fix: corrected check on captcha after displaying smart answer

thorsten · thorsten · commit 793877b9bd6f · 2025-01-17T17:10:59.000+01:00
diff --git a/phpmyfaq/assets/src/search/question.js b/phpmyfaq/assets/src/search/question.js
@@ -47,6 +47,10 @@ export const handleQuestion = () => {
           message.insertAdjacentElement('afterend', addElement('div', { classList: '', innerHTML: resultMessage }));
           // Add hidden input
           form.insertAdjacentElement('afterbegin', addElement('input', { type: 'hidden', name: 'save', value: 1 }));
+          form.insertAdjacentElement(
+            'afterbegin',
+            addElement('input', { type: 'hidden', name: 'store', value: 'now' })
+          );
         }
 
         // Final result
diff --git a/phpmyfaq/assets/templates/default/ask.twig b/phpmyfaq/assets/templates/default/ask.twig
@@ -31,25 +31,27 @@
     <input type="hidden" name="lang" id="lang" value="{{ lang }}">
 
     <div class="row mb-2">
-      <label class="col-sm-3 col-form-label" for="name">{{ id3_label }}:
-        <span style="color: red"> *</span></label>
+      <label class="col-sm-3 col-form-label" for="name">
+        {{ id3_label }}*:
+      </label>
       <div class="col-sm-9">
         <input type="text" class="form-control" name="name" id="name" value="{{ defaultContentName }}" required>
       </div>
     </div>
 
     <div class="row mb-2">
-      <label class="col-sm-3 col-form-label" for="email">{{ id4_label }}:
-        <span style="color: red"> *</span></label>
+      <label class="col-sm-3 col-form-label" for="email">
+        {{ id4_label }}*:
+      </label>
       <div class="col-sm-9">
         <input type="email" class="form-control" name="email" id="email" value="{{ defaultContentMail }}" required>
       </div>
     </div>
 
     {% if id5_label is defined %}
     <div class="row mb-2">
-      <label class="col-sm-3 col-form-label" for="category">{{ id5_label }}:
-      {% if id5_required == 'required' %}<span style="color: red"> *</span>{% endif %}
+      <label class="col-sm-3 col-form-label" for="category">
+        {{ id5_label }}{% if id5_required == 'required' %}*{% endif %}:
       </label>
       <div class="col-sm-9">
         <select name="category" class="form-select" id="category" {{ id5_required }}>
@@ -60,8 +62,9 @@
     {% endif %}
 
     <div class="row mb-2">
-      <label class="col-sm-3 col-form-label" for="question">{{ id6_label }}:
-        <span style="color: red"> *</span></label>
+      <label class="col-sm-3 col-form-label" for="question">
+        {{ id6_label }}*:
+      </label>
       <div class="col-sm-9">
         <textarea class="form-control" cols="45" rows="5" name="question" id="question" required></textarea>
       </div>
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Frontend/QuestionController.php b/phpmyfaq/src/phpMyFAQ/Controller/Frontend/QuestionController.php
@@ -46,9 +46,7 @@ class QuestionController extends AbstractController
      */
     public function create(Request $request): JsonResponse
     {
-        $user = CurrentUser::getCurrentUser($this->configuration);
-
-        if (!$this->isAddingQuestionsAllowed($user)) {
+        if (!$this->isAddingQuestionsAllowed()) {
             return $this->json(['error' => Translation::get('ad_msg_noauth')], Response::HTTP_FORBIDDEN);
         }
 
@@ -69,14 +67,15 @@ public function create(Request $request): JsonResponse
         $selectedCategory = isset($data->category) ? Filter::filterVar($data->category, FILTER_VALIDATE_INT) : false;
         $userQuestion = trim(strip_tags((string) $data->question));
         $save = Filter::filterVar($data->save ?? 0, FILTER_VALIDATE_INT);
+        $storeNow = Filter::filterVar($data->store ?? 'not', FILTER_SANITIZE_SPECIAL_CHARS);
 
         // If smart answering is disabled, save the question immediately
         if (false === $this->configuration->get('main.enableSmartAnswering')) {
             $save = true;
         }
 
-        // Validate captcha
-        if (!$this->captchaCodeIsValid($request)) {
+        // Validate captcha if we can store the question after displaying the smart answer
+        if ($storeNow !== 'now' && !$this->captchaCodeIsValid($request)) {
             return $this->json(['error' => Translation::get('msgCaptcha')], Response::HTTP_BAD_REQUEST);
         }
 
@@ -108,7 +107,7 @@ public function create(Request $request): JsonResponse
                 $faqSearch->setCategoryId((int) $selectedCategory);
 
                 $faqPermission = new Permission($this->configuration);
-                $faqSearchResult = new SearchResultSet($user, $faqPermission, $this->configuration);
+                $faqSearchResult = new SearchResultSet($this->currentUser, $faqPermission, $this->configuration);
 
                 $searchResult = array_merge(...array_map(
                     fn($word) => $faqSearch->search($word, false),
@@ -134,16 +133,16 @@ public function create(Request $request): JsonResponse
         }
     }
 
-    private function isAddingQuestionsAllowed(CurrentUser $user): bool
+    /**
+     * @throws \Exception
+     */
+    private function isAddingQuestionsAllowed(): bool
     {
-        if (
-            !$this->configuration->get('records.allowQuestionsForGuests') &&
-            !$this->configuration->get('main.enableAskQuestions') &&
-            !$user->perm->hasPermission($user->getUserId(), PermissionType::QUESTION_ADD->value)
-        ) {
-            return false;
-        }
-
-        return true;
+        return $this->configuration->get('records.allowQuestionsForGuests') ||
+            $this->configuration->get('main.enableAskQuestions') ||
+            $this->currentUser->perm->hasPermission(
+                $this->currentUser->getUserId(),
+                PermissionType::QUESTION_ADD->value
+            );
     }
 }
