', 'caret', 'scroll_top', 'sf']);
}
+ $page = $data['PAGE'];
$tmp_page = preg_replace("/\[{form\-hash(.+?)}\]/", "[{form-hash}]",
- $data['PAGE']);
+ $page);
$csv_form_hash = L\crawlHash(C\AUTH_KEY . $_POST[C\CSRF_TOKEN] .
L\crawlHash($tmp_page));
if ($csv_form_hash != $_POST['CSV_FORM_HASH']) {
diff --git a/src/views/elements/WikiElement.php b/src/views/elements/WikiElement.php
index 9c8dc37ab..ec2537da5 100644
--- a/src/views/elements/WikiElement.php
+++ b/src/views/elements/WikiElement.php
@@ -2115,6 +2115,9 @@ class WikiElement extends Element implements CrawlConstants
$csrf_token = "";
$no_amp_csrf_token = "";
$no_right_amp_csrf_token = "";
+ $resource_csrf_token = "";
+ $resource_no_amp_csrf_token = "";
+ $resource_no_right_amp_csrf_token = "";
if (!empty($data['ADMIN'])) {
$resource_token = $data[C\CSRF_TOKEN];
if ($group_id == C\PUBLIC_GROUP_ID ||