fix(core): fix CSRF check

Author: stonebuzz

front/surveytranslation.form.php

@@ -0,0 +1,48 @@
+<?php
+/*
+ * @version $Id: HEADER 15930 2011-10-30 15:47:55Z tsmr $
+ -------------------------------------------------------------------------
+ satisfaction plugin for GLPI
+ Copyright (C) 2016-2022 by the satisfaction Development Team.
+
+ https://github.com/pluginsglpi/satisfaction
+ -------------------------------------------------------------------------
+
+ LICENSE
+
+ This file is part of satisfaction.
+
+ satisfaction is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ satisfaction is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with satisfaction. If not, see <http://www.gnu.org/licenses/>.
+ --------------------------------------------------------------------------
+ */
+
+include('../../../inc/includes.php');
+
+if (!isset($_POST['survey_id']) || !isset($_POST['action'])) {
+    exit();
+}
+
+$redirection = Plugin::getWebDir('satisfaction')."/front/survey.form.php?id=";
+$translation = new PluginSatisfactionSurveyTranslation();
+switch($_POST['action']){
+    case 'NEW':
+       $translation->newSurveyTranslation($_POST);
+       Html::redirect($redirection.$_POST['survey_id']);
+       break;
+
+    case 'EDIT':
+       $translation->editSurveyTranslation($_POST);
+       Html::redirect($redirection.$_POST['survey_id']);
+       break;
+}

inc/surveytranslation.class.php

@@ -368,7 +368,7 @@ function getQuestionDropdown($surveyId){
    function getFormHeader($translationID, $surveyID){
 
       global $CFG_GLPI;
-      $target = Plugin::getWebDir('satisfaction')."/ajax/surveytranslation.form.php";
+      $target = Plugin::getWebDir('satisfaction')."/front/surveytranslation.form.php";
 
       $result = "<form name='form' method='post' action='$target' enctype='multipart/form-data'>";
       $result.= Html::hidden('survey_id', ['value' =>$surveyID]);

inc/surveytranslation.dao.php

@@ -115,7 +115,7 @@ static function newSurveyTranslation($surveyId, $questionId, $language, $value){
       $query .= " VALUES(".$surveyId.",".$questionId.",'".$language."','".$value."')";
 
       if($DB->query($query)){
-         return $DB->insert_id();
+         return $DB->insertId();
       }else{
          return null;
       }