5 files changed, 39 insertions, 23 deletions
diff --git a/public/css/calendar.css b/public/css/calendar.css
index fb2b2fa..ba9a462 100644
--- a/public/css/calendar.css
+++ b/public/css/calendar.css
@@ -8,10 +8,10 @@
    display: flex;
    gap: 5px;
    padding: 15px;
-    /*max-width: 1000px;*/
+    max-width: 1170px;
 }
 #calendar{
-    width: 1170px;
+    width: 1165px; /* on enlève le "gap" */
 }
 .event_title_box{
    display: flex;
diff --git a/public/js/calendar_admin.js b/public/js/calendar_admin.js
index 8d764d8..76a1ce9 100644
--- a/public/js/calendar_admin.js
+++ b/public/js/calendar_admin.js
@@ -206,7 +206,6 @@ document.addEventListener('DOMContentLoaded', function(){
                event_start = new Date(event_start).toISOString();
                event_end = new Date(event_end).toISOString();
            }
-            console.log(event_end);
            if(event_start > event_end || (!event_all_day && event_start == event_end)){
                return;
diff --git a/src/controller/Security.php b/src/controller/Security.php
index cd31cb8..b882d42 100644
--- a/src/controller/Security.php
+++ b/src/controller/Security.php
@@ -22,7 +22,7 @@ class Security
        // ATTENTION, n'applique pas htmlspecialchars() !!
        public static function secureString(string $chaine): string
        {
-            return trim(htmLawed($chaine, self::$configHtmLawed, self::$specHtmLawed));;
+            return trim(htmLawed($chaine, self::$configHtmLawed, self::$specHtmLawed));
        }
        public static function secureFileName(string $chaine): string
diff --git a/src/controller/ajax_calendar.php b/src/controller/ajax_calendar.php
index 834c88b..79268f6 100644
--- a/src/controller/ajax_calendar.php
+++ b/src/controller/ajax_calendar.php
@@ -46,22 +46,35 @@ elseif(isset($_SESSION['admin']) && $_SESSION['admin'] === true
        $json = json_decode($data, true);
        
        if($_GET['action'] === 'new_event'){
-        $event = new Event($json['title'], $json['start'], $json['end'], $json['allDay'], $json["description"], $json['color']);
+        try{
-        
+            $event = new Event($json);
+        }
+        catch(InvalidArgumentException $e){
+            echo json_encode(['success' => false, 'error' => $e->getMessage()]);
+            http_response_code(400);
+            die;
+        }
        $entityManager->persist($event);
        $entityManager->flush();
                
                echo json_encode(['success' => true, 'id' => $event->getId()]);
        }
        elseif($_GET['action'] === 'update_event'){
-        $event = $entityManager->find('App\Entity\Event', $json['id']);
+        $event = $entityManager->find('App\Entity\Event', (int)$json['id']);
-        $event->updateFromJSON($json);
+        try{
+            $event->securedUpdateFromJSON($json);
+        }
+        catch(InvalidArgumentException $e){
+            echo json_encode(['success' => false, 'error' => $e->getMessage()]);
+            http_response_code(400);
+            die;
+        }
        $entityManager->flush();
                echo json_encode(['success' => true]);
        }
        elseif($_GET['action'] === 'remove_event'){
-        $event = $entityManager->find('App\Entity\Event', $json['id']);
+        $event = $entityManager->find('App\Entity\Event', (int)$json['id']);
        $entityManager->remove($event);
        $entityManager->flush();
diff --git a/src/model/entities/Event.php b/src/model/entities/Event.php
index c85832f..ae0d396 100644
--- a/src/model/entities/Event.php
+++ b/src/model/entities/Event.php
@@ -39,23 +39,27 @@ class Event
    #[ORM\Column(type: 'string', length: 7, nullable: true)]
    private ?string $color = null;
-    public function __construct(string $title, string|\DateTimeInterface $start, string|\DateTimeInterface $end, bool $all_day, string $description = '', string $color = null){
+    public function __construct(array $json){
-        $this->title = $title;
+        $this->securedUpdateFromJSON($json);
-        $this->description = $description;
-        $this->start = gettype($start) === 'string' ? new \DateTime($start) : $start;
-        $this->end = gettype($end) === 'string' ? new \DateTime($end) : $end;
-        $this->all_day = $all_day;
-        $this->color = $color;
    }
-    public function updateFromJSON(array $json): void
+    public function securedUpdateFromJSON(array $json): void
    {
-        $this->title = $json['title'];
+        $this->title = htmlspecialchars($json['title']);
-        $this->description = $json['description'];
+        $this->description = htmlspecialchars($json['description']);
-        $this->start = new \DateTime($json['start']);
+        try{
-        $this->end = new \DateTime($json['end']);
+            $this->start = new \Datetime($json['start']);
-        $this->all_day = $json['allDay'];
+            $this->end = new \Datetime($json['end']);
-        $this->color = $json['color'];
+        }
+        catch(\Exception $e){
+            throw new \InvalidArgumentException('Bad date input');
+        }
+        $all_day = filter_var($json['allDay'] ?? null, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+        if(!is_bool($all_day)){
+            throw new \InvalidArgumentException('Bad checkbox input');
+        }
+        $this->all_day = $all_day;
+        $this->color = isset($json['color']) ? htmlspecialchars($json['color']) : null;
    }
    public function getId(): int

diff --git a/public/css/calendar.css b/public/css/calendar.css index fb2b2fa..ba9a462 100644 --- a/public/css/calendar.css +++ b/public/css/calendar.css
@@ -8,10 +8,10 @@
8	display: flex;	8	display: flex;
9	gap: 5px;	9	gap: 5px;
10	padding: 15px;	10	padding: 15px;
11	/max-width: 1000px;/	11	max-width: 1170px;
12	}	12	}
13	#calendar{	13	#calendar{
14	width: 1170px;	14	width: 1165px; /* on enlève le "gap" */
15	}	15	}
16	.event_title_box{	16	.event_title_box{
17	display: flex;	17	display: flex;


diff --git a/public/js/calendar_admin.js b/public/js/calendar_admin.js index 8d764d8..76a1ce9 100644 --- a/public/js/calendar_admin.js +++ b/public/js/calendar_admin.js
@@ -206,7 +206,6 @@ document.addEventListener('DOMContentLoaded', function(){
206	event_start = new Date(event_start).toISOString();	206	event_start = new Date(event_start).toISOString();
207	event_end = new Date(event_end).toISOString();	207	event_end = new Date(event_end).toISOString();
208	}	208	}
209	console.log(event_end);
210		209
211	if(event_start > event_end \|\| (!event_all_day && event_start == event_end)){	210	if(event_start > event_end \|\| (!event_all_day && event_start == event_end)){
212	return;	211	return;


diff --git a/src/controller/Security.php b/src/controller/Security.php index cd31cb8..b882d42 100644 --- a/src/controller/Security.php +++ b/src/controller/Security.php
@@ -22,7 +22,7 @@ class Security
22	// ATTENTION, n'applique pas htmlspecialchars() !!	22	// ATTENTION, n'applique pas htmlspecialchars() !!
23	public static function secureString(string $chaine): string	23	public static function secureString(string $chaine): string
24	{	24	{
25	return trim(htmLawed($chaine, self::$configHtmLawed, self::$specHtmLawed));;	25	return trim(htmLawed($chaine, self::$configHtmLawed, self::$specHtmLawed));
26	}	26	}
27		27
28	public static function secureFileName(string $chaine): string	28	public static function secureFileName(string $chaine): string


diff --git a/src/controller/ajax_calendar.php b/src/controller/ajax_calendar.php index 834c88b..79268f6 100644 --- a/src/controller/ajax_calendar.php +++ b/src/controller/ajax_calendar.php
@@ -46,22 +46,35 @@ elseif(isset($_SESSION['admin']) && $_SESSION['admin'] === true
46	$json = json_decode($data, true);	46	$json = json_decode($data, true);
47		47
48	if($_GET['action'] === 'new_event'){	48	if($_GET['action'] === 'new_event'){
49	$event = new Event($json['title'], $json['start'], $json['end'], $json['allDay'], $json["description"], $json['color']);	49	try{
50		50	$event = new Event($json);
		51	}
		52	catch(InvalidArgumentException $e){
		53	echo json_encode(['success' => false, 'error' => $e->getMessage()]);
		54	http_response_code(400);
		55	die;
		56	}
51	$entityManager->persist($event);	57	$entityManager->persist($event);
52	$entityManager->flush();	58	$entityManager->flush();
53		59
54	echo json_encode(['success' => true, 'id' => $event->getId()]);	60	echo json_encode(['success' => true, 'id' => $event->getId()]);
55	}	61	}
56	elseif($_GET['action'] === 'update_event'){	62	elseif($_GET['action'] === 'update_event'){
57	$event = $entityManager->find('App\Entity\Event', $json['id']);	63	$event = $entityManager->find('App\Entity\Event', (int)$json['id']);
58	$event->updateFromJSON($json);	64	try{
		65	$event->securedUpdateFromJSON($json);
		66	}
		67	catch(InvalidArgumentException $e){
		68	echo json_encode(['success' => false, 'error' => $e->getMessage()]);
		69	http_response_code(400);
		70	die;
		71	}
59	$entityManager->flush();	72	$entityManager->flush();
60		73
61	echo json_encode(['success' => true]);	74	echo json_encode(['success' => true]);
62	}	75	}
63	elseif($_GET['action'] === 'remove_event'){	76	elseif($_GET['action'] === 'remove_event'){
64	$event = $entityManager->find('App\Entity\Event', $json['id']);	77	$event = $entityManager->find('App\Entity\Event', (int)$json['id']);
65	$entityManager->remove($event);	78	$entityManager->remove($event);
66	$entityManager->flush();	79	$entityManager->flush();
67		80


diff --git a/src/model/entities/Event.php b/src/model/entities/Event.php index c85832f..ae0d396 100644 --- a/src/model/entities/Event.php +++ b/src/model/entities/Event.php
@@ -39,23 +39,27 @@ class Event
39	#[ORM\Column(type: 'string', length: 7, nullable: true)]	39	#[ORM\Column(type: 'string', length: 7, nullable: true)]
40	private ?string $color = null;	40	private ?string $color = null;
41		41
42	public function __construct(string $title, string\|\DateTimeInterface $start, string\|\DateTimeInterface $end, bool $all_day, string $description = '', string $color = null){	42	public function __construct(array $json){
43	$this->title = $title;	43	$this->securedUpdateFromJSON($json);
44	$this->description = $description;
45	$this->start = gettype($start) === 'string' ? new \DateTime($start) : $start;
46	$this->end = gettype($end) === 'string' ? new \DateTime($end) : $end;
47	$this->all_day = $all_day;
48	$this->color = $color;
49	}	44	}
50		45
51	public function updateFromJSON(array $json): void	46	public function securedUpdateFromJSON(array $json): void
52	{	47	{
53	$this->title = $json['title'];	48	$this->title = htmlspecialchars($json['title']);
54	$this->description = $json['description'];	49	$this->description = htmlspecialchars($json['description']);
55	$this->start = new \DateTime($json['start']);	50	try{
56	$this->end = new \DateTime($json['end']);	51	$this->start = new \Datetime($json['start']);
57	$this->all_day = $json['allDay'];	52	$this->end = new \Datetime($json['end']);
58	$this->color = $json['color'];	53	}
		54	catch(\Exception $e){
		55	throw new \InvalidArgumentException('Bad date input');
		56	}
		57	$all_day = filter_var($json['allDay'] ?? null, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
		58	if(!is_bool($all_day)){
		59	throw new \InvalidArgumentException('Bad checkbox input');
		60	}
		61	$this->all_day = $all_day;
		62	$this->color = isset($json['color']) ? htmlspecialchars($json['color']) : null;
59	}	63	}
60		64
61	public function getId(): int	65	public function getId(): int