mirror of
https://github.com/silverstripe/silverstripe-userforms.git
synced 2024-10-22 17:05:42 +02:00
Merge pull request #180 from silverstripe-rebelalliance/issue69
BUG: Fixes #69 by adding a check to see if the form has been processed
This commit is contained in:
commit
44ab7a507b
@ -1045,6 +1045,12 @@ JS
|
||||
Session::clear("FormInfo.{$form->FormName()}.data");
|
||||
|
||||
$referrer = (isset($data['Referrer'])) ? '?referrer=' . urlencode($data['Referrer']) : "";
|
||||
|
||||
|
||||
// set a session variable from the security ID to stop people accessing the finished method directly
|
||||
if (isset($data['SecurityID'])) {
|
||||
Session::set('FormProcessed',$data['SecurityID']);
|
||||
}
|
||||
|
||||
return $this->redirect($this->Link() . 'finished' . $referrer);
|
||||
}
|
||||
@ -1058,6 +1064,19 @@ JS
|
||||
public function finished() {
|
||||
$referrer = isset($_GET['referrer']) ? urldecode($_GET['referrer']) : null;
|
||||
|
||||
$formProcessed = Session::get('FormProcessed');
|
||||
if (!isset($formProcessed)) {
|
||||
return $this->redirect($this->Link() . $referrer);
|
||||
} else {
|
||||
$securityID = Session::get('SecurityID');
|
||||
// make sure the session matches the SecurityID and is not left over from another form
|
||||
if ($formProcessed != $securityID) {
|
||||
return $this->redirect($this->Link() . $referrer);
|
||||
}
|
||||
}
|
||||
// remove the session variable as we do not want it to be re-used
|
||||
Session::clear('FormProcessed');
|
||||
|
||||
return $this->customise(array(
|
||||
'Content' => $this->customise(
|
||||
array(
|
||||
|
@ -59,10 +59,27 @@ class UserDefinedFormControllerTest extends FunctionalTest {
|
||||
|
||||
function testFinished() {
|
||||
$form = $this->setupFormFrontend();
|
||||
|
||||
// set formProcessed and SecurityID to replicate the form being filled out
|
||||
$this->session()->inst_set('SecurityID', 1);
|
||||
$this->session()->inst_set('FormProcessed', 1);
|
||||
|
||||
$response = $this->get($form->URLSegment.'/finished');
|
||||
|
||||
$this->assertContains($form->OnCompleteMessage ,$response->getBody());
|
||||
}
|
||||
|
||||
function testAppendingFinished() {
|
||||
$form = $this->setupFormFrontend();
|
||||
|
||||
// replicate finished being added to the end of the form URL without the form being filled out
|
||||
$this->session()->inst_set('SecurityID', 1);
|
||||
$this->session()->inst_set('FormProcessed', null);
|
||||
|
||||
$response = $this->get($form->URLSegment.'/finished');
|
||||
|
||||
$this->assertNotContains($form->OnCompleteMessage ,$response->getBody());
|
||||
}
|
||||
|
||||
function testForm() {
|
||||
$form = $this->objFromFixture('UserDefinedForm', 'basic-form-page');
|
||||
|
Loading…
Reference in New Issue
Block a user