/** * @see \wcf\action\IAction::readParameters() */ public function readParameters() { if (!MODULE_POLL) { throw new IllegalLinkException(); } AbstractSecureAction::readParameters(); if (isset($_POST['actionName'])) { $this->actionName = StringUtil::trim($_POST['actionName']); } if (isset($_POST['pollID'])) { $this->pollID = intval($_POST['pollID']); } $polls = PollManager::getInstance()->getPolls(array($this->pollID)); if (!isset($polls[$this->pollID])) { throw new UserInputException('pollID'); } $this->poll = $polls[$this->pollID]; // load related object $this->relatedObject = PollManager::getInstance()->getRelatedObject($this->poll); if ($this->relatedObject === null) { if ($this->poll->objectID) { throw new SystemException("Missing related object for poll id '" . $this->poll->pollID . "'"); } } else { $this->poll->setRelatedObject($this->relatedObject); } // validate action switch ($this->actionName) { case 'getResult': if (!$this->poll->canSeeResult()) { throw new PermissionDeniedException(); } break; case 'getVote': case 'vote': if (!$this->poll->canVote()) { throw new PermissionDeniedException(); } break; default: throw new SystemException("Unknown action '" . $this->actionName . "'"); break; } if (isset($_POST['optionIDs']) && is_array($_POST['optionIDs'])) { $this->optionIDs = ArrayUtil::toIntegerArray($_POST['optionIDs']); if (count($this->optionIDs) > $this->poll->maxVotes) { throw new PermissionDeniedException(); } $optionIDs = array(); foreach ($this->poll->getOptions() as $option) { $optionIDs[] = $option->optionID; } foreach ($this->optionIDs as $optionID) { if (!in_array($optionID, $optionIDs)) { throw new PermissionDeniedException(); } } } }