From 7d5d89e31c9f64c48db4f92eff191948f36c1492 Mon Sep 17 00:00:00 2001
From: trendschau <trendschau@gmail.com>
Date: Mon, 20 Nov 2023 20:02:55 +0100
Subject: [PATCH] Fix Captcha and Plugin Validation

---
 .../Extensions/TwigCaptchaExtension.php       |  12 ++-
 system/typemill/Models/Navigation.php         |   1 -
 system/typemill/Plugin.php                    | 100 ++++++------------
 system/typemill/author/auth/login.twig        |   6 +-
 system/typemill/author/partials/fields.twig   |  10 +-
 system/typemill/author/partials/form.twig     |  19 ++--
 6 files changed, 65 insertions(+), 83 deletions(-)

diff --git a/system/typemill/Extensions/TwigCaptchaExtension.php b/system/typemill/Extensions/TwigCaptchaExtension.php
index 6c451ca..696d269 100644
--- a/system/typemill/Extensions/TwigCaptchaExtension.php
+++ b/system/typemill/Extensions/TwigCaptchaExtension.php
@@ -11,9 +11,15 @@ class TwigCaptchaExtension extends AbstractExtension
 	public function getFunctions()
 	{
 		return [
-			new TwigFunction('captcha', array($this, 'captchaImage' ))
+			new TwigFunction('captcha', array($this, 'captchaImage' )),
+			new TwigFunction('clearcaptcha', array($this, 'captchaClear' ))
 		];
 	}
+
+	public function captchaClear()
+	{
+		unset($_SESSION['captcha']);
+	}
 	
 	public function captchaImage($initialize = false)
 	{
@@ -24,10 +30,10 @@ class TwigCaptchaExtension extends AbstractExtension
 
 			if(isset($_SESSION['captcha']) && $_SESSION['captcha'] === 'error')
 			{
-				$template = '<div class="my-2 error">' .
+				$template = '<div class="my-2 errorfield">' .
 								'<label for="captcha">Captcha</label>' .
 								'<input type="text" name="captcha" class="form-control block w-full px-3 py-1.5 text-base font-normal text-gray-700 bg-white bg-clip-padding border border-solid border-red-500 bg-red-100 transition ease-in-out m-0 focus:text-gray-700 focus:bg-white focus:border-blue-600 focus:outline-none">' .
-								'<span class="text-xs">The captcha was wrong.</span>'	.
+								'<div class="text-xs error">The captcha was wrong.</div>'	.
 								'<img class="captcha my-2" src="' . $builder->inline() . '" />' . 
 							'</div>';
 			}
diff --git a/system/typemill/Models/Navigation.php b/system/typemill/Models/Navigation.php
index 139d36e..dcf5af5 100644
--- a/system/typemill/Models/Navigation.php
+++ b/system/typemill/Models/Navigation.php
@@ -342,7 +342,6 @@ class Navigation extends Folder
 
 	public function getItemWithKeyPath($navigation, array $searchArray, $baseUrl = null)
 	{
-
 		$item = false;
 
 		# if it is the homepage
diff --git a/system/typemill/Plugin.php b/system/typemill/Plugin.php
index a3920ee..f52dd7a 100644
--- a/system/typemill/Plugin.php
+++ b/system/typemill/Plugin.php
@@ -10,6 +10,7 @@ use Typemill\Models\Validation;
 use Typemill\Models\Fields;
 use Typemill\Extensions\ParsedownExtension;
 
+
 abstract class Plugin implements EventSubscriberInterface
 {
 	protected $container;
@@ -141,7 +142,7 @@ abstract class Plugin implements EventSubscriberInterface
 		return $storage->getError();
 	}
 
-	private function getPluginName($pluginname)
+	private function getPluginName($pluginname = NULL)
 	{
 		if(!$pluginname)
 		{
@@ -340,75 +341,40 @@ abstract class Plugin implements EventSubscriberInterface
 
 	protected function validateParams($params)
 	{
-		$pluginName = key($params);
+		$pluginname 		= $this->getPluginName();
+		$userinput 			= $params[$pluginname] ?? false;
 
-		if(isset($params[$pluginName]))
+		if(!$userinput)
 		{
-			$userInput 			= $params[$pluginName];
-			$settings 			= $this->getSettings();
-
-			# get settings and start validation
-			$originalSettings 	= \Typemill\Settings::getObjectSettings('plugins', $pluginName);
-			if(isset($settings['plugins'][$pluginName]['publicformdefinitions']) && $settings['plugins'][$pluginName]['publicformdefinitions'] != '')
-			{
-				$arrayFromYaml 	= \Symfony\Component\Yaml\Yaml::parse($settings['plugins'][$pluginName]['publicformdefinitions']);
-				$originalSettings['public']['fields'] = $arrayFromYaml;
-			}
-			elseif(isset($originalSettings['settings']['publicformdefinitions']))
-			{
-				$arrayFromYaml 	= \Symfony\Component\Yaml\Yaml::parse($originalSettings['settings']['publicformdefinitions']);
-				$originalSettings['public']['fields'] = $arrayFromYaml;
-			}
-
-			$validate			= new Validation();
-
-			if(isset($originalSettings['public']['fields']))
-			{
-				# flaten the multi-dimensional array with fieldsets to a one-dimensional array
-				$originalFields = array();
-				foreach($originalSettings['public']['fields'] as $fieldName => $fieldValue)
-				{
-					if(isset($fieldValue['fields']))
-					{
-						foreach($fieldValue['fields'] as $subFieldName => $subFieldValue)
-						{
-							$originalFields[$subFieldName] = $subFieldValue;
-						}
-					}
-					else
-					{
-						$originalFields[$fieldName] = $fieldValue;
-					}
-				}
-
-				# take the user input data and iterate over all fields and values
-				foreach($userInput as $fieldName => $fieldValue)
-				{
-					# get the corresponding field definition from original plugin settings
-					$fieldDefinition = isset($originalFields[$fieldName]) ? $originalFields[$fieldName] : false;
-
-					if($fieldDefinition)
-					{
-						# validate user input for this field
-						$validate->objectField($fieldName, $fieldValue, $pluginName, $fieldDefinition);
-					}
-					if(!$fieldDefinition && $fieldName != 'active')
-					{
-						$_SESSION['errors'][$pluginName][$fieldName] = array('This field is not defined!');
-					}
-				}
-
-				if(isset($_SESSION['errors']))
-				{
-					$this->container->flash->addMessage('error', 'Please correct the errors');
-					return false;
-				}
-
-				return $params[$pluginName];
-			}
+			return false;
 		}
 
-		$this->container->flash->addMessage('error', 'The data from the form was invalid (missing or not defined)');
-		return false;
+		$pluginsettings 	= $this->getPluginSettings($pluginname);
+		$extension 			= new Extension();
+		$formdefinitions 	= $extension->getPluginDefinition($pluginname);
+
+		# if there are public form definitions, add them to the formdefinitions
+		if(isset($pluginsettings['publicformdefinitions']) && $pluginsettings['publicformdefinitions'] != '')
+		{
+			$arrayFromYaml 	= \Symfony\Component\Yaml\Yaml::parse($pluginsettings['publicformdefinitions']);
+			$formdefinitions['public']['fields'] = $arrayFromYaml;
+		}
+		elseif(isset($formdefinitions['settings']['publicformdefinitions']))
+		{
+			$arrayFromYaml 	= \Symfony\Component\Yaml\Yaml::parse($formdefinitions['settings']['publicformdefinitions']);
+			$formdefinitions['public']['fields'] = $arrayFromYaml;
+		}
+
+		$validate			= new Validation();
+		$validatedOutput 	= $validate->recursiveValidation($formdefinitions['public']['fields'], $userinput);
+		
+		if(!empty($validate->errors))
+		{
+			$_SESSION['errors'] = $validate->errors;
+			
+			return false;
+		}
+
+		return $validatedOutput;
 	}
 }
\ No newline at end of file
diff --git a/system/typemill/author/auth/login.twig b/system/typemill/author/auth/login.twig
index 5f96aa4..b566980 100644
--- a/system/typemill/author/auth/login.twig
+++ b/system/typemill/author/auth/login.twig
@@ -54,8 +54,12 @@
 
 							{{ captcha(old) }}
 
-						{% endif %}
+						{% else %}
+
+							{{ clearcaptcha() }}
 						
+						{% endif %}
+
 						<input 
 							type="submit" 
 							value="{{ translate('Login') }}" 
diff --git a/system/typemill/author/partials/fields.twig b/system/typemill/author/partials/fields.twig
index 232ded1..a612bdb 100644
--- a/system/typemill/author/partials/fields.twig
+++ b/system/typemill/author/partials/fields.twig
@@ -1,4 +1,4 @@
-<div class="{{ class ? class : 'cardField' }}{{ errors[itemName][field.name] ? ' error' : '' }}{{field.fieldsize ? ' ' ~ field.fieldsize : ''}}">
+<div class="{{ class ? class : 'cardField' }}{{ errors[field.name] ? ' errorfield' : '' }}{{field.fieldsize ? ' ' ~ field.fieldsize : ''}}">
 	
 	<label for="{{ itemName }}[{{ field.name }}]">{{ translate( field.getLabel() ) }}
 		{% if field.getAttribute('required') %}<strong><abbr title="{{ translate('required') }}">*</abbr></strong>{% endif %}
@@ -24,8 +24,8 @@
 						<input class="function-img-url w-90 mbfix" type="text" name="{{ itemName }}[{{ field.name }}]" value="{{ settings[object][itemName][field.name] }}" readonly>
 					</div>
 				</div>
-				{% if errors[itemName][field.name] %}
-					<div class="error f6">{{ errors[itemName][field.name] | first }}</div>
+				{% if errors[field.name] %}
+					<div class="error f6">{{ errors[field.name] }}</div>
 				{% endif %}
 
 				{% if field.description %}<div class="description pv3">{{ translate(field.description) }}</div>{% endif %}
@@ -94,8 +94,8 @@
 
 		{% if field.description %}<div class="description">{{ translate(field.description) }}</div>{% endif %}
 		
-		{% if errors[itemName][field.name] %}
-			<span class="error">{{ errors[itemName][field.name] | first }}</span>
+		{% if errors[field.name] %}
+			<div class="error">{{ errors[field.name] }}</div>
 		{% endif %}
 
 	{% endif %}
diff --git a/system/typemill/author/partials/form.twig b/system/typemill/author/partials/form.twig
index 61556a9..b8b5307 100644
--- a/system/typemill/author/partials/form.twig
+++ b/system/typemill/author/partials/form.twig
@@ -5,7 +5,7 @@
 {% endif %}
 <form method="POST" action="{{ url_for(routename) }}" enctype="multipart/form-data">
 
-	<fieldset class="card{{ errors[itemName] ? ' errors' : '' }}">
+	<fieldset class="card{{ errors ? ' errors' : '' }}">
 
 		{% for field in fields %}
 				
@@ -22,7 +22,7 @@
 
 			{% else %}
 
-				{% include '/partials/fields.twig' with {'itemName' : itemName, 'object' : object } %}
+				{% include '/partials/fields.twig' with {'itemName' : itemName, 'object' : object} %}
 
 			{% endif %}
 
@@ -33,16 +33,18 @@
 			<input type="text" name="personal-honey-mail">
 		</div>
 
-		{% if captchaoptions == 'disabled' %}
+		{% if captchaoptions == 'standard' %}
 			
+			{{ captcha(true) }}
+		
 		{% elseif captchaoptions == 'aftererror' %}
 
 			{{ captcha(old) }}
 
 		{% else %}
 
-			{{ captcha(true) }}
-
+			{{ clearcaptcha() }}
+		
 		{% endif %}
 		
 		{% if recaptcha_webkey %}
@@ -51,6 +53,11 @@
 
 		<input type="submit" value="{{ buttonlabel ? buttonlabel : 'send' }}" />
 		
-		<style>.personal-mail{display:none}</style>
+		<style>
+			.personal-mail{ display:none }
+			.error{ margin-top:4px; background:red; color:#FFF; padding: 2px; font-size:.9rem;}
+			.errorfield label{ color:red; }
+			.errorfield input{ outline: 1px solid red; }
+		</style>
 	</fieldset>
 </form>
\ No newline at end of file