Removed unused/unuseful injection checks on open survey creation

Dolibarr · Jan 5, 2014 · 89c6aa2 · 89c6aa2
1 parent dd8d8e8
commit 89c6aa2
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 13 deletions.
diff --git a/htdocs/langs/en_US/opensurvey.lang b/htdocs/langs/en_US/opensurvey.lang
@@ -73,6 +73,5 @@ PublicLinkToCreateSurvey=Public link to allow everybody to create a survey
 ErrorOpenSurveyFillFirstSection=You haven't filled the first section of the poll creation
 ErrorOpenSurveyOneChoice=Enter at least one choice
 ErrorOpenSurveyDateFormat=Date must be have the format DD/MM/YYYY
-ErrorOpenSurveyInvalidChars=Characters \" < and > are not permitted
 MoreChoices=Enter more choices for the voters
 AfterCreationInfo=Once you have confirmed the creation of your poll, you will be automatically redirected on the page of your poll. <br>Then, you will receive quickly an email contening the link to your poll for sending it to the voters.
diff --git a/htdocs/opensurvey/public/choix_autre.php b/htdocs/opensurvey/public/choix_autre.php
@@ -42,7 +42,6 @@
  */
 
 // Set session vars
-$erreur_injection = false;
 if (isset($_SESSION["nbrecases"])) {
 	for ($i = 0; $i < $_SESSION["nbrecases"]; $i++) {
 		if (isset($_POST["choix"][$i])) {
@@ -188,11 +187,7 @@
 	print "<br><font color=\"#FF0000\">" . $langs->trans("ErrorOpenSurveyDateFormat") . "</font><br><br>"."\n";
 }
 
-if ($erreur_injection) {
-	print "<font color=#FF0000>" . $langs->trans("ErrorOpenSurveyInvalidChars") . "</font><br><br>\n";
-}
-
-if ((isset($_POST["fin_sondage_autre"]) || isset($_POST["fin_sondage_autre_x"])) && !$erreur && !$erreur_injection) {
+if ((isset($_POST["fin_sondage_autre"]) || isset($_POST["fin_sondage_autre_x"])) && !$erreur) {
 	//demande de la date de fin du sondage
 	print '<br>'."\n";
 	print '<div class=presentationdatefin>'."\n";

diff --git a/htdocs/opensurvey/public/create_survey.php b/htdocs/opensurvey/public/create_survey.php
@@ -51,9 +51,6 @@
 
 // On initialise également les autres variables
 $erreur_adresse = false;
-$erreur_injection_titre = false;
-$erreur_injection_nom = false;
-$erreur_injection_commentaires = false;
 $cocheplus = '';
 $cochemail = '';
 
@@ -86,9 +83,7 @@
 
 	if (! isValidEmail($adresse)) $erreur_adresse = true;
 
-	//var_dump($titre.' - '.$nom.' - '.$adresse.' - '.!$erreur_adresse.' - '.! $erreur_injection_titre.' - '.! $erreur_injection_commentaires.' - '.! $erreur_injection_nom.' - '.$creation_sondage_date.' - '.$creation_sondage_autre); exit;
-
-	if ($titre && $nom && $adresse && !$erreur_adresse && ! $erreur_injection_titre && ! $erreur_injection_commentaires && ! $erreur_injection_nom)
+	if ($titre && $nom && $adresse && !$erreur_adresse)
 	{
 		if (! empty($creation_sondage_date))
 		{