Redirecting from invalid entries more cleanly (#564)

* Redirecting from invalid entries more cleanly * Handling rewriteAddress properly in event of novel screen creation order * Seeding the URL properly when rewriterule entry identifier is invalid and URL needs changing * Typo * Moving log writing to separate file so it can be invoked independently before the session (and xoopsUser) are finished being sorted out * Removing errant identifiers from clean URLs on forms * Encapsulate determination of entry id from rewriteruleElement, use to strip identifiers from clean done destination URLs * Ignore "new" entry id when altering URLs (avoids unnecessary slash at end when making new entries) * Smarter determination of rewrite address sid, if two screens have same address, we use entry identifier to prefer forms vs lists * Support alternate screens with same rewriteAddress when determining done destination
jegelstaff · Nov 9, 2024 · f0556a0 · f0556a0
1 parent d5e7c77
commit f0556a0
Show file tree

Hide file tree

Showing 7 changed files with 308 additions and 176 deletions.
diff --git a/libraries/icms/core/Session.php b/libraries/icms/core/Session.php
@@ -226,7 +226,7 @@ static public function service() {
       $instance->update_cookie();
     }
 
-		include_once XOOPS_ROOT_PATH.'/modules/formulize/include/common.php';
+		include_once XOOPS_ROOT_PATH.'/modules/formulize/include/writeToFormulizeLog.php';
 		writeToFormulizeLog(array(
 			'formulize_event'=>'session-loaded-for-user',
 			'user_id'=>intval($_SESSION['xoopsUserId'])

diff --git a/modules/formulize/class/templateScreen.php b/modules/formulize/class/templateScreen.php
@@ -133,8 +133,17 @@ function get($sid) {
     function render($screen, $entry_id, $settings = "") {
 
         if(!security_check($screen->getVar('fid'), $entry_id)) {
-            print "<p>You do not have permission to view this entry in the form</p>";
-            return;
+					if(!$done_dest = $screen->getVar('donedest')) {
+						$done_dest = determineDoneDestinationFromURL($screen);
+					}
+					$done_dest = stripEntryFromDoneDestination($done_dest);
+					$done_dest = substr($done_dest,0,4) == "http" ? $done_dest : "http://".$done_dest;
+					icms::$logger->disableLogger();
+					while(ob_get_level()) {
+							ob_end_clean();
+					}
+					print "<script>window.location = \"$done_dest\";</script>";
+					exit();
         }
 
         $previouslyRenderingScreen = (isset($GLOBALS['formulize_screenCurrentlyRendering']) AND $GLOBALS['formulize_screenCurrentlyRendering']) ? $GLOBALS['formulize_screenCurrentlyRendering'] : null;

diff --git a/modules/formulize/include/entriesdisplay.php b/modules/formulize/include/entriesdisplay.php
@@ -3215,6 +3215,11 @@ function printResults($masterResults, $blankSettings, $groupingSettings, $groupi
 function interfaceJavascript($fid, $frid, $currentview, $useWorking, $useXhr, $lockedColumns) {
 
 	print "<script type='text/javascript' src='".XOOPS_URL."/modules/formulize/include/js/autocomplete.js'></script>";
+
+	global $formulizeRemoveEntryIdentifier;
+	if($formulizeRemoveEntryIdentifier) {
+		print "<script>$formulizeRemoveEntryIdentifier</script>";
+	}
 ?>
 <script type='text/javascript'>
 

diff --git a/modules/formulize/include/formdisplay.php b/modules/formulize/include/formdisplay.php
@@ -3207,7 +3207,7 @@ function writeHiddenSettings($settings, $form = null, $entries = array(), $sub_e
 // $nosave indicates that the user cannot save this entry, so we shouldn't check for formulizechanged
 function drawJavascript($nosave=false, $entryId=null, $screen=null) {
 
-global $xoopsUser, $xoopsConfig, $actionFunctionName;
+global $xoopsUser, $xoopsConfig, $actionFunctionName, $formulizeRemoveEntryIdentifier;
 
 static $drawnJavascript = false;
 if($drawnJavascript) {
@@ -3248,9 +3248,9 @@ function drawJavascript($nosave=false, $entryId=null, $screen=null) {
 	    };
 	  });
 	})(jQuery);
-";
 
-print "
+$formulizeRemoveEntryIdentifier
+
 initialize_formulize_xhr();
 var formulizechanged=0;
 var formulize_javascriptFileIncluded = new Array();

diff --git a/modules/formulize/include/formdisplaypages.php b/modules/formulize/include/formdisplaypages.php
@@ -258,53 +258,15 @@ function displayFormPages($formframe, $entry, $mainform, $pages, $conditions="",
 
 	$nextPage = $currentPage+1;
 
-		global $formulizeCanonicalURI;
-    if(!$done_dest) {
-        // check for a dd in get and use that as a screen id
-        if(isset($_GET['dd']) AND is_numeric($_GET['dd'])) {
-            $done_dest = XOOPS_URL.'/modules/formulize/index.php?sid='.$_GET['dd'];
-        } else {
-            $done_dest = getCurrentURL();
-            // check if the done destination is for this specific form screen that we're rendering, if so, switch done destination to the default list for the form if any
-						$alternateURLForSid = $screen->getVar('rewriteruleAddress');
-						$doneDestHasSid = strstr($done_dest, 'sid='.$screen->getVar('sid'));
-						$doneDestHasSid = $doneDestHasSid ? $doneDestHasSid : ($alternateURLForSid AND strstr($done_dest, $alternateURLForSid));
-            if($screen AND $doneDestHasSid) {
-                $form_handler = xoops_getmodulehandler('forms', 'formulize');
-                $formObject = $form_handler->get($screen->getVar('fid'));
-                if($defaultListScreenId = $formObject->getVar('defaultlist')) {
-										$screen_handler = xoops_getmodulehandler('screen', 'formulize');
-										if($defaultListScreenObject = $screen_handler->get($defaultListScreenId)) {
-											if($rewriteruleAddress = $defaultListScreenObject->getVar('rewriteruleAddress')) {
-												$done_dest = XOOPS_URL.'/'.$rewriteruleAddress;
-											} else {
-                    		$done_dest = XOOPS_URL.'/modules/formulize/index.php?sid='.$defaultListScreenId;
-											}
-										}
-                }
-            }
-        }
-    }
-
-		// strip out any ve portion of a done destination, so we don't end up forcing the user back to this entry after they're done
-		$veTarget = strstr($done_dest, '&ve=') ? '&ve=' : '?ve=';
-		if($done_dest AND $vepos = strpos($done_dest, $veTarget)) {
-				if(is_numeric(substr($done_dest, $vepos+4))) {
-						$done_dest = substr($done_dest, 0, $vepos);
-				}
-		}
-		// if there was an alternate URL used to access the page, and a ve was specified, scale back to remove the ve from the done_dest
-		global $formulizeCanonicalURI;
-		if($done_dest AND $formulizeCanonicalURI AND $_GET['ve']) {
-			$trimmedDoneDest = trim($done_dest, '/'); // take off last slash if any
-			$trailingSlash = $trimmedDoneDest === $done_dest ? '' : '/'; // if there was a slash on the end, remember this for later
-			$doneDestParts = explode('/', $trimmedDoneDest); // split on slashes
-			if(intval($doneDestParts[count($doneDestParts)-1]) === intval($_GET['ve'])) { // make sure this is the ve we're talking about
-				unset($doneDestParts[count($doneDestParts)-1]); // remove the last value, which will be the ve number
-				$done_dest = implode('/', $doneDestParts).$trailingSlash; // put back together, with trailing slash if necessary
+	if(!$done_dest) {
+			// check for a dd in get and use that as a screen id
+			if(isset($_GET['dd']) AND is_numeric($_GET['dd'])) {
+					$done_dest = XOOPS_URL.'/modules/formulize/index.php?sid='.$_GET['dd'];
+			} else {
+					$done_dest = determineDoneDestinationFromURL($screen);
 			}
-		}
-
+	}
+	$done_dest = stripEntryFromDoneDestination($done_dest);
 	$done_dest = substr($done_dest,0,4) == "http" ? $done_dest : "http://".$done_dest;
 
 	// display a form if that's what this page is...