From 0ef6c6df4ea2d41ed2a7f900953ff6258904f83a Mon Sep 17 00:00:00 2001
From: clfreville2 <clement.freville2@etu.uca.fr>
Date: Wed, 14 Dec 2022 11:34:45 +0100
Subject: [PATCH] Valide le contenu des news

---
 src/Silex/Controller/AdminController.php | 25 ++++++++++++++++++++----
 src/Silex/Validation/NewsValidation.php  | 25 ++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 4 deletions(-)
 create mode 100644 src/Silex/Validation/NewsValidation.php

diff --git a/src/Silex/Controller/AdminController.php b/src/Silex/Controller/AdminController.php
index 72ab36b..efdfd53 100644
--- a/src/Silex/Controller/AdminController.php
+++ b/src/Silex/Controller/AdminController.php
@@ -8,28 +8,45 @@ use DateTime;
 use Silex\DI\DI;
 use Silex\Http\HttpResponse;
 use Silex\Model\News;
+use Silex\Validation\NewsValidation;
 
 class AdminController
 {
     public function publish(DI $di): HttpResponse
     {
-        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+        $errors = [];
+        if ($_SERVER['REQUEST_METHOD'] === 'POST' && NewsValidation::isValidNews($_POST, $errors)) {
             $news = new News(-1, $_POST['title'], $_POST['content'], new DateTime(), $di->getSecurity()->getCurrentUserId());
             $di->getNewsGateway()->insert($news);
             HttpResponse::redirect($di->getRouter()->url($news->getSlugRedirect()));
         }
         $news = new News(-1, '', '', new DateTime(), $di->getSecurity()->getCurrentUserId());
-        return HttpResponse::found('edit', ['news' => $news]);
+        return HttpResponse::found('edit', ['news' => $news, 'errors' => $errors]);
     }
 
     public function edit(DI $di, array $params): HttpResponse
     {
         $news = $di->getNewsGateway()->getById(intval($params['id']));
-        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+        if ($news === null) {
+            return new HttpResponse(404, 'errors', ['errors' => ['Unknown news']]);
+        }
+        $errors = [];
+        if ($_SERVER['REQUEST_METHOD'] === 'POST' && NewsValidation::isValidNews($_POST, $errors)) {
             $news = new News($news->getId(), $_POST['title'], $_POST['content'], $news->getPublicationDate(), $news->getAuthorId());
             $di->getNewsGateway()->update($news);
             HttpResponse::redirect($di->getRouter()->url($news->getSlugRedirect()));
         }
-        return HttpResponse::found('edit', ['news' => $news]);
+        return HttpResponse::found('edit', ['news' => $news, 'errors' => $errors]);
+    }
+
+    public function delete(DI $di, array $params): HttpResponse
+    {
+        $news = $di->getNewsGateway()->getById(intval($params['id']));
+        if ($news === null) {
+            return new HttpResponse(404, 'errors', ['errors' => ['Unknown news']]);
+        }
+        $di->getNewsGateway()->delete($news);
+        HttpResponse::redirect($di->getRouter()->url(''));
+        exit();
     }
 }
diff --git a/src/Silex/Validation/NewsValidation.php b/src/Silex/Validation/NewsValidation.php
new file mode 100644
index 0000000..614b1c8
--- /dev/null
+++ b/src/Silex/Validation/NewsValidation.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Silex\Validation;
+
+final class NewsValidation
+{
+    public static function isValidNews(array &$post, array &$errors): bool
+    {
+        if (empty($post['title'])) {
+            $errors[] = 'Empty title';
+        }
+        if (empty($post['content'])) {
+            $errors[] = 'Empty message';
+        }
+        if (!empty($errors)) {
+            return false;
+        }
+        if (strlen($post['title']) > 60) {
+            $errors[] = 'Title too long';
+        }
+        $post['title'] = htmlspecialchars($post['title']);
+        $post['content'] = htmlspecialchars($post['content']);
+        return empty($errors);
+    }
+}