tonyair/silverstripe-userforms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-userforms.git synced 2024-06-25 22:19:36 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #180 from silverstripe-rebelalliance/issue69

Browse Source 
BUG: Fixes #69 by adding a check to see if the form has been processed
This commit is contained in:
Will Rossiter 2014-01-05 19:13:46 -08:00
commit 44ab7a507b
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
code/model/UserDefinedForm.php
View File

@ -1045,6 +1045,12 @@ JS
Session::clear("FormInfo.{$form->FormName()}.data");
$referrer = (isset($data['Referrer'])) ? '?referrer=' . urlencode($data['Referrer']) : "";
// set a session variable from the security ID to stop people accessing the finished method directly
if (isset($data['SecurityID'])) {
Session::set('FormProcessed',$data['SecurityID']);
}
return $this->redirect($this->Link() . 'finished' . $referrer);
}
@ -1058,6 +1064,19 @@ JS
public function finished() {
$referrer = isset($_GET['referrer']) ? urldecode($_GET['referrer']) : null;
$formProcessed = Session::get('FormProcessed');
if (!isset($formProcessed)) {
return $this->redirect($this->Link() . $referrer);
} else {
$securityID = Session::get('SecurityID');
// make sure the session matches the SecurityID and is not left over from another form
if ($formProcessed != $securityID) {
return $this->redirect($this->Link() . $referrer);
}
}
// remove the session variable as we do not want it to be re-used
Session::clear('FormProcessed');
return $this->customise(array(
'Content' => $this->customise(
array(

17
tests/UserDefinedFormControllerTest.php
View File

@ -59,10 +59,27 @@ class UserDefinedFormControllerTest extends FunctionalTest {
function testFinished() {
$form = $this->setupFormFrontend();
// set formProcessed and SecurityID to replicate the form being filled out
$this->session()->inst_set('SecurityID', 1);
$this->session()->inst_set('FormProcessed', 1);
$response = $this->get($form->URLSegment.'/finished');
$this->assertContains($form->OnCompleteMessage ,$response->getBody());
}
function testAppendingFinished() {
$form = $this->setupFormFrontend();
// replicate finished being added to the end of the form URL without the form being filled out
$this->session()->inst_set('SecurityID', 1);
$this->session()->inst_set('FormProcessed', null);
$response = $this->get($form->URLSegment.'/finished');
$this->assertNotContains($form->OnCompleteMessage ,$response->getBody());
}
function testForm() {
$form = $this->objFromFixture('UserDefinedForm', 'basic-form-page');