diff --git a/migration/20.03/2003.sql b/migration/20.03/2003.sql
index e066643b979c18387915a252ec0235b96e6576d8..18a53d1dcfed3b913b2f85a31e8e14c7b2c5f657 100755
--- a/migration/20.03/2003.sql
+++ b/migration/20.03/2003.sql
@@ -16,7 +16,7 @@ DELETE FROM groupbasket_status WHERE system_id IN (
where not exists (
select 1 from actions_groupbaskets agb where gbs.action_id = agb.id_action and gbs.group_id = agb.group_id and gbs.basket_id = agb.basket_id
)
-)
+);
/* VIEWS */
DROP VIEW IF EXISTS res_view_letterbox;
diff --git a/src/app/contentManagement/controllers/MergeController.php b/src/app/contentManagement/controllers/MergeController.php
index 905db57cf832b544958d7d1026ce734025b8a902..fb27018e02ce7d76b69b6aa4665dc146557fb0b9 100644
--- a/src/app/contentManagement/controllers/MergeController.php
+++ b/src/app/contentManagement/controllers/MergeController.php
@@ -317,7 +317,7 @@ class MergeController
if ($customFieldsTypes[$customId] == 'banAutocomplete') {
$resource['customField_' . $customId] = "{$custom[0]['addressNumber']} {$custom[0]['addressStreet']} {$custom[0]['addressTown']} ({$custom[0]['addressPostcode']})";
} elseif ($customFieldsTypes[$customId] == 'contact') {
- $customValues = ContactController::getContactCustomField(['contacts' => $customFieldsValues[$customId]]);
+ $customValues = ContactController::getContactCustomField(['contacts' => $custom]);
$resource['customField_' . $customId] = implode("\n", $customValues);
} else {
$resource['customField_' . $customId] = implode("\n", $custom);
diff --git a/src/app/notification/models/NotificationsEventsModelAbstract.php b/src/app/notification/models/NotificationsEventsModelAbstract.php
index 9972f9f00f596e65ad4d882caf2c0cd702ca1160..65f03742c241142567e2ae6bfe8ac8193779c669 100755
--- a/src/app/notification/models/NotificationsEventsModelAbstract.php
+++ b/src/app/notification/models/NotificationsEventsModelAbstract.php
@@ -43,6 +43,7 @@ abstract class NotificationsEventsModelAbstract
ValidatorModel::intval($aArgs, ['notification_sid', 'user_id']);
$aArgs['event_date'] = 'CURRENT_TIMESTAMP';
+ $aArgs['event_info'] = substr($aArgs['event_info'], 0, 255);
$aReturn = DatabaseModel::insert([
'table' => 'notif_event_stack',
diff --git a/src/app/user/controllers/UserController.php b/src/app/user/controllers/UserController.php
index ec2bf9aeaa4b8faf2a20679f10cd60fa435b4cf1..9df6d4d82c60d88cace34f446bf66f419b2640cb 100755
--- a/src/app/user/controllers/UserController.php
+++ b/src/app/user/controllers/UserController.php
@@ -166,12 +166,14 @@ class UserController
$data = $request->getParams();
- $check = Validator::stringType()->notEmpty()->validate($data['userId']) && preg_match("/^[\w.@-]*$/", $data['userId']);
- $check = $check && Validator::stringType()->notEmpty()->validate($data['firstname']);
- $check = $check && Validator::stringType()->notEmpty()->validate($data['lastname']);
+ $check = Validator::stringType()->length(1, 128)->notEmpty()->validate($data['userId']) && preg_match("/^[\w.@-]*$/", $data['userId']);
+ $check = $check && Validator::stringType()->length(1, 255)->notEmpty()->validate($data['firstname']);
+ $check = $check && Validator::stringType()->length(1, 255)->notEmpty()->validate($data['lastname']);
+ $check = $check && Validator::stringType()->length(0, 32)->notEmpty()->validate($data['initials']);
+ $check = $check && Validator::stringType()->length(1, 255)->notEmpty()->validate($data['mail']);
$check = $check && (empty($data['mail']) || filter_var($data['mail'], FILTER_VALIDATE_EMAIL));
if (PrivilegeController::hasPrivilege(['privilegeId' => 'manage_personal_data', 'userId' => $GLOBALS['id']])) {
- $check = $check && (empty($data['phone']) || preg_match("/\+?((|\ |\.|\(|\)|\-)?(\d)*)*\d$/", $data['phone']));
+ $check = $check && (empty($data['phone']) || preg_match("/\+?((|\ |\.|\(|\)|\-)?(\d)*)*\d$/", $data['phone'])) && Validator::stringType()->length(0, 32)->validate($data['phone']);
}
if (!$check) {
return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
@@ -253,13 +255,15 @@ class UserController
$body = $request->getParsedBody();
- if (!Validator::stringType()->notEmpty()->validate($body['firstname'])) {
+ if (!Validator::stringType()->length(1, 255)->notEmpty()->validate($body['firstname'])) {
return $response->withStatus(400)->withJson(['errors' => 'Body firstname is empty or not a string']);
- } elseif (!Validator::stringType()->notEmpty()->validate($body['lastname'])) {
+ } elseif (!Validator::stringType()->length(1, 255)->notEmpty()->validate($body['lastname'])) {
return $response->withStatus(400)->withJson(['errors' => 'Body lastname is empty or not a string']);
- } elseif (!empty($body['mail']) && !filter_var($body['mail'], FILTER_VALIDATE_EMAIL)) {
+ } elseif (!Validator::stringType()->length(0, 32)->notEmpty()->validate($body['initials'])) {
+ return $response->withStatus(400)->withJson(['errors' => 'Body initials is too long']);
+ } elseif (!empty($body['mail']) && !filter_var($body['mail'], FILTER_VALIDATE_EMAIL) && Validator::stringType()->length(1, 255)->notEmpty()->validate($body['mail'])) {
return $response->withStatus(400)->withJson(['errors' => 'Body mail is not correct']);
- } elseif (PrivilegeController::hasPrivilege(['privilegeId' => 'manage_personal_data', 'userId' => $GLOBALS['id']]) && !empty($body['phone']) && !preg_match("/\+?((|\ |\.|\(|\)|\-)?(\d)*)*\d$/", $body['phone'])) {
+ } elseif (PrivilegeController::hasPrivilege(['privilegeId' => 'manage_personal_data', 'userId' => $GLOBALS['id']]) && !empty($body['phone']) && !preg_match("/\+?((|\ |\.|\(|\)|\-)?(\d)*)*\d$/", $body['phone']) && Validator::stringType()->length(0, 32)->validate($body['phone'])) {
return $response->withStatus(400)->withJson(['errors' => 'Body phone is not correct']);
}
diff --git a/src/frontend/app/administration/user/user-administration.component.html b/src/frontend/app/administration/user/user-administration.component.html
index 47f5241c098d0411972ef0f5b296c9a61c7121b0..bd600f35310b368bcc4e1802b4f5ec0c2593e9dc 100755
--- a/src/frontend/app/administration/user/user-administration.component.html
+++ b/src/frontend/app/administration/user/user-administration.component.html
@@ -159,7 +159,7 @@
<mat-form-field>
<input matInput *ngIf="creationMode" type="text" title="{{'lang.id' | translate}}"
name="user_id" [(ngModel)]="user.userId" placeholder="{{'lang.id' | translate}}"
- pattern="^[\w.@-]*$" required (keyup)="setLowerUserId()">
+ pattern="^[\w.@-]*$" required (keyup)="setLowerUserId()" maxlength="128">
<input matInput *ngIf="!creationMode" type="text" title="{{'lang.id' | translate}}"
value="{{user.user_id}}" placeholder="{{'lang.id' | translate}}" disabled>
</mat-form-field>
@@ -169,21 +169,21 @@
<div class="form-group">
<div class="col-sm-5" style="font-weight:bold;">
<mat-form-field>
- <input matInput type="text" id="lastname" name="lastname"
+ <input matInput type="text" id="lastname" name="lastname" maxlength="255"
title="{{'lang.lastname' | translate}}" placeholder="{{'lang.lastname' | translate}}"
[(ngModel)]="user.lastname" required>
</mat-form-field>
</div>
<div class="col-sm-5" style="font-weight:bold;">
<mat-form-field>
- <input matInput type="text" id="firstname" name="firstname"
+ <input matInput type="text" id="firstname" name="firstname" maxlength="255"
title="{{'lang.firstname' | translate}}" placeholder="{{'lang.firstname' | translate}}"
[(ngModel)]="user.firstname" required>
</mat-form-field>
</div>
<div class="col-sm-2" style="font-style:italic;">
<mat-form-field>
- <input matInput type="text" id="initials" name="initials"
+ <input matInput type="text" id="initials" name="initials" maxlength="32"
title="{{'lang.initials' | translate}}" placeholder="{{'lang.initials' | translate}}"
[(ngModel)]="user.initials">
</mat-form-field>
@@ -192,7 +192,7 @@
<div class="form-group">
<div class="col-sm-12">
<mat-form-field>
- <input matInput type="tel" id="phone" name="phone"
+ <input matInput type="tel" id="phone" name="phone" maxlength="32"
title="{{'lang.phoneNumber' | translate}}" placeholder="{{'lang.phoneNumber' | translate}}"
[(ngModel)]="user.phone" pattern="\+?((|\ |\.|\(|\)|\-)?(\d)*)*\d$"
[disabled]="(creationMode && !canManagePersonalDatas) || (!creationMode && (!canManagePersonalDatas || !canViewPersonalDatas))">
@@ -203,7 +203,7 @@
<div class="col-sm-12">
<mat-form-field>
<input matInput type="email" id="mail" name="mail" title="{{'lang.email' | translate}}"
- placeholder="{{'lang.email' | translate}}" [(ngModel)]="user.mail"
+ placeholder="{{'lang.email' | translate}}" [(ngModel)]="user.mail" maxlength="255"
pattern="(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)" required>
</mat-form-field>
</div>
diff --git a/src/frontend/app/visa/visa-workflow.component.html b/src/frontend/app/visa/visa-workflow.component.html
index eb21d89fac4b6bafb4ced249c5b6b3c99e86b098..33cf6c0d739c9c8de7ba61b1fbf569ff5f4800f2 100755
--- a/src/frontend/app/visa/visa-workflow.component.html
+++ b/src/frontend/app/visa/visa-workflow.component.html
@@ -89,7 +89,7 @@
</div>
<div class="workflowLineSubLabel" *ngIf="(showComment && ((!linkedToMaarchParapheur && adminMode && functions.empty(diffusion.process_date)) || (!linkedToMaarchParapheur && getCurrentVisaUserIndex() === i && !functions.empty(diffusion.process_comment)))) && diffusion.hasPrivilege">
<mat-form-field>
- <input matInput class="comment" [disabled]="!adminMode || diffusion.process_date != null ||Â (target === 'signatureBook' && getCurrentVisaUserIndex() === i)" [placeholder]="this.translate.instant('lang.visaNote')" [(ngModel)]="diffusion.process_comment">
+ <input matInput class="comment" maxlength="255" [disabled]="!adminMode || diffusion.process_date != null ||Â (target === 'signatureBook' && getCurrentVisaUserIndex() === i)" [placeholder]="this.translate.instant('lang.visaNote')" [(ngModel)]="diffusion.process_comment">
</mat-form-field>
</div>
<div *ngIf="diffusion.process_date != null && [this.translate.instant('lang.visaWorkflowInterrupted'), this.translate.instant('lang.hasInterruptedWorkflow')].indexOf(diffusion.process_comment) === -1" class="workflowLineProcessDate"