Commit abdc61d4 authored by Chenu Denis's avatar Chenu Denis

Merge branch '2.06lts' of https://github.com/LimeSurvey/LimeSurvey.git into 2.06_SondagesPro

  Release 2.6.7-lts Build 171212
  Dev: Remove 'Previous' button on administrator page (installer)
  Dev: Some clean-up in installer
  Dev: Restore old 2.06 password hash method
  Dev: Only write config file when installation is completely done
  Dev: Add missing method setPassword() to User model (hash correct?)
  Dev: Replace 'optional settings' with 'administrator settings' (not optional anymore)
  Fixed issue: [security] Vulnerability in installer
  Release 2.6.6-lts Build 171111
  Fixed issue: [Security] Possible XSS in Resume later function (found and reported by Robin Peraglie from RIPS Technologies www.ripstech.com )
  Release 2.6.5-lts Build 171018
  Fixed issue: Error on update for some token tables
parents 6f947a8c ae5c4b9b
......@@ -11,9 +11,9 @@
* See COPYRIGHT.php for copyright notices and details.
*/
$config['versionnumber'] = "2.6.4";
$config['versionnumber'] = "2.6.7";
$config['dbversionnumber'] = 184;
$config['buildnumber'] = 'SondagesPro 1.6.0';
$config['buildnumber'] = 'SondagesPro 1.6.1';
$config['updatable'] = false;
return $config;
......@@ -1471,9 +1471,9 @@ function upgradeTokenTables179()
}
$oDB->createCommand("UPDATE {$sTableName} set email={$sSubstringCommand}(email,1,254)")->execute();
try { setTransactionBookmark(); $oDB->createCommand()->dropIndex("idx_{$sTableName}_efl",$sTableName); } catch(Exception $e) { rollBackToTransactionBookmark();}
alterColumn($sTableName, 'email', "string(254)");
alterColumn($sTableName, 'firstname', "string(150)");
alterColumn($sTableName, 'lastname', "string(150)");
try { setTransactionBookmark(); alterColumn($sTableName, 'email', "string(254)"); } catch(Exception $e) { rollBackToTransactionBookmark();}
try { setTransactionBookmark(); alterColumn($sTableName, 'firstname', "string(150)"); } catch(Exception $e) { rollBackToTransactionBookmark();}
try { setTransactionBookmark(); alterColumn($sTableName, 'lastname', "string(150)"); } catch(Exception $e) { rollBackToTransactionBookmark();}
}
}
}
......
......@@ -148,6 +148,11 @@ class Save {
$errormsg .= gT("This name has already been used for this survey. You must use a unique save name.")."<br />\n";
return;
}
elseif (!empty($_POST['saveemail']) && !validateEmailAddress($_POST['saveemail'])) // Check if the email address is valid
{
$errormsg .= gT("This is not a valid email address. Please provide a valid email address or leave it empty.")."<br />\n";
return;
}
else
{
//INSERT BLANK RECORD INTO "survey_x" if one doesn't already exist
......
......@@ -292,4 +292,21 @@ class User extends LSActiveRecord
'permissions' => array(self::HAS_MANY, 'Permission', 'uid')
);
}
/**
* Set user password with hash
*
* @param string $sPassword The clear text password
* @return \User
*/
public function setPassword($sPassword, $save = false)
{
// NB: Different method in 2.06 vs 2.73/3.0.
$sPasswordHash = hash('sha256', $sPassword);
$this->password = $sPasswordHash;
if ($save) {
$this->save();
}
return $this; // Return current object
}
}
......@@ -31,14 +31,15 @@
</td>
<td><?php echo $oResult->identifier; ?></td>
<td><?php echo $oResult->ip; ?></td>
<td><?php echo $oResult->saved_date; ?></td>
<td><a href='mailto: <?php echo $oResult->email; ?>'> <?php echo $oResult->email; ?></td>
<td><?php echo htmlspecialchars($oResult->identifier); ?></td>
<td><?php echo $oResult->ip; ?></td>
<td><?php echo $oResult->saved_date; ?></td>
<td><?php echo CHtml::link(htmlspecialchars($oResult->email),'mailto:'.htmlspecialchars($oResult->email)); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<br />&nbsp;
</p>
\ No newline at end of file
</tr>
<?php } ?>
</tbody>
</table>
<br />&nbsp;
</p>
</div></div></div>
......@@ -76,9 +76,7 @@
?>
</fieldset>
<div class="row navigator">
<div class="span3">
<input class="btn" type="button" value="<?php eT("Previous"); ?>" onclick="javascript: window.open('<?php echo $this->createUrl("installer/welcome"); ?>', '_top')" />
</div>
<div class="span3"></div>
<div class="span3"></div>
<div class="span3">
<?php echo CHtml::submitButton(gT("Next"), array('class' => 'btn')); ?>
......
......@@ -31,6 +31,6 @@
<?php eT("Database settings"); ?>
</li>
<li class="<?php echo $classesForStep[5]; ?>">
<?php eT("Optional settings"); ?>
<?php eT("Administrator settings"); ?>
</li>
</ol>
......@@ -59,6 +59,22 @@ Thank you to everyone who helped with this new release!
CHANGE LOG
------------------------------------------------------
Changes from 2.6.6LTS (build 171111) to 2.6.7LTS (build 171208) Feb 23, 2018
Fixed issue: [security] Vulnerability in installer (found and reported by Nguyen Van Tien Thanh from Viettel Cyber Security Center, https://blog.yeuchimse.com )
Changes from 2.6.5LTS (build 171018) to 2.6.6LTS (build 171111) Nov 11, 2017
Fixed issue: [Security] Possible XSS in Resume later function (found and reported by Robin Peraglie from RIPS Technologies www.ripstech.com )
Changes from 2.6.4LTS (build 170202) to 2.6.5LTS (build 171018) Oct 18, 2017
-Fixed issue #12234: [security] XSS in browse response (Denis Chenu)
-Fixed issue #12234: [security] XSS in upload files (Denis Chenu)
-Fixed issue: Adding missing 'Permission::model()->' to the permissions check in remote control export_timeline function (Stefan Verweij)
-Fixed issue: Avoid very rare possible duplicate id on a page (LouisGac)
-Fixed issue: Database integrity tool not working (Andrés Folgado, Denis Chenu)
-Fixed issue: Error on update for some token tables (Carsten Schmitz)
-Fixed issue: Replacing `@@SURVEYURL@@` incorrectly in RPC (#631) (Frederik Prijck)
-Fixed issue: Wrong url generation for survey new test, that could lead to session problem when combined with wrong resources url (eg: favicon). (LouisGac)
Changes from 2.6.3LTS (build 170112) to 2.6.4LTS (build 170202) Feb 3, 2017
-Fixed issue #12078: Email sending problems with unvalidated SSL certificates (Carsten Schmitz)
-Fixed issue #12093: Error when editing email templates und using PHP7 (Carsten Schmitz)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment