From b69a150290b78211c78d032343a03f50ceec8dc5 Mon Sep 17 00:00:00 2001
From: Julio <gugli100@gmail.com>
Date: Wed, 18 Dec 2019 08:38:05 +0100
Subject: [PATCH] Justification: check code is unique.

---
 plugin/justification/add.php  | 32 +++++++++++++++++++++++---------
 plugin/justification/edit.php | 31 ++++++++++++++++++++++---------
 2 files changed, 45 insertions(+), 18 deletions(-)

diff --git a/plugin/justification/add.php b/plugin/justification/add.php
index e6d0c5bf9b..9f5cb6e357 100644
--- a/plugin/justification/add.php
+++ b/plugin/justification/add.php
@@ -22,15 +22,29 @@ $form->addButtonSave(get_lang('Save'));
 if ($form->validate()) {
     $values = $form->getSubmitValues();
     $dateManual = isset($values['date_manual_on']) ? 1 : 0;
-    $params = [
-        'name' => $values['name'],
-        'code' => $values['code'],
-        'validity_duration' => $values['validity_duration'],
-        'date_manual_on' => $dateManual,
-        'comment' => $values['comment'],
-    ];
-    Database::insert('justification_document', $params);
-    Display::addFlash(get_lang('Saved'));
+
+    $cleanedCode = api_replace_dangerous_char($values['code']);
+    $code = Database::escape_string($cleanedCode);
+
+    $sql = "SELECT * FROM justification_document WHERE code = '$code' ";
+    $result = Database::query($sql);
+    $data = Database::fetch_array($result);
+    $message = Display::return_message(get_lang('ThisCodeAlradyExists'), 'warning');
+
+    if (empty($data)) {
+        $params = [
+            'name' => $values['name'],
+            'code' => $cleanedCode,
+            'validity_duration' => $values['validity_duration'],
+            'date_manual_on' => $dateManual,
+            'comment' => $values['comment'],
+        ];
+        Database::insert('justification_document', $params);
+        $message = Display::return_message(get_lang('Saved'));
+    }
+
+    Display::addFlash($message);
+
     $url = api_get_path(WEB_PLUGIN_PATH).'justification/list.php?';
     header('Location: '.$url);
     exit;
diff --git a/plugin/justification/edit.php b/plugin/justification/edit.php
index aee523fed3..747ad27052 100644
--- a/plugin/justification/edit.php
+++ b/plugin/justification/edit.php
@@ -31,15 +31,28 @@ $form->setDefaults($justification);
 
 if ($form->validate()) {
     $values = $form->getSubmitValues();
-    $params = [
-        'name' => $values['name'],
-        'code' => $values['code'],
-        'validity_duration' => $values['validity_duration'],
-        'date_manual_on' => (int) $values['date_manual_on'],
-        'comment' => $values['comment'],
-    ];
-    Database::update('justification_document', $params, ['id = ?' => $id]);
-    Display::addFlash(get_lang('Saved'));
+    $cleanedCode = api_replace_dangerous_char($values['code']);
+    $code = Database::escape_string($cleanedCode);
+
+    $sql = "SELECT * FROM justification_document WHERE code = '$code' AND id <> $id";
+    $result = Database::query($sql);
+    $data = Database::fetch_array($result);
+    $message = Display::return_message(get_lang('ThisCodeAlradyExists'), 'warning');
+    if (empty($data)) {
+        $params = [
+            'name' => $values['name'],
+            'code' => $cleanedCode,
+            'validity_duration' => $values['validity_duration'],
+            'date_manual_on' => (int) $values['date_manual_on'],
+            'comment' => $values['comment'],
+        ];
+
+        Database::update('justification_document', $params, ['id = ?' => $id]);
+        $message = Display::return_message(get_lang('Saved'));
+    }
+
+    Display::addFlash($message);
+
     $url = api_get_path(WEB_PLUGIN_PATH).'justification/list.php?';
     header('Location: '.$url);
     exit;