fix(bazar): force idformulaire to be an integer

mrflos · mrflos · commit 4e9e51d80cd0 · 2025-04-18T16:04:28.000+03:00
diff --git a/includes/services/TemplateEngine.php b/includes/services/TemplateEngine.php
@@ -109,6 +109,9 @@ public function __construct(
 
             return '';
         });
+        $this->addTwigHelper('int', function ($content) {
+            return (int)$content;
+        });
         $this->addTwigHelper('_t', function ($key, $params = []) {
             return html_entity_decode(_t($key, $params));
         });
diff --git a/tools/bazar/templates/forms/forms_confirm.twig b/tools/bazar/templates/forms/forms_confirm.twig
@@ -2,15 +2,15 @@
 	<form action="{{ url({params:{
 			vue: 'formulaire',
 			action: type,
-			idformulaire: request.get.idformulaire ?? 'error'
+			idformulaire: int(request.get.idformulaire ?? 'error')
 		}}) }}"
 		method="post"
 		style="display: inline"
 		>
 		{{ include("@templates/alert-message.twig",{
 			type: "warning",
 			message: 
-				_t(type == 'delete' ? 'BAZ_FORM_DELETE' : 'BAZ_FORM_EMPTY',{'formId':request.get.idformulaire}) ~ '<br/>' ~
+				_t(type == 'delete' ? 'BAZ_FORM_DELETE' : 'BAZ_FORM_EMPTY',{'formId': int(request.get.idformulaire)}) ~ '<br/>' ~
 		    '<b>' ~ _t(type == 'delete' ? 'BAZ_CONFIRM_SUPPRIMER_FORMULAIRE' : 'BAZ_CONFIRM_VIDER_FORMULAIRE') ~ ' ?</b><br/>'
 		}) }}
 		<input type="hidden" name="confirm{{ type == 'delete' ? 'Delete' : 'Empty' }}Token" value="{{ csrfToken({id:'main',refresh:false})|e('html_attr') }}">
@@ -30,4 +30,4 @@
 			class="btn btn-default" 
 			style="vertical-align: middle; display: inline" />
 	</form>
-</div>
+</div>
