Valide le contenu des news

3 years ago · 0ef6c6df4e
parent ca78aca8cb
commit 0ef6c6df4e
2 changed files with 46 additions and 4 deletions
--- a/src/Silex/Controller/AdminController.php
+++ b/src/Silex/Controller/AdminController.php
@ -8,28 +8,45 @@ use DateTime;
 use Silex\DI\DI;
 use Silex\Http\HttpResponse;
 use Silex\Model\News;
+use Silex\Validation\NewsValidation;

 class AdminController
 {
    public function publish(DI $di): HttpResponse
    {
-        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+        $errors = [];
+        if ($_SERVER['REQUEST_METHOD'] === 'POST' && NewsValidation::isValidNews($_POST, $errors)) {
            $news = new News(-1, $_POST['title'], $_POST['content'], new DateTime(), $di->getSecurity()->getCurrentUserId());
            $di->getNewsGateway()->insert($news);
            HttpResponse::redirect($di->getRouter()->url($news->getSlugRedirect()));
        }
        $news = new News(-1, '', '', new DateTime(), $di->getSecurity()->getCurrentUserId());
-        return HttpResponse::found('edit', ['news' => $news]);
+        return HttpResponse::found('edit', ['news' => $news, 'errors' => $errors]);
    }

    public function edit(DI $di, array $params): HttpResponse
    {
        $news = $di->getNewsGateway()->getById(intval($params['id']));
-        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+        if ($news === null) {
+            return new HttpResponse(404, 'errors', ['errors' => ['Unknown news']]);
+        }
+        $errors = [];
+        if ($_SERVER['REQUEST_METHOD'] === 'POST' && NewsValidation::isValidNews($_POST, $errors)) {
            $news = new News($news->getId(), $_POST['title'], $_POST['content'], $news->getPublicationDate(), $news->getAuthorId());
            $di->getNewsGateway()->update($news);
            HttpResponse::redirect($di->getRouter()->url($news->getSlugRedirect()));
        }
-        return HttpResponse::found('edit', ['news' => $news]);
+        return HttpResponse::found('edit', ['news' => $news, 'errors' => $errors]);
+    }
+
+    public function delete(DI $di, array $params): HttpResponse
+    {
+        $news = $di->getNewsGateway()->getById(intval($params['id']));
+        if ($news === null) {
+            return new HttpResponse(404, 'errors', ['errors' => ['Unknown news']]);
+        }
+        $di->getNewsGateway()->delete($news);
+        HttpResponse::redirect($di->getRouter()->url(''));
+        exit();
    }
 }
--- a/src/Silex/Validation/NewsValidation.php
+++ b/src/Silex/Validation/NewsValidation.php
@ -0,0 +1,25 @@
+<?php
+
+namespace Silex\Validation;
+
+final class NewsValidation
+{
+    public static function isValidNews(array &$post, array &$errors): bool
+    {
+        if (empty($post['title'])) {
+            $errors[] = 'Empty title';
+        }
+        if (empty($post['content'])) {
+            $errors[] = 'Empty message';
+        }
+        if (!empty($errors)) {
+            return false;
+        }
+        if (strlen($post['title']) > 60) {
+            $errors[] = 'Title too long';
+        }
+        $post['title'] = htmlspecialchars($post['title']);
+        $post['content'] = htmlspecialchars($post['content']);
+        return empty($errors);
+    }
+}