The Higher Education and Research forge

Home My Page Projects Code Snippets Project Openings MonLabo
Summary Activity Tracker Tasks Docs SCM Files Dokuwiki Continious Integration Listes Sympa

SCM Repository

authorHerve Suaudeau <herve.suaudeau@parisdescartes.fr>
Tue, 28 Jul 2020 13:38:30 +0000 (15:38 +0200)
committerHerve Suaudeau <herve.suaudeau@parisdescartes.fr>
Tue, 28 Jul 2020 13:38:30 +0000 (15:38 +0200)
* BUG : Suppress php warnings that occur when creating new person, team, thematic or unit.
* BUG : Correct bad redirection of buttons for modifying teams, thematics or units in the admin tab "table view"

admin/MonLabo-admin.php
admin/MonLabo-edit-members.php
admin/includes/inc-lib-forms.php
admin/includes/inc-lib-tables.php
changelog.txt

index 039efea..1f2cf76 100644 (file)
@@ -124,6 +124,17 @@ class MonLabo_admin {
                                )
                        );
        }
+       public function error_MonLabo_perso_page_bad_parent() {
+               return MonLabo_admin::notice_message(
+                       'error',
+                       __( 'Erreur :', 'mon-laboratoire' ),
+                 sprintf(
+                         __( "La page de rattachement des pages personnelles est mal renseignée %s dans les configurations générales %s.", 'mon-laboratoire' )
+                         , "<a href=\"admin.php?page=MonLabo_config&tab=tab_appearance\">"
+                         , "</a>"
+                         )
+               );
+       }
 
        //hook into WP's admin_init action hook
        public function admin_init() {
index 99ffc53..a09c12f 100644 (file)
@@ -15,6 +15,8 @@ function edit_members_form() {
        require_once( dirname( __FILE__ ) . '/includes/inc-lib-forms.php' );
        $retval='';
        $MonLabo_access_data = New MonLabo_access_data();
+       $options0 = get_option( 'MonLabo_settings_group0' );
+       $options2 = get_option( 'MonLabo_settings_group2' );
 
        list( $retval, $member_id, $page_id_if_created )=form_edit_member_processing();
 
@@ -26,14 +28,14 @@ function edit_members_form() {
        if ( !empty( $members_name_alumni ) ) { asort( $members_name_alumni, SORT_STRING ); }
 
        //Get member infomation. If invalid of new, return an empty object
-       if ( 0 != $member_id ) {
+       if ( !empty( $member_id ) ) {
                $member_information = $MonLabo_access_data->get_person_information( $member_id );
                //If invalid ID
                if ( NULL === $member_information ) {
                        $member_id = 0;
                }
        }
-       if ( 0 === $member_id ) {
+       if ( empty( $member_id ) ) {
                $member_information = (object) Array( 'wp_post_id'=>'', 'title'=>'', 'first_name'=>'', 'last_name'=>''
                                , 'category'=>'', 'function_en'=>'', 'function_fr'=>'', 'id'=>0
                                , 'date_departure'=>'', 'mail'=>'', 'room'=>'', 'external_url'=>''
@@ -41,6 +43,7 @@ function edit_members_form() {
                                , 'uid_ENT_parisdescartes'=>'', 'status'=>'', 'visible'=>''
                                , 'custom1'=>'', 'custom2'=>'', 'custom3'=>'', 'custom4'=>'', 'custom5'=>''
                                , 'custom6'=>'', 'custom7'=>'', 'custom8'=>'', 'custom9'=>'', 'custom10'=>'' );
+               $member_id = 0;
        }
        $nouveau_membre_string='&mdash; '.__( 'Nouveau membre', 'mon-laboratoire' ).' &mdash;';
        if ( is_array( $members_name_actif ) && array_key_exists( $member_id, $members_name_actif ) ) {
@@ -90,8 +93,6 @@ function edit_members_form() {
 
        // Page WordPress
        //---------------
-       $options2 = get_option( 'MonLabo_settings_group2' );
-
        if ( 0 != $member_id ) {
                $retval .= '<br />';
                if ( ( array_key_exists( 'MonLabo_perso_page_parent', $options2 ) ) && ( !empty( $options2['MonLabo_perso_page_parent'] ) ) ) {
@@ -111,11 +112,7 @@ function edit_members_form() {
                  $retval.= '</div>';
                  //
                } else {
-                 $retval .= MonLabo_admin::notice_message(
-                         'error',
-                         __( 'Erreur :', 'mon-laboratoire' ),
-                         __( "La page de rattachement des pages personnelles est mal renseignée <a href=\"admin.php?page=MonLabo_config&tab=tab_appearance\">dans les configurations générales</a>.", 'mon-laboratoire' )
-                 );
+                 $retval .= MonLabo_admin::error_MonLabo_perso_page_bad_parent();
                }
        }
        $retval .= '</fieldset>';
@@ -129,7 +126,6 @@ function edit_members_form() {
        $retval .= '<fieldset class="clear"><legend>'.__( 'Propriétés :', 'mon-laboratoire' ).'</legend>';
 
        //Dans le cas où il n'y a qu'une unité, configurer si la personne en est ou pas le directeur
-       $options0=get_option( 'MonLabo_settings_group0' );
        if ( empty( $options0['MonLabo_uses_unites'] ) ) {
                $valueDirector=__( '(co)directeur ou (co)directrice de l&apos;unité', 'mon-laboratoire' );
                $directors_of_default_unit=$MonLabo_access_data->get_directors_id_for_an_unit( MAIN_STRUCT_NO_UNIT, $status='all' );
@@ -208,7 +204,6 @@ function edit_members_form() {
 
        // Liens externes
        //---------------
-       $options0 = get_option( 'MonLabo_settings_group0' );
        if ( 'aucun' != $options0['MonLabo_publication_server_type'] ) {
                $retval .= '</fieldset><fieldset><legend>'.__( 'Publications :', 'mon-laboratoire' ).'</legend>';
                if ( ( 'hal' === $options0['MonLabo_publication_server_type'] ) or ( 'both' === $options0['MonLabo_publication_server_type'] ) ) {
@@ -235,7 +230,8 @@ function edit_members_form() {
                get_MonLabo_Members_fields_comments( 'visible' ), $member_information->visible );
        $retval .= '</fieldset>';
 
-       $options = get_option( 'MonLabo_settings_group0' );
+       // Custtom fiels
+       //--------------
        if ( isset( $options0['MonLabo_uses_custom_fields_for_staff'] ) && ( intval( $options0['MonLabo_uses_custom_fields_for_staff'] ) === 1 ) ) {
                $retval .= '</fieldset><fieldset><legend>'.__( 'Champs personnalisés :', 'mon-laboratoire' ).'</legend>';
                $options3 = get_option( 'MonLabo_settings_group3' );
@@ -249,6 +245,13 @@ function edit_members_form() {
                }
                $retval .= '</fieldset>';
        }
+
+       //For security
+       //------------
+       $retval .= wp_nonce_field( 'edit_members_form', 'edit_members_form_wpnonce', true, false );
+
+       // Validation
+       //------------
        $onclick = 'edit_member()';
        if ( $valeur_initiale != $nouveau_membre_string ) {
                $retval .= generate_submit_button( __( 'Modifier', 'mon-laboratoire' ), 'submit_modify_member', $onclick );
@@ -282,18 +285,19 @@ function edit_teams_form() {
 
 
        //Get team infomation. If invalid of new, return an empty object
-       if ( 0 != $team_id ) {
+       if ( !empty( $team_id ) ) {
                $team_information = $MonLabo_access_data->get_team_information( $team_id );
                //If invalid ID
                if ( NULL == $team_information ) {
-                       $team_id=0;
+                       $team_id = 0;
                }
        }
-       if ( 0 == $team_id ) {
+       if ( empty( $team_id ) ) {
                $team_information = (object) Array( 'id'=>0, 'name_en'=>'', 'name_fr'=>''
                                , 'wp_post_id'=>'', 'external_url'=>'', 'descartes_publi_team_id'=>'', 'hal_publi_team_id'=>''
                                , 'logo'=>'', 'color'=>'' );
-                               $valeur_initiale = $nouvelle_equipe_string;
+               $valeur_initiale = $nouvelle_equipe_string;
+               $team_id = 0;
        } else {
                $valeur_initiale = $teams_name[$team_id];
        }
@@ -399,6 +403,13 @@ function edit_teams_form() {
                }
                $retval .= '</fieldset>';
        }
+
+       //For security
+       //------------
+       $retval .= wp_nonce_field( 'edit_teams_form', 'edit_teams_form_wpnonce', true, false );
+
+       // Validation
+       //------------
        $onclick = 'edit_team()';
        if ( $valeur_initiale != $nouvelle_equipe_string ) {
                $retval .= generate_submit_button( __( 'Modifier', 'mon-laboratoire' ), 'submit_edit_team', $onclick );
@@ -414,7 +425,6 @@ function edit_teams_form() {
 }
 
 function edit_thematics_form() {
-       $options0 = get_option( 'MonLabo_settings_group0' );
        require_once( dirname( __FILE__ ) . '/includes/inc-lib-forms.php' );
        $MonLabo_access_data = New MonLabo_access_data();
 
@@ -430,16 +440,17 @@ function edit_thematics_form() {
        $thematics_name = array( '0' => $nouvelle_thematique_string ) + $thematics_name;
 
        //Get thematic information. If invalid of new, return an empty object
-       if ( 0 != $thematic_id ) {
+       if ( !empty( $thematic_id ) ) {
                $thematic_information = $MonLabo_access_data->get_thematic_information( $thematic_id );
                //If invalid ID
                if ( NULL === $thematic_information ) {
                        $thematic_id = 0;
                }
        }
-       if ( 0 === $thematic_id ) {
+       if ( empty( $thematic_id ) ) {
                $thematic_information = (object) Array( 'id'=>0, 'name_en'=>'', 'name_fr'=>'', 'wp_post_id' => ''
                                , 'logo'=>'', 'external_url'=>'', 'hal_publi_thematic_id'=>'' );
+               $thematic_id = 0;
        }
        $valeur_initiale = $thematics_name[$thematic_id];
 
@@ -487,6 +498,13 @@ function edit_thematics_form() {
                $thematic_information->logo );
 
        $retval .= '</fieldset>';
+
+       //For security
+       //------------
+       $retval .= wp_nonce_field( 'edit_thematics_form', 'edit_thematics_form_wpnonce', true, false );
+
+       // Validation
+       //------------
        $onclick = 'edit_thematic()';
        if ( $valeur_initiale != $nouvelle_thematique_string ) {
                $retval .= generate_submit_button( __( 'Modifier', 'mon-laboratoire' ), 'submit_modify_thematic', $onclick );
@@ -516,17 +534,18 @@ function edit_unites_form() {
        $units_name = array( '0' => $nouvelle_unite_string ) + $units_name;
 
        //Get unit information. If invalid of new, return an empty object
-       if ( 0 != $unit_id ) {
+       if ( !empty( $unit_id ) ) {
                $unit_information = $MonLabo_access_data->get_unit_information( $unit_id );
                //If invalid ID
                if ( NULL == $unit_information ) {
-                       $unit_id=0;
+                       $unit_id = 0;
                }
        }
-       if ( 0 == $unit_id ) {
+       if ( empty( $unit_id ) ) {
                $unit_information = (object) Array( 'id'=>0, 'code'=>'', 'affiliations'=>''
                                , 'name_en'=>'', 'name_fr'=>'', 'wp_post_id' => ''
                                , 'external_url'=>'', 'descartes_publi_unit_id'=>'', 'hal_publi_unit_id'=>'', 'logo'=>'', 'address_alt'=>'', 'contact_alt'=>'' );
+               $unit_id = 0;
        }
        $valeur_initiale = $units_name[$unit_id];
 
@@ -604,6 +623,13 @@ function edit_unites_form() {
                $unit_information->contact_alt );
 
        $retval .= '</fieldset>';
+
+       //For security
+       //------------
+       $retval .= wp_nonce_field( 'edit_unites_form', 'edit_unites_form_wpnonce', true, false );
+
+       // Validation
+       //------------
        $onclick = 'edit_unite()';
        if ( $valeur_initiale != $nouvelle_unite_string ) {
                $retval .= generate_submit_button( __( 'Modifier', 'mon-laboratoire' ), 'submit_edit_unite', $onclick );
@@ -671,6 +697,13 @@ function edit_structure_principale_form() {
                get_MonLabo_Structure_principale_fields_comments( 'directors' ), $directors_name );
        $retval .= '<br />';
        $retval .= '</fieldset>';
+
+       //For security
+       //------------
+       $retval .= wp_nonce_field( 'edit_structure_principale_form', 'edit_structure_principale_form_wpnonce', true, false );
+
+       // Validation
+       //------------
        $retval .= generate_submit_button( __( 'Modifier', 'mon-laboratoire' ), 'submit_edit_structure_principale', '' );
        $retval .= '</div></form>';
        return $retval;
@@ -680,16 +713,15 @@ function  display_advanced_features_for_mmebers() {
        require_once( dirname( __FILE__ ) . '/includes/inc-lib-forms.php' );
        $retval=form_advanced_features_for_members_processing();
        $myurl=admin_url( 'admin.php?page=MonLabo_edit_members_and_groups&tab=tab_seven' );
+       $options2=get_option( 'MonLabo_settings_group2' );
 
        $MonLabo_access_data = New MonLabo_access_data();
-       $options2=get_option( 'MonLabo_settings_group2' );
        $retval .= '  <form class="navbar-form" id="form_creer_pages_manquantes" accept-charset="utf-8" method="post"
             enctype="multipart/form-data" action="'.$myurl.'">
             <div class="form-group">';
 
        $retval .= '<h3 id="pages_manquantes">'.__( 'Créer les pages manquantes', 'mon-laboratoire' ).'</h3>';
        $retval .= '<p>'.__( 'Cet outil peut être utile pour ceux qui auraient importé une base de personnels directement dans la base de donnée de MonLabo. Il est alors nécessaire de créer les pages WordPress de chaque membre.', 'mon-laboratoire' ).'</p>';
-       $options2 = get_option( 'MonLabo_settings_group2' );
 
        if ( ( array_key_exists( 'MonLabo_perso_page_parent', $options2 ) ) && ( !empty( $options2['MonLabo_perso_page_parent'] ) ) ) {
                $members_name_actif = $MonLabo_access_data->get_persons_information( $status='actif' );
@@ -704,6 +736,7 @@ function  display_advanced_features_for_mmebers() {
                if ( !empty( $members_without_wp_post_id ) ) {
                        $retval .= '<input type="hidden" name="create_missing_pages_submit_ids" value="'.serialize( array_keys( $members_without_wp_post_id ) ).'">';
                }
+               $retval .= wp_nonce_field( 'creer_pages_manquantes_form', 'creer_pages_manquantes_form_wpnonce', true, false );
                $retval .= generate_submit_button( __( 'Créer les pages manquantes', 'mon-laboratoire' ).' ( '.count( $members_without_wp_post_id ).' )', 'submit_creer_pages_manquantes', '' );
                $retval .= '<p>'.__( 'Les personnels suivants n\'ont pas encore de page WordPress', 'mon-laboratoire' ).' : ';
                if ( !empty( $members_without_wp_post_id ) ) {
@@ -712,15 +745,7 @@ function  display_advanced_features_for_mmebers() {
                        }
                }
        } else {
-         $retval .= MonLabo_admin::notice_message(
-               'error',
-               __( 'Erreur :', 'mon-laboratoire' ),
-               sprintf(
-                       __( "La page de rattachement des pages personnelles est mal renseignée %sdans les configurations générales%s.", 'mon-laboratoire' )
-                       , '<a href="admin.php?page=MonLabo_config&tab=tab_appearance">'
-                       , '</a>'
-                       )
-               );
+               $retval .= MonLabo_admin::error_MonLabo_perso_page_bad_parent();
        }
        $retval .= '<p></div>';
        $retval .= '</form>';
index 357a0af..a73fd49 100644 (file)
@@ -55,146 +55,151 @@ function form_edit_member_processing() {
        $membre_id = 0;
        //Vérification que le formulaire a bien été soumis
        if ( isset( $_POST['submit_first_name'] ) ) {
-               $membre_id = intval( $_POST['submit_id'] );
-               unset( $_POST['submit_id'] );
-               $action = sanitize_key( $_POST['action'] );
-               unset( $_POST['action'] );
-               if ( $action === 'edit' ) {
-                       $data = array();
-                       foreach ( $_POST as $key => $value ) {
-                               switch ( $key ) {
-                                       case 'submit_teams':
-                                       case 'submit_mentors':
-                                               if ( is_array($_POST[$key]) ) {
-                                                       foreach ( $_POST[$key] as $subkey => $subvalue ) {
-                                                               $data[str_replace( 'submit_', '', $key )][$subkey] = intval( $_POST[$key][$subkey] );
+               //Security verification by nonce
+               if( check_admin_referer( 'edit_members_form', 'edit_members_form_wpnonce' ) ) {
+                       unset( $_POST['edit_members_form_wpnonce'] );
+                       unset( $_POST['_wp_http_referer'] );
+                       $membre_id = intval( $_POST['submit_id'] );
+                       unset( $_POST['submit_id'] );
+                       $action = sanitize_key( $_POST['action'] );
+                       unset( $_POST['action'] );
+                       if ( $action === 'edit' ) {
+                               $data = array();
+                               foreach ( $_POST as $key => $value ) {
+                                       switch ( $key ) {
+                                               case 'submit_teams':
+                                               case 'submit_mentors':
+                                                       if ( is_array($_POST[$key]) ) {
+                                                               foreach ( $_POST[$key] as $subkey => $subvalue ) {
+                                                                       $data[str_replace( 'submit_', '', $key )][$subkey] = intval( $_POST[$key][$subkey] );
+                                                               }
+                                                       } else {
+                                                               $data[str_replace( 'submit_', '', $key )] = sanitize_text_field( $_POST[$key] );
                                                        }
-                                               } else {
-                                                       $data[str_replace( 'submit_', '', $key )] = sanitize_text_field( $_POST[$key] );
-                                               }
-                                               break;
-                                       default:
-                                               //echo $key.'<br />';
-                                               $data[str_replace( 'submit_', '', $key )] = getPOSTstring( $key );
-                                               break;
+                                                       break;
+                                               default:
+                                                       //echo $key.'<br />';
+                                                       $data[str_replace( 'submit_', '', $key )] = getPOSTstring( $key );
+                                                       break;
+                                       }
                                }
-                       }
-                       if ( !isset( $data['teams'] ) ) {
-                               //Si aucune équipe n'est renseignée, bien passer un tableau vide.
-                               $data['teams'] = array();
-                       }
-                       if ( !isset( $data['mentors'] ) ) {
-                               //Si aucun mentor n'est renseigné, bien passer un tableau vide.
-                               $data['mentors'] = array();
-                       }
-                       if ( !isset( $data['students'] ) ) {
-                               //Si aucun étudiant n'est renseigné, bien passer un tableau vide.
-                               $data['students'] = array();
-                       }
-                       if ( ( !empty( $data['edition_wp_post_id'] ) ) and ( $data['wp_post_id'] ) === '0' ) {
-                         //Si wp_post_id est édité, le remplacer par l'url du champs en question
-                         $data['wp_post_id'] = $data['edition_wp_post_id'];
-                       }
-                       unset( $data['edition_wp_post_id'] );
-
-                       if ( empty( $data['fonction'] ) ) {
-                         $data['fonction'] = ' |  | ';
-                       }
-                       $f = explode( ' | ', $data['fonction'] );
-                       if ( ( empty( $data['category'] ) ) and ( '' != $f[0] ) ) {
-                         $data['category'] = $f[0];
-                       }
-                       if ( !isset( $f[1] ) ) { $f[1] = ''; }
-                       if ( !isset( $f[2] ) ) { $f[2] = ''; }
-                       if ( $f[1] === '' && $f[2] === '' ) { //Si rien n'est envoyé en argument, ne pas mettre à jour.
-                         unset( $data['function_en'] );
-                         unset( $data['function_fr'] );
-                       } elseif ( $data['function_en'] === '' && $data['function_fr'] === '' ) {
-                               $data['function_en'] = $f[1];
-                               $data['function_fr'] = $f[2];
-                       }
-                       unset( $data['fonction'] );
-
-                       //Dans le cas où il n'y a qu'une unité, configurer si la personne en est ou pas le directeur
-                       $options0 = get_option( 'MonLabo_settings_group0' );
-                       if ( empty( $options0['MonLabo_uses_unites'] ) ) {
-                               if ( !empty( $data['is_director'] ) ) {
-                                       //On ajoute la personne comme directeur de la structure principale
-                                       $MonLabo_access_data->add_director_to_an_unit ( $membre_id, MAIN_STRUCT_NO_UNIT );
-                               } else {
-                                       $MonLabo_access_data->remove_director_from_an_unit( $membre_id, MAIN_STRUCT_NO_UNIT );
+                               if ( !isset( $data['teams'] ) ) {
+                                       //Si aucune équipe n'est renseignée, bien passer un tableau vide.
+                                       $data['teams'] = array();
                                }
-                       }
-                       if ( isset( $data['is_director'] ) ) {
-                               unset( $data['is_director'] );
-                       }
-                       if ( 0 === $membre_id ) { // ajout d'un membre
-                               //Création de la page personnelle
-                               //-------------------------------
-                               $options = get_option( 'MonLabo_settings_group2' );
-                               $wp_title = $data['first_name'].' '.mb_strtoupper( $data['last_name'], 'UTF-8' );
-                               $wp_post = array( 'post_content'   => '[perso_panel][publications_list]', // The full text of the post.
-                               'post_title'     => $wp_title, // The title of your post.
-                               'post_status'   => 'publish', // Default 'draft'.
-                               'post_type'       => 'page', // Default 'post'.
-                               'post_parent'   => $options['MonLabo_perso_page_parent'] // Sets the parent of the new post.
-                               );
-                               $wp_post_id = wp_insert_post( $wp_post );
-
-                               if ( ( 0 === $wp_post_id ) or ( is_wp_error( $wp_post_id ) ) )  {
-                                       return Array( MonLabo_admin::notice_message( 'error', 'Echec:', 'Impossible de créer la page personnelle.' ), NULL, NULL );
+                               if ( !isset( $data['mentors'] ) ) {
+                                       //Si aucun mentor n'est renseigné, bien passer un tableau vide.
+                                       $data['mentors'] = array();
                                }
-                               update_post_meta( $wp_post_id, '_theme_show_page_title', '0' ); //Do not show title
-
-                               //Modification de l'image en une de la page WordPress
-                               //---------------------------------------------------
-                               if ( $wp_post_id>0 ){ //Si la page existe
-                                 if ( ( '__no_change__' != $data['image_attachment_id'] ) and ( $data['image_attachment_id']>0 ) ) { //Si une nouvelle image est fournie
-                                       set_post_thumbnail( $wp_post_id, $data['image_attachment_id'] ); //Changer l'image à la une de cette page.
-                                 }
+                               if ( !isset( $data['students'] ) ) {
+                                       //Si aucun étudiant n'est renseigné, bien passer un tableau vide.
+                                       $data['students'] = array();
+                               }
+                               if ( ( !empty( $data['edition_wp_post_id'] ) ) and ( $data['wp_post_id'] ) === '0' ) {
+                                 //Si wp_post_id est édité, le remplacer par l'url du champs en question
+                                 $data['wp_post_id'] = $data['edition_wp_post_id'];
                                }
-                               unset( $data['image_attachment_id'] );
-                               unset( $data['image_attachment_url'] );
+                               unset( $data['edition_wp_post_id'] );
 
-                               // Création de la ligne dans la table MonLabo_members
-                               //---------------------------------------------------
-                               $data['wp_post_id'] = $wp_post_id;
-                               $membre_id = $MonLabo_access_data->insert_person( $data );
-
-                               return Array(
-                                                         MonLabo_admin::notice_message( 'info', '', sprintf( __( "Page %s crée.", 'mon-laboratoire' ), "<a href='".get_permalink( $wp_post_id )."'>". $wp_title . "</a>" ) ),
-                                                         NULL /*Renvoie sur un nouveau membre*/,
-                                                         $wp_post_id
-                                                       );
-
-                       } else { // édition d'un membre
-                               //Modification de l'image en une de la page WordPress
-                               //---------------------------------------------------
-                               if ( '0' != $data['wp_post_id'] ){ //Si la page existe
-                                 if ( ( '__no_change__' != $data['image_attachment_id'] ) and ( $data['image_attachment_id']>0 ) ) { //Si une nouvelle image est fournie
-                                       set_post_thumbnail( $data['wp_post_id'], $data['image_attachment_id'] ); //Changer l'image à la une de cette page.
-                                 }
+                               if ( empty( $data['fonction'] ) ) {
+                                 $data['fonction'] = ' |  | ';
+                               }
+                               $f = explode( ' | ', $data['fonction'] );
+                               if ( ( empty( $data['category'] ) ) and ( '' != $f[0] ) ) {
+                                 $data['category'] = $f[0];
+                               }
+                               if ( !isset( $f[1] ) ) { $f[1] = ''; }
+                               if ( !isset( $f[2] ) ) { $f[2] = ''; }
+                               if ( $f[1] === '' && $f[2] === '' ) { //Si rien n'est envoyé en argument, ne pas mettre à jour.
+                                 unset( $data['function_en'] );
+                                 unset( $data['function_fr'] );
+                               } elseif ( $data['function_en'] === '' && $data['function_fr'] === '' ) {
+                                       $data['function_en'] = $f[1];
+                                       $data['function_fr'] = $f[2];
+                               }
+                               unset( $data['fonction'] );
+
+                               //Dans le cas où il n'y a qu'une unité, configurer si la personne en est ou pas le directeur
+                               $options0 = get_option( 'MonLabo_settings_group0' );
+                               if ( empty( $options0['MonLabo_uses_unites'] ) ) {
+                                       if ( !empty( $data['is_director'] ) ) {
+                                               //On ajoute la personne comme directeur de la structure principale
+                                               $MonLabo_access_data->add_director_to_an_unit ( $membre_id, MAIN_STRUCT_NO_UNIT );
+                                       } else {
+                                               $MonLabo_access_data->remove_director_from_an_unit( $membre_id, MAIN_STRUCT_NO_UNIT );
+                                       }
+                               }
+                               if ( isset( $data['is_director'] ) ) {
+                                       unset( $data['is_director'] );
                                }
-                               unset( $data['image_attachment_id'] );
-                               unset( $data['image_attachment_url'] );
+                               if ( 0 === $membre_id ) { // ajout d'un membre
+                                       //Création de la page personnelle
+                                       //-------------------------------
+                                       $options = get_option( 'MonLabo_settings_group2' );
+                                       $wp_title = $data['first_name'].' '.mb_strtoupper( $data['last_name'], 'UTF-8' );
+                                       $wp_post = array( 'post_content'   => '[perso_panel][publications_list]', // The full text of the post.
+                                       'post_title'     => $wp_title, // The title of your post.
+                                       'post_status'   => 'publish', // Default 'draft'.
+                                       'post_type'       => 'page', // Default 'post'.
+                                       'post_parent'   => $options['MonLabo_perso_page_parent'] // Sets the parent of the new post.
+                                       );
+                                       $wp_post_id = wp_insert_post( $wp_post );
+
+                                       if ( ( 0 === $wp_post_id ) or ( is_wp_error( $wp_post_id ) ) )  {
+                                               return Array( MonLabo_admin::notice_message( 'error', 'Echec:', 'Impossible de créer la page personnelle.' ), NULL, NULL );
+                                       }
+                                       update_post_meta( $wp_post_id, '_theme_show_page_title', '0' ); //Do not show title
+
+                                       //Modification de l'image en une de la page WordPress
+                                       //---------------------------------------------------
+                                       if ( $wp_post_id>0 ){ //Si la page existe
+                                         if ( ( '__no_change__' != $data['image_attachment_id'] ) and ( $data['image_attachment_id']>0 ) ) { //Si une nouvelle image est fournie
+                                               set_post_thumbnail( $wp_post_id, $data['image_attachment_id'] ); //Changer l'image à la une de cette page.
+                                         }
+                                       }
+                                       unset( $data['image_attachment_id'] );
+                                       unset( $data['image_attachment_url'] );
+
+                                       // Création de la ligne dans la table MonLabo_members
+                                       //---------------------------------------------------
+                                       $data['wp_post_id'] = $wp_post_id;
+                                       $membre_id = $MonLabo_access_data->insert_person( $data );
+
+                                       return Array(
+                                                                 MonLabo_admin::notice_message( 'info', '', sprintf( __( "Page %s crée.", 'mon-laboratoire' ), "<a href='".get_permalink( $wp_post_id )."'>". $wp_title . "</a>" ) ),
+                                                                 NULL /*Renvoie sur un nouveau membre*/,
+                                                                 $wp_post_id
+                                                               );
+
+                               } else { // édition d'un membre
+                                       //Modification de l'image en une de la page WordPress
+                                       //---------------------------------------------------
+                                       if ( '0' != $data['wp_post_id'] ){ //Si la page existe
+                                         if ( ( '__no_change__' != $data['image_attachment_id'] ) and ( $data['image_attachment_id']>0 ) ) { //Si une nouvelle image est fournie
+                                               set_post_thumbnail( $data['wp_post_id'], $data['image_attachment_id'] ); //Changer l'image à la une de cette page.
+                                         }
+                                       }
+                                       unset( $data['image_attachment_id'] );
+                                       unset( $data['image_attachment_url'] );
 
-                               // Modification de la ligne dans la table MonLabo_members
-                               //-------------------------------------------------------
-                               $MonLabo_access_data->update_person( $membre_id, $data );
-                       }
-               } elseif ( 'remove' === $action ) {  // suppression d'un membre
-                       // Passage de la page personnelle en brouillon
-                       //--------------------------------------------
-                       $person_information = $MonLabo_access_data->get_person_information( $membre_id );
-                       if ( property_exists( $person_information, 'wp_post_id' ) ) {
-                               $my_post = array(
-                                       'ID'               => $person_information->wp_post_id,
-                                       'post_status'  => 'draft'
-                               );
-                               wp_update_post( $my_post );
-                               // Suppression de la ligne dans la table MonLabo_members
-                               //------------------------------------------------------
-                               $MonLabo_access_data->delete_person( $membre_id );
+                                       // Modification de la ligne dans la table MonLabo_members
+                                       //-------------------------------------------------------
+                                       $MonLabo_access_data->update_person( $membre_id, $data );
+                               }
+                       } elseif ( 'remove' === $action ) {  // suppression d'un membre
+                               // Passage de la page personnelle en brouillon
+                               //--------------------------------------------
+                               $person_information = $MonLabo_access_data->get_person_information( $membre_id );
+                               if ( property_exists( $person_information, 'wp_post_id' ) ) {
+                                       $my_post = array(
+                                               'ID'               => $person_information->wp_post_id,
+                                               'post_status'  => 'draft'
+                                       );
+                                       wp_update_post( $my_post );
+                                       // Suppression de la ligne dans la table MonLabo_members
+                                       //------------------------------------------------------
+                                       $MonLabo_access_data->delete_person( $membre_id );
+                               }
                        }
                }
        }
@@ -227,52 +232,57 @@ function form_edit_team_processing() {
                $action = sanitize_key( $_POST['action'] );
                unset( $_POST['action'] );
 
-               if ( 'edit' === $action ) {
-                       $data = array();
-                       foreach ( $_POST as $key => $value ) {
-                               switch ( $key ) {
-                                       case 'submit_leaders':
-                                       case 'submit_thematics':
-                                               if ( is_array($_POST[$key]) ) {
-                                                       foreach ( $_POST[$key] as $subkey => $subvalue ) {
-                                                               $data[str_replace( 'submit_', '', $key )][$subkey] = intval( $_POST[$key][$subkey] );
+               //Security verification by nonce
+               if( check_admin_referer( 'edit_teams_form', 'edit_teams_form_wpnonce' ) ) {
+                       unset( $_POST['edit_teams_form_wpnonce'] );
+                       unset( $_POST['_wp_http_referer'] );
+                       if ( 'edit' === $action ) {
+                               $data = array();
+                               foreach ( $_POST as $key => $value ) {
+                                       switch ( $key ) {
+                                               case 'submit_leaders':
+                                               case 'submit_thematics':
+                                                       if ( is_array($_POST[$key]) ) {
+                                                               foreach ( $_POST[$key] as $subkey => $subvalue ) {
+                                                                       $data[str_replace( 'submit_', '', $key )][$subkey] = intval( $_POST[$key][$subkey] );
+                                                               }
+                                                       } else {
+                                                               $data[str_replace( 'submit_', '', $key )] = sanitize_text_field( $_POST[$key] );
                                                        }
-                                               } else {
-                                                       $data[str_replace( 'submit_', '', $key )] = sanitize_text_field( $_POST[$key] );
-                                               }
-                                               break;
-                                       default:
-                                               $data[str_replace( 'submit_', '', $key )] = getPOSTstring( $key );
-                                               break;
+                                                       break;
+                                               default:
+                                                       $data[str_replace( 'submit_', '', $key )] = getPOSTstring( $key );
+                                                       break;
+                                       }
+                               }
+                               if ( !isset( $data['leaders'] ) ) {
+                                       //Si aucun leader n'est renseigné, bien passer un tableau vide.
+                                       $data['leaders'] = array();
+                               }
+                               if ( !isset( $data['thematics'] ) ) {
+                                       //Si aucune thematique n'est renseignée, bien passer un tableau vide.
+                                       $data['thematics'] = array();
                                }
-                       }
-                       if ( !isset( $data['leaders'] ) ) {
-                               //Si aucun leader n'est renseigné, bien passer un tableau vide.
-                               $data['leaders'] = array();
-                       }
-                       if ( !isset( $data['thematics'] ) ) {
-                               //Si aucune thematique n'est renseignée, bien passer un tableau vide.
-                               $data['thematics'] = array();
-                       }
 
-                       if ( 0 === $team_id ) { // ajout d'une équipe
-                               // Création de la ligne dans la table MonLabo_teams
-                               $team_id_if_created = $MonLabo_access_data->insert_team( $data );
-                               return Array(
-                                                         MonLabo_admin::notice_message( 'info', '', sprintf( __( 'Nouvelle équipe crée (ID=%u).', 'mon-laboratoire' ), $team_id_if_created ) ),
-                                                         NULL /*Renvoie sur une nouvelle équipe */,
-                                                         $team_id_if_created
-                                                       );
-                       } else { // éditon d'une équipe
-                               // Modification de la ligne dans la table MonLabo_teams
-                               //-----------------------------------------------------
-                               $MonLabo_access_data->update_team( $team_id, $data );
-                       }
-               } else {
-                       if ( 'remove' === $action ) {  // suppression d'un membre
-                               // Suppression de la ligne dans la table MonLabo_teams
-                               //----------------------------------------------------
-                               $MonLabo_access_data->delete_team( $team_id );
+                               if ( 0 === $team_id ) { // ajout d'une équipe
+                                       // Création de la ligne dans la table MonLabo_teams
+                                       $team_id_if_created = $MonLabo_access_data->insert_team( $data );
+                                       return Array(
+                                                                 MonLabo_admin::notice_message( 'info', '', sprintf( __( 'Nouvelle équipe crée (ID=%u).', 'mon-laboratoire' ), $team_id_if_created ) ),
+                                                                 NULL /*Renvoie sur une nouvelle équipe */,
+                                                                 $team_id_if_created
+                                                               );
+                               } else { // éditon d'une équipe
+                                       // Modification de la ligne dans la table MonLabo_teams
+                                       //-----------------------------------------------------
+                                       $MonLabo_access_data->update_team( $team_id, $data );
+                               }
+                       } else {
+                               if ( 'remove' === $action ) {  // suppression d'un membre
+                                       // Suppression de la ligne dans la table MonLabo_teams
+                                       //----------------------------------------------------
+                                       $MonLabo_access_data->delete_team( $team_id );
+                               }
                        }
                }
        }
@@ -304,29 +314,35 @@ function form_edit_thematic_processing() {
                unset( $_POST['submit_id'] );
                $action = sanitize_key( $_POST['action'] );
                unset( $_POST['action'] );
-               if ( 'edit' === $action ) {
-                       $data = array();
-                       foreach ( $_POST as $key => $value ) {
-                               $data[str_replace( 'submit_', '', $key )] = getPOSTstring( $key );
-                       }
-                       if ( 0 === $thematic_id ) { // ajout d'une thématique
-                               // Création de la ligne dans la table MonLabo_thematics
-                               //-------------------------------------------------------
-                               $thematic_id_if_created = $MonLabo_access_data->insert_thematic( $data );
-                               return Array(
-                                                         MonLabo_admin::notice_message( 'info', '', sprintf( __( 'Nouvelle thématique crée (ID=%u).', 'mon-laboratoire' ), $thematic_id_if_created ) ),
-                                                         NULL /*Renvoie sur une nouvelle thématique*/,
-                                                         $thematic_id_if_created
-                                                       );
-                       } else {
-                               // Modification de la ligne dans la table MonLabo_thematics
-                               //-----------------------------------------------------------
-                               $MonLabo_access_data->update_thematic( $thematic_id, $data );
+
+               //Security verification by nonce
+               if( check_admin_referer( 'edit_thematics_form', 'edit_thematics_form_wpnonce' ) ) {
+                       unset( $_POST['edit_thematics_form_wpnonce'] );
+                       unset( $_POST['_wp_http_referer'] );
+                       if ( 'edit' === $action ) {
+                               $data = array();
+                               foreach ( $_POST as $key => $value ) {
+                                       $data[str_replace( 'submit_', '', $key )] = getPOSTstring( $key );
+                               }
+                               if ( 0 === $thematic_id ) { // ajout d'une thématique
+                                       // Création de la ligne dans la table MonLabo_thematics
+                                       //-------------------------------------------------------
+                                       $thematic_id_if_created = $MonLabo_access_data->insert_thematic( $data );
+                                       return Array(
+                                                                 MonLabo_admin::notice_message( 'info', '', sprintf( __( 'Nouvelle thématique crée (ID=%u).', 'mon-laboratoire' ), $thematic_id_if_created ) ),
+                                                                 NULL /*Renvoie sur une nouvelle thématique*/,
+                                                                 $thematic_id_if_created
+                                                               );
+                               } else {
+                                       // Modification de la ligne dans la table MonLabo_thematics
+                                       //-----------------------------------------------------------
+                                       $MonLabo_access_data->update_thematic( $thematic_id, $data );
+                               }
+                       } elseif ( 'remove' === $action ) {  // suppression d'un membre
+                                       // Suppression de la ligne dans la table MonLabo_thematics
+                                       //----------------------------------------------------------
+                                       $MonLabo_access_data->delete_thematic( $thematic_id );
                        }
-               } elseif ( 'remove' === $action ) {  // suppression d'un membre
-                               // Suppression de la ligne dans la table MonLabo_thematics
-                               //----------------------------------------------------------
-                               $MonLabo_access_data->delete_thematic( $thematic_id );
                }
        }
        //En cas de rechargement de la page, récupérer le paramètre dans l'URL
@@ -358,47 +374,52 @@ function form_edit_unite_processing() {
                $action = sanitize_key( $_POST['action'] );
                unset( $_POST['action'] );
 
-               if ( 'edit' === $action ) {
-                       $data = array();
-                       foreach ( $_POST as $key => $value ) {
-                               switch ( $key ) {
-                                       case 'submit_directors':
-                                               if ( is_array($_POST[$key]) ) {
-                                                       foreach ( $_POST[$key] as $subkey => $subvalue ) {
-                                                               $data[str_replace( 'submit_', '', $key )][$subkey] = intval( $_POST[$key][$subkey] );
+               //Security verification by nonce
+               if( check_admin_referer( 'edit_unites_form', 'edit_unites_form_wpnonce' ) ) {
+                       unset( $_POST['edit_unites_form_wpnonce'] );
+                       unset( $_POST['_wp_http_referer'] );
+                       if ( 'edit' === $action ) {
+                               $data = array();
+                               foreach ( $_POST as $key => $value ) {
+                                       switch ( $key ) {
+                                               case 'submit_directors':
+                                                       if ( is_array($_POST[$key]) ) {
+                                                               foreach ( $_POST[$key] as $subkey => $subvalue ) {
+                                                                       $data[str_replace( 'submit_', '', $key )][$subkey] = intval( $_POST[$key][$subkey] );
+                                                               }
+                                                       } else {
+                                                               $data[str_replace( 'submit_', '', $key )] = sanitize_text_field( $_POST[$key] );
                                                        }
-                                               } else {
-                                                       $data[str_replace( 'submit_', '', $key )] = sanitize_text_field( $_POST[$key] );
-                                               }
-                                               break;
-                                       default:
-                                               $data[str_replace( 'submit_', '', $key )] = getPOSTstring( $key );
-                                               break;
+                                                       break;
+                                               default:
+                                                       $data[str_replace( 'submit_', '', $key )] = getPOSTstring( $key );
+                                                       break;
+                                       }
+                               }
+                               if ( !isset( $data['directors'] ) ) {
+                                       //Si aucun directeur n'est renseigné, bien passer un tableau vide.
+                                       $data['directors'] = array();
                                }
-                       }
-                       if ( !isset( $data['directors'] ) ) {
-                               //Si aucun directeur n'est renseigné, bien passer un tableau vide.
-                               $data['directors'] = array();
-                       }
 
-                       if ( 0 === $unite_id ) { // ajout d'une unité
-                               // Création de la ligne dans la table MonLabo_units
-                               //-------------------------------------------------------
-                               $unit_id_if_created = $MonLabo_access_data->insert_unit( $data );
-                               return Array(
-                                                         MonLabo_admin::notice_message( 'info', '', sprintf( __( 'Nouvelle unité crée (ID=%u).', 'mon-laboratoire' ), $unit_id_if_created ) ),
-                                                         NULL /*Renvoie sur une nouvelle unité */,
-                                                         $unit_id_if_created
-                                                       );
-                       } else {
-                               // Modification de la ligne dans la table MonLabo_units
-                               //-----------------------------------------------------------
-                               $MonLabo_access_data->update_unit( $unite_id, $data );
+                               if ( 0 === $unite_id ) { // ajout d'une unité
+                                       // Création de la ligne dans la table MonLabo_units
+                                       //-------------------------------------------------------
+                                       $unit_id_if_created = $MonLabo_access_data->insert_unit( $data );
+                                       return Array(
+                                                                 MonLabo_admin::notice_message( 'info', '', sprintf( __( 'Nouvelle unité crée (ID=%u).', 'mon-laboratoire' ), $unit_id_if_created ) ),
+                                                                 NULL /*Renvoie sur une nouvelle unité */,
+                                                                 $unit_id_if_created
+                                                               );
+                               } else {
+                                       // Modification de la ligne dans la table MonLabo_units
+                                       //-----------------------------------------------------------
+                                       $MonLabo_access_data->update_unit( $unite_id, $data );
+                               }
+                       } elseif ( 'remove' === $action ) {  // suppression d'un membre
+                                       // Suppression de la ligne dans la table MonLabo_units
+                                       //----------------------------------------------------------
+                                       $MonLabo_access_data->delete_unit( $unite_id );
                        }
-               } elseif ( 'remove' === $action ) {  // suppression d'un membre
-                               // Suppression de la ligne dans la table MonLabo_units
-                               //----------------------------------------------------------
-                               $MonLabo_access_data->delete_unit( $unite_id );
                }
        }
        //En cas de rechargement de la page, récupérer le paramètre dans l'URL
@@ -418,45 +439,50 @@ function form_edit_structure_principale_processing() {
        //Vérification que le formulaire a bien été soumis
        if ( isset( $_POST['submit_nom'] ) ) {
                unset( $_POST['not_used'] );
-               $options1 = get_option( 'MonLabo_settings_group1' );
-               $data = array();
-               foreach ( $_POST as $key => $value ) {
-                       switch ( $key ) {
-                               case 'submit_nom':
-                               case 'submit_code':
-                               case 'submit_prefixe_tel':
-                               case 'submit_hal_publi_struct_id':
-                                       $options1[str_replace( 'submit_', 'MonLabo_', $key )] = sanitize_text_field( $value );
-                                       break;
-                               case 'submit_contact':
-                               case 'submit_adresse':
-                                       $options1[str_replace( 'submit_', 'MonLabo_', $key )] = sanitize_textarea_field( $value );
-                                       break;
+               //Security verification by nonce
+               if( check_admin_referer( 'edit_structure_principale_form', 'edit_structure_principale_form_wpnonce' ) ) {
+                       unset( $_POST['edit_structure_principale_form_wpnonce'] );
+                       unset( $_POST['_wp_http_referer'] );
+                       $options1 = get_option( 'MonLabo_settings_group1' );
+                       $data = array();
+                       foreach ( $_POST as $key => $value ) {
+                               switch ( $key ) {
+                                       case 'submit_nom':
+                                       case 'submit_code':
+                                       case 'submit_prefixe_tel':
+                                       case 'submit_hal_publi_struct_id':
+                                               $options1[str_replace( 'submit_', 'MonLabo_', $key )] = sanitize_text_field( $value );
+                                               break;
+                                       case 'submit_contact':
+                                       case 'submit_adresse':
+                                               $options1[str_replace( 'submit_', 'MonLabo_', $key )] = sanitize_textarea_field( $value );
+                                               break;
+                               }
                        }
-               }
 
-               update_option( 'MonLabo_settings_group1', $options1 );
-               $options1 = get_option( 'MonLabo_settings_group1' );
+                       update_option( 'MonLabo_settings_group1', $options1 );
+                       $options1 = get_option( 'MonLabo_settings_group1' );
 
-               //Gestion des directeurs
-               $MonLabo_access_data = New MonLabo_access_data();
-               $data = array();
-               if ( !isset( $_POST['submit_directors'] ) ) {
-                       //Si aucun directeur n'est renseigné, bien passer un tableau vide.
-                       $data['directors'] = array();
-               } else {
-                       if (is_array( $_POST['submit_directors'] ) ) {
-                               foreach ( $_POST['submit_directors'] as $key => $value) {
-                                       $data['directors'][$key]= intval( $value );
-                               }
+                       //Gestion des directeurs
+                       $MonLabo_access_data = New MonLabo_access_data();
+                       $data = array();
+                       if ( !isset( $_POST['submit_directors'] ) ) {
+                               //Si aucun directeur n'est renseigné, bien passer un tableau vide.
+                               $data['directors'] = array();
                        } else {
-                               $data['directors']= sanitize_text_field( $_POST['submit_directors'] );
+                               if (is_array( $_POST['submit_directors'] ) ) {
+                                       foreach ( $_POST['submit_directors'] as $key => $value) {
+                                               $data['directors'][$key]= intval( $value );
+                                       }
+                               } else {
+                                       $data['directors']= sanitize_text_field( $_POST['submit_directors'] );
+                               }
                        }
-               }
 
-               // Modification de la ligne dans la table MonLabo_units
-               //-----------------------------------------------------------
-               $MonLabo_access_data->update_unit( MAIN_STRUCT_NO_UNIT, $data );
+                       // Modification de la ligne dans la table MonLabo_units
+                       //-----------------------------------------------------------
+                       $MonLabo_access_data->update_unit( MAIN_STRUCT_NO_UNIT, $data );
+               }
        }
 }
 
@@ -466,50 +492,56 @@ function form_edit_structure_principale_processing() {
 function form_advanced_features_for_members_processing() {
   $retval = '';
   if ( isset( $_POST['create_missing_pages_submit_ids'] ) ) {
-       $ids_to_create_page = ( unserialize( sanitize_text_field( $_POST['create_missing_pages_submit_ids'] ) ) );
-       if ( !empty( $ids_to_create_page ) ) {
-         foreach ( $ids_to_create_page as $id ) {
-               $id = intval( $id );
-               if ( !empty( $id ) ) {
-                 $MonLabo_access_data = New MonLabo_access_data();
-                 $member = $MonLabo_access_data->get_person_information( $id );
-                 if ( !empty( $member ) ) {
-
-
-                       //Création de la page personnelle
-                       //-------------------------------
-                       $options2 = get_option( 'MonLabo_settings_group2' );
-                       $wp_title = $member->first_name.' '.mb_strtoupper( $member->last_name, 'UTF-8' );
-                       $wp_post = array( 'post_content'   => '[perso_panel][publications_list]', // The full text of the post.
-                       'post_title'     => $wp_title, // The title of your post.
-                       'post_status'   => 'publish', // Default 'draft'.
-                       'post_type'       => 'page', // Default 'post'.
-                       'post_parent'   => $options2['MonLabo_perso_page_parent'] // Sets the parent of the new post.
-                       );
-
-                       $wp_post_id = wp_insert_post( $wp_post );
-                       $retval .=   MonLabo_admin::notice_message(
-                               'info',
-                               '',
-                               sprintf( __( 'Page de personnel crée (%s - %s)', 'mon-laboratoire' ),
-                               $wp_title,
-                               "<a href='".get_edit_post_link( $wp_post_id )."'>".__( 'éditer la page', 'mon-laboratoire'
-                       ).'</a>' ) );
-                       if ( ( 0 === $wp_post_id ) or ( is_wp_error( $wp_post_id ) ) )  {
-                               return MonLabo_admin::notice_message( 'error', 'Echec:', 'Impossible de créer la page personnelle.' );
-                       }
-                       update_post_meta( $wp_post_id, '_theme_show_page_title', '0' ); //Do not show title
+       //Security verification by nonce
+       if( check_admin_referer( 'creer_pages_manquantes_form', 'creer_pages_manquantes_form_wpnonce' ) ) {
+               unset( $_POST['creer_pages_manquantes_form_wpnonce'] );
+               unset( $_POST['_wp_http_referer'] );
 
-                       // Modification de la ligne dans la table MonLabo_members
-                       //-------------------------------------------------------
-                       $data = array();
-                       $data['id'] = $id;
-                       $data['wp_post_id'] = $wp_post_id;
-                       $MonLabo_access_data->update_person( $id, $data );
+               $ids_to_create_page = ( unserialize( sanitize_text_field( $_POST['create_missing_pages_submit_ids'] ) ) );
+               if ( !empty( $ids_to_create_page ) ) {
+                 foreach ( $ids_to_create_page as $id ) {
+                       $id = intval( $id );
+                       if ( !empty( $id ) ) {
+                         $MonLabo_access_data = New MonLabo_access_data();
+                         $member = $MonLabo_access_data->get_person_information( $id );
+                         if ( !empty( $member ) ) {
+
+
+                               //Création de la page personnelle
+                               //-------------------------------
+                               $options2 = get_option( 'MonLabo_settings_group2' );
+                               $wp_title = $member->first_name.' '.mb_strtoupper( $member->last_name, 'UTF-8' );
+                               $wp_post = array( 'post_content'   => '[perso_panel][publications_list]', // The full text of the post.
+                               'post_title'     => $wp_title, // The title of your post.
+                               'post_status'   => 'publish', // Default 'draft'.
+                               'post_type'       => 'page', // Default 'post'.
+                               'post_parent'   => $options2['MonLabo_perso_page_parent'] // Sets the parent of the new post.
+                               );
+
+                               $wp_post_id = wp_insert_post( $wp_post );
+                               $retval .=   MonLabo_admin::notice_message(
+                                       'info',
+                                       '',
+                                       sprintf( __( 'Page de personnel crée (%s - %s)', 'mon-laboratoire' ),
+                                       $wp_title,
+                                       "<a href='".get_edit_post_link( $wp_post_id )."'>".__( 'éditer la page', 'mon-laboratoire'
+                               ).'</a>' ) );
+                               if ( ( 0 === $wp_post_id ) or ( is_wp_error( $wp_post_id ) ) )  {
+                                       return MonLabo_admin::notice_message( 'error', 'Echec:', 'Impossible de créer la page personnelle.' );
+                               }
+                               update_post_meta( $wp_post_id, '_theme_show_page_title', '0' ); //Do not show title
+
+                               // Modification de la ligne dans la table MonLabo_members
+                               //-------------------------------------------------------
+                               $data = array();
+                               $data['id'] = $id;
+                               $data['wp_post_id'] = $wp_post_id;
+                               $MonLabo_access_data->update_person( $id, $data );
 
+                         }
+                       }
                  }
                }
-         }
        }
   }
   return $retval;
index 507d59a..500e519 100644 (file)
@@ -130,8 +130,7 @@ function generate_table_admin_for_teams() {
        if ( '0' != $number_of_teams ) {
                foreach ( $teams_information as $team_information ) {
                        $team_array = array();
-                       $team_array['modifier'] = '<form method="post" action="admin.php?page=MonLabo_edit_members_and_groups&tab=tab_two">'
-                                                                       .'<input type="hidden" name="submit_equipe" value="'.$team_information->id.'">'
+                       $team_array['modifier'] = '<form method="post" action="admin.php?page=MonLabo_edit_members_and_groups&tab=tab_two&submit_item='.$team_information->id.'">'
                                                                        .'<button type="submit">'.__( 'Modifier', 'mon-laboratoire' ).'</button></form>';
                        $team_array['id'] = $team_information->id;
                        $team_array['name_fr'] = '<small>'.$team_information->name_fr.'</small>';
@@ -204,8 +203,7 @@ function generate_table_admin_for_thematics() {
        if ( '0' != $number_of_thematics ) {
                foreach ( $thematics_information as $thematic_information ) {
                        $thematic_array = array();
-                       $thematic_array['modifier'] = '<form method="post" action="admin.php?page=MonLabo_edit_members_and_groups&tab=tab_three">'
-                                                                       .'<input type="hidden" name="submit_thematic" value="'.$thematic_information->id.'">'
+                       $thematic_array['modifier'] = '<form method="post" action="admin.php?page=MonLabo_edit_members_and_groups&tab=tab_three&submit_item='.$thematic_information->id.'">'
                                                                        .'<button type="submit">'.__( 'Modifier', 'mon-laboratoire' ).'</button></form>';
                        $thematic_array['id'] = $thematic_information->id;
                        $thematic_array['name_fr'] = '<small>'.$thematic_information->name_fr.'</small>';
@@ -270,8 +268,7 @@ function generate_table_admin_for_units() {
        if ( '0' != $number_of_units ) {
                foreach ( $units_information as $unit_information ) {
                        $unit_array = array();
-                       $unit_array['modifier'] = '<form method="post" action="admin.php?page=MonLabo_edit_members_and_groups&tab=tab_four">'
-                                                                       .'<input type="hidden" name="submit_unite" value="'.$unit_information->id.'">'
+                       $unit_array['modifier'] = '<form method="post" action="admin.php?page=MonLabo_edit_members_and_groups&tab=tab_four&submit_item='.$unit_information->id.'">'
                                                                        .'<button type="submit">'.__( 'Modifier', 'mon-laboratoire' ).'</button></form>';
                        $unit_array['id'] = $unit_information->id;
                        $unit_array['name_fr'] = '<small>'.$unit_information->name_fr.'</small>';
index bef1410..59f1b79 100644 (file)
@@ -53,7 +53,7 @@ Voici un fichier avec les TODO et les changelog complets.
     * DONE : Vérifier chaque data in ou out https://codex.wordpress.org/Data_Validation
         * sécuriser \$_(POST|GET|REQUEST) sanitize, validate, and escape all POST/GET/REQUEST
             * Using stripslashes or strip_tags is rarely enough. The ultimate goal is that invalid and unsafe data is never processed, saved, or displayed. Clean everything, check everything, escape everything, and never trust the users to always have input sane data.
-    * Nonces #Nonces All actions that accept POST data should be secured with a nonce to prevent unauthorized access.
+    * DONE : Nonces #Nonces All actions that accept POST data should be secured with a nonce to prevent unauthorized access.
         * https://codex.wordpress.org/WordPress_Nonces
     * Plugin Handbook : https://developer.wordpress.org/plugins/
 
@@ -79,7 +79,10 @@ Remember, check_admin_referer alone is not bulletproof security. Do not rely on
 == Changelog ==
 
 = 3.1 =
-* CODE : Secure ajax code with a nonce
+* CODE : Secure ajax code with a nonce to prevent unauthorized access
+* CODE : Secure all actions that accept POST with a nonce to prevent unauthorized access
+* BUG : Suppress php warnings that occur when creating new person, team, thematic or unit.
+* BUG : Correct bad redirection of buttons for modifying teams, thematics or units in the admin tab "table view"
 
 = 3.0.4 =
 (GIT tag v3.0.4)