Commits (72)
name: Build
on:
push:
branches:
- master
- develop
- 3.x-LTS
- sonarcubefixes3
pull_request:
types: [opened, synchronize, reopened]
jobs:
sonarcloud:
name: SonarCloud
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
<?php
/**
* LimeSurvey (tm)
* Copyright (C) 2011 The LimeSurvey Project Team / Carsten Schmitz
* All rights reserved.
* License: GNU/GPL License v2 or later, see LICENSE.php
* LimeSurvey is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/
class ValidateExpressionCommand extends CConsoleCommand
{
/**
* @param int $surveyId
* @param string $lang
* @param string $type 'invitation' 'reminder' 'registration' 'confirmation' 'admin_notification' 'admin_detailed_notification'
*/
public function actionEmail($surveyId, $lang, $type)
{
$_GET['type'] = $type;
Yii::import('application.controllers.admin.ExpressionValidate', true);
Yii::import('application.helpers.expressions.em_manager_helper', true);
Yii::import('application.helpers.replacements_helper', true);
Yii::import('application.helpers.common_helper', true);
$c = new ExpressionValidate();
$_SESSION['LEMsid'] = $surveyId;
$c->email($surveyId, $lang);
}
}
......@@ -12,11 +12,10 @@
*/
$config['versionnumber'] = '3.28.18-Tika-1.0.2';
$config['versionnumber'] = '3.28.34-Tika-1.0.2';
$config['dbversionnumber'] = 366;
$config['buildnumber'] = '';
$config['updatable'] = false;
$config['templateapiversion'] = 3;
$config['assetsversionnumber'] = '30246';
$config['assetsversionnumber'] = '30262';
return $config;
......@@ -95,7 +95,7 @@ class RegisterController extends LSYii_Controller
} else {
$iSurveyId = App()->request->getPost('sid');
}
$iSurveyId = (int) $iSurveyId;
$oSurvey = Survey::model()->find("sid=:sid", array(':sid'=>$iSurveyId));
/* Throw 404 if needed */
$sLanguage = Yii::app()->request->getParam('lang', Yii::app()->getConfig('defaultlang'));
......@@ -413,12 +413,12 @@ class RegisterController extends LSYii_Controller
} else {
// TODO : move xss filtering in model
$oToken = Token::create($iSurveyId);
$oToken->firstname = sanitize_xss_string($aFieldValue['sFirstName']);
$oToken->lastname = sanitize_xss_string($aFieldValue['sLastName']);
$oToken->firstname = $aFieldValue['sFirstName'];
$oToken->lastname = $aFieldValue['sLastName'];
$oToken->email = $aFieldValue['sEmail'];
$oToken->emailstatus = 'OK';
$oToken->language = $sLanguage;
$aFieldValue['aAttribute'] = array_map('sanitize_xss_string', $aFieldValue['aAttribute']);
$aFieldValue['aAttribute'] = $aFieldValue['aAttribute'];
$oToken->setAttributes($aFieldValue['aAttribute']);
if ($aSurveyInfo['startdate']) {
$oToken->validfrom = $aSurveyInfo['startdate'];
......@@ -427,6 +427,7 @@ class RegisterController extends LSYii_Controller
$oToken->validuntil = $aSurveyInfo['expires'];
}
$oToken->generateToken();
$oToken->setScenario('register');
$oToken->save();
$this->sMailMessage = gT("An email has been sent to the address you provided with access details for this survey. Please follow the link in that email to proceed.");
return $oToken->tid;
......
......@@ -38,6 +38,10 @@ class UploaderController extends SurveyController
$sFileGetContent = Yii::app()->request->getParam('filegetcontents', ''); // The file to view fu_ or fu_tmp
$bDelete = Yii::app()->request->getParam('delete');
$sFieldName = Yii::app()->request->getParam('fieldname');
$aFieldMap = createFieldMap($oSurvey, 'short', false, false, $sLanguage);
if (!isset($aFieldMap[$sFieldName])) {
throw new CHttpException(400); // See for debug > 1
}
$sFileName = Yii::app()->request->getParam('filename', ''); // The file to delete fu_ or fu_tmp
$sOriginalFileName = Yii::app()->request->getParam('name', ''); // Used for javascript return only
$sMode = Yii::app()->request->getParam('mode');
......@@ -52,23 +56,23 @@ class UploaderController extends SurveyController
// If one seems to be a hack: Bad request
throw new CHttpException(400); // See for debug > 1
}
if ($sFileGetContent) {
if (substr($sFileGetContent, 0, 6) == 'futmp_') {
if ($sFileGetContentFiltered) {
if (substr($sFileGetContentFiltered, 0, 6) == 'futmp_') {
$sFileDir = $tempdir.'/upload/';
} elseif (substr($sFileGetContent, 0, 3) == 'fu_') {
} elseif (substr($sFileGetContentFiltered, 0, 3) == 'fu_') {
// Need to validate $_SESSION['srid'], and this file is from this srid !
$sFileDir = "{$uploaddir}/surveys/{$surveyid}/files/";
} else {
throw new CHttpException(400); // See for debug > 1
}
if (is_file($sFileDir.$sFileGetContent)) {
if (is_file($sFileDir.$sFileGetContentFiltered)) {
// Validate file before else 500 error by getMimeType
$mimeType = LSFileHelper::getMimeType($sFileDir.$sFileGetContent, null, false);
$mimeType = LSFileHelper::getMimeType($sFileDir.$sFileGetContentFiltered, null, false);
if (is_null($mimeType)) {
$mimeType = "application/octet-stream"; // Can not really get content if not image
}
header('Content-Type: '.$mimeType);
readfile($sFileDir.$sFileGetContent);
readfile($sFileDir.$sFileGetContentFiltered);
Yii::app()->end();
} else {
Yii::app()->end();
......@@ -105,8 +109,8 @@ class UploaderController extends SurveyController
}
//var_dump($sFileDir.$sFilename);
// Return some json to do a beautiful text
if (@unlink($sFileDir.$sFileName)) {
echo sprintf(gT('File %s deleted'), $sOriginalFileName);
if (@unlink($sFileDir . $sFileNameFiltered)) {
echo sprintf(gT('File %s deleted'), CHtml::encode($sOriginalFileName));
} else {
echo gT('Oops, There was an error deleting the file');
}
......@@ -344,7 +348,7 @@ class UploaderController extends SurveyController
$body = '</head><body class="uploader">
<div class="model-container clearfix">
<div id="notice" class="text-center"></div>
<input type="hidden" id="ia" value="'.$fn.'" />
<input type="hidden" id="ia" value="' . CHtml::encode($fn) . '" />
<input type="hidden" id="'.$fn.'_minfiles" value="'.$minfiles.'" />
<input type="hidden" id="'.$fn.'_maxfiles" value="'.$maxfiles.'" />
<input type="hidden" id="'.$fn.'_maxfilesize" value="'.$maxfilesize.'" />
......
......@@ -49,7 +49,7 @@ class PluginManagerController extends Survey_Common_Action
foreach ($aoPlugins as $oPlugin) {
/* @var $plugin Plugin */
if (array_key_exists($oPlugin->name, $aDiscoveredPlugins)) {
$plugin = App()->getPluginManager()->loadPlugin($oPlugin->name, $oPlugin->id);
$plugin = App()->getPluginManager()->loadPlugin($oPlugin->name, $oPlugin->id, false);
if ($plugin) {
$aPluginSettings = $plugin->getPluginSettings(false);
$data[] = array(
......@@ -113,8 +113,8 @@ class PluginManagerController extends Survey_Common_Action
if (!is_null($oPlugin)) {
$iStatus = $oPlugin->active;
if ($iStatus == 0) {
// Load the plugin:
App()->getPluginManager()->loadPlugin($oPlugin->name, $id);
// Load the plugin (and init)
App()->getPluginManager()->loadPlugin($oPlugin->name, $id, true);
$result = App()->getPluginManager()->dispatchEvent(new PluginEvent('beforeActivate', $this), $oPlugin->name);
if ($result->get('success', true)) {
$iStatus = 1;
......@@ -184,7 +184,7 @@ class PluginManagerController extends Survey_Common_Action
}
$arPlugin = Plugin::model()->findByPk($id)->attributes;
$oPluginObject = App()->getPluginManager()->loadPlugin($arPlugin['name'], $arPlugin['id']);
$oPluginObject = App()->getPluginManager()->loadPlugin($arPlugin['name'], $arPlugin['id'], false);
if ($arPlugin === null) {
Yii::app()->user->setFlash('error', gT('The plugin was not found.'));
......
......@@ -487,7 +487,6 @@ class CheckIntegrity extends Survey_Common_Action
Yii::app()->setConfig('Updating', true);
foreach ($oSurveys as $oSurvey) {
if ($oSurvey->isActive && !$oSurvey->hasResponsesTable) {
Survey::model()->updateByPk($oSurvey->sid, array('active'=>'N'));
$bDirectlyFixed = true;
......@@ -529,20 +528,19 @@ class CheckIntegrity extends Survey_Common_Action
// It was just the QID....
$sQID = $sDirtyQid;
}
if ((string) intval($sQID) !== $sQID) {
throw new \Exception('sQID is not an integer: ' . $sQID);
}
// Here, we get the question as defined in backend
$oQuestion = Question::model()->findByAttributes([ 'qid' => $sQID , 'language' => $oSurvey->language, 'sid' => $oSurvey->sid ]);
try {
$oQuestion = Question::model()->findByAttributes([ 'qid' => $sQID , 'language' => $oSurvey->language, 'sid' => $oSurvey->sid ]);
} catch (Exception $e) {
// QID potentially invalid , see #17458, reset $oQuestion
$oQuestion = null;
}
if (is_a($oQuestion, 'Question')){
// We check if its GID is the same as the one defined in the column name
if ($oQuestion->gid != $sGid){
// If not, we change the column name
$sNvColName = $oSurvey->sid . 'X'. $oQuestion->groups->gid . 'X' . $sDirtyQid;
if ( array_key_exists( $sNvColName, $aColumns ) ){
// This case will not happen often, only when QID + Subquestion ID == QID of a question in the target group
// So we'll change the group of the question question group table (so in admin interface, not in frontend)
......@@ -553,14 +551,14 @@ class CheckIntegrity extends Survey_Common_Action
$oDB->createCommand()->renameColumn($model->tableName(), $oColumn->name , $sNvColName);
$oTransaction->commit();
}
}
} else {
// QID not found: The function to split the fieldname into the SGQA data is not 100% reliable
// So for certain question types (for example Text Array) the field name cannot be properly derived
// This happen if subquestions code are number only for example
// In this case just ignore the field - see also https://bugs.limesurvey.org/view.php?id=15642
// There is still a extremely low chance that an unwanted rename happens if a collision like this happens in the same survey
\Yii::log(sprintf("Invalid question id %s when checkintegrity in survey %s", $sQID, $oSurvey->sid), \CLogger::LEVEL_INFO, 'application.controller.admin.checkintegrity');
}
}
}
......
......@@ -363,7 +363,7 @@ class export extends Survey_Common_Action
// Default to 2 (16 and up)
Yii::app()->session['spssversion'] = 2;
}
$spssver = Yii::app()->request->getParam('spssver', Yii::app()->session['spssversion']);
$spssver = (int) Yii::app()->request->getParam('spssver', Yii::app()->session['spssversion']);
Yii::app()->session['spssversion'] = $spssver;
$length_varlabel = '231'; // Set the max text length of Variable Labels
......@@ -1189,7 +1189,7 @@ class export extends Survey_Common_Action
}
$lang = Yii::app()->request->getPost('save_language');
$lang = sanitize_languagecode(Yii::app()->request->getPost('save_language'));
// Setting the selected language for printout
......
......@@ -67,8 +67,7 @@ class Expressions extends Survey_Common_Action
$aData = array();
$sid = Yii::app()->request->getParam('sid', 0, 'integer');
$surveyid = Yii::app()->request->getParam('surveyid', $sid, 'integer');
$sid = (int) Yii::app()->request->getParam('sid', 0);
if (!Permission::model()->hasSurveyPermission($sid, 'surveycontent', 'read')) {
$message['title'] = gT('Access denied!');
......
......@@ -51,7 +51,7 @@ class labels extends Survey_Common_Action
Yii::app()->session['flashmessage'] = gT('Access denied!');
$this->getController()->redirect(App()->createUrl("/admin"));
}
$lid = returnGlobal('lid');
$lid = (int) returnGlobal('lid');
if (!empty($lid)) {
if (Yii::app()->getConfig('demoMode')) {
$this->getController()->error(gT("Demo mode only: Uploading files is disabled in this system."), $this->getController()->createUrl("admin/labels/sa/view/lid/{$lid}"));
......
......@@ -2344,7 +2344,7 @@ $url .= "_view"; });
$participantIdsString = Yii::app()->request->getPost('participant_id'); // TODO: This is a comma separated string of ids
$participantIds = explode(",", $participantIdsString);
$surveyId = Yii::app()->request->getPost('surveyid');
$surveyId = (int) Yii::app()->request->getPost('surveyid');
/**
* mapped can take values like
......
......@@ -1069,7 +1069,7 @@ class questions extends Survey_Common_Action
$eqrow['modulename'] = '';
$eqrow['conditions_number'] = false;
$eqrow['type'] = 'T';
if (isset($_GET['gid'])) {
$eqrow['gid'] = $_GET['gid'];
}
......@@ -1130,8 +1130,8 @@ class questions extends Survey_Common_Action
$aViewUrls = [];
$aViewUrls['editQuestion_view'][] = $aData;
App()->getClientScript()->registerScript("EditQuestionView_question_jsviews_".$surveyid.$eqrow['gid'].'new', "OtherSelection('".$eqrow['type']."');", LSYii_ClientScript::POS_POSTSCRIPT);
App()->getClientScript()->registerScript("EditQuestionView_question_jsviews_" . $surveyid . $eqrow['gid'] . 'new', "OtherSelection('" . $eqrow['type'] . "');", LSYii_ClientScript::POS_POSTSCRIPT);
$this->_renderWrappedTemplate('survey/Question', $aViewUrls, $aData);
......@@ -1332,7 +1332,7 @@ class questions extends Survey_Common_Action
}
$aData['activated'] = $arSurveyInfo->active;
// Prepare selector Class for javascript function
if (Yii::app()->session['questionselectormode'] !== 'default') {
$selectormodeclass = Yii::app()->session['questionselectormode'];
......@@ -1362,16 +1362,16 @@ class questions extends Survey_Common_Action
$aData['sValidateUrl'] = ($adding || $copying) ? $this->getController()->createUrl('admin/questions', array('sa' => 'ajaxValidate', 'surveyid'=>$surveyid)) : $this->getController()->createUrl('admin/questions', array('sa' => 'ajaxValidate', 'surveyid'=>$surveyid, 'qid'=>$qid));
$aData['ajaxDatas']['sValidateUrl'] = $aData['sValidateUrl'];
$aData['ajaxDatas']['qTypeOutput'] = $aData['qTypeOutput'];
$aData['addlanguages'] = Survey::model()->findByPk($surveyid)->additionalLanguages;
$aViewUrls['editQuestion_view'][] = $aData;
App()->getClientScript()->registerScript("EditQuestionView_question_jsviews_".$surveyid.$gid.$qid, "OtherSelection('".$eqrow['type']."');", LSYii_ClientScript::POS_POSTSCRIPT);
App()->getClientScript()->registerScript("EditQuestionView_question_jsviews_" . $surveyid . $gid . $qid, "OtherSelection('" . $eqrow['type'] . "');", LSYii_ClientScript::POS_POSTSCRIPT);
} else {
include('accessDenied.php');
}
$aData['ajaxDatas']['qTypeOutput'] = $aData['qTypeOutput'];
///////////
......@@ -1399,8 +1399,8 @@ class questions extends Survey_Common_Action
foreach ($aQidsAndLang as $sQidAndLang) {
$aQidAndLang = explode(',', $sQidAndLang);
$iQid = $aQidAndLang[0];
$sLanguage = $aQidAndLang[1];
$iQid = sanitize_int($aQidAndLang[0]);
$sLanguage = sanitize_languagecode($aQidAndLang[1]);
$oQuestion = Question::model()->find('qid=:qid and language=:language', array(":qid"=>$iQid, ":language"=>$sLanguage));
......@@ -1425,7 +1425,7 @@ class questions extends Survey_Common_Action
public function delete($surveyid=null, $qid=null, $ajax = false, $gid = 0)
{
if(is_null($qid)) {
$qid = Yii::app()->getRequest()->getPost('qid');
$qid = (int) Yii::app()->getRequest()->getPost('qid');
}
$oQuestion = Question::model()->find("qid = :qid",array(":qid"=>$qid));
if(empty($oQuestion)) {
......@@ -1676,11 +1676,11 @@ class questions extends Survey_Common_Action
);
$aAttributesWithValues = Question::model()->getAdvancedSettingsWithValues($qid, $type, $surveyid);
// get all attributes from old custom question theme and then unset them, only attributes from selected question theme should be visible
// get all attributes from old custom question theme and then unset them, only attributes from selected question theme should be visible
if (!empty($sOldQuestionTemplate) && $sOldQuestionTemplate !== 'core'){
// get old custom question theme attributes
$aOldQuestionThemeAttributes = \LimeSurvey\Helpers\questionHelper::getQuestionThemeAttributeValues($sOldQuestionTemplate, $questionTypeList[$type]);
if (!empty($aOldQuestionThemeAttributes)){
if (!empty($aOldQuestionThemeAttributes)) {
foreach ($aOldQuestionThemeAttributes as $key => $value) {
unset($aAttributesWithValues[$value['name']]);
}
......@@ -1747,12 +1747,12 @@ class questions extends Survey_Common_Action
if($oLabelSet !== null) {
$aUsedLanguages = explode(' ', $oLabelSet->languages);
foreach ($aUsedLanguages as $sLanguage) {
$aResult[$sLanguage] = array_map(
function($attribute) { return \viewHelper::flatten($attribute); },
$oLabelSet->attributes
);
);
foreach ($oLabelSet->labels as $oLabel) {
if($oLabel->language === $sLanguage) {
$aLabels = $oLabel->attributes;
......@@ -1768,7 +1768,7 @@ class questions extends Survey_Common_Action
$aLanguages[$sLanguage] = getLanguageNameFromCode($sLanguage,false);
};
}
$resultdata = ['results' => $aResult, 'languages' => $aLanguages];
return Yii::app()->getController()->renderPartial(
......@@ -1776,7 +1776,7 @@ class questions extends Survey_Common_Action
array(
'data' => [
'success' => count($aResult) > 0,
'results' => $aResult,
'results' => $aResult,
'languages' => $aLanguages
],
),
......@@ -1801,7 +1801,7 @@ class questions extends Survey_Common_Action
$criteria->addCondition('languages LIKE :language');
$criteria->params = [':language' => '%'.$language.'%'];
}
$resultdata = LabelSet::model()->findAll($criteria);
// $resultdata = [];
// create languagespecific array
......@@ -1810,9 +1810,9 @@ class questions extends Survey_Common_Action
$aResults[] = array_map(
function($attribute) { return \viewHelper::flatten($attribute); },
$oResult->attributes
);
);
}
return Yii::app()->getController()->renderPartial(
'/admin/super/_renderJson',
array(
......@@ -1898,7 +1898,7 @@ class questions extends Survey_Common_Action
# echo CActiveForm::validate($model);
# Yii::app()->end();
# }
# }
# }
/**
* @param string $question_type
......
......@@ -636,7 +636,7 @@ class responses extends Survey_Common_Action
if (isset($aQuestionFiles[$iIndex])) {
$aFile = $aQuestionFiles[$iIndex];
// Real path check from here: https://stackoverflow.com/questions/4205141/preventing-directory-traversal-in-php-but-allowing-paths
$sDir = realpath(Yii::app()->getConfig('uploaddir') . "/surveys/" . $iSurveyId . "/files/") . '/';
$sDir = realpath(Yii::app()->getConfig('uploaddir') . "/surveys/" . $iSurveyId . "/files/") . DIRECTORY_SEPARATOR;
$sFileRealName = $sDir . $aFile['filename'];
$sRealUserPath = realpath($sFileRealName);
if ($sRealUserPath === false || strpos($sRealUserPath, $sDir) !== 0) {
......@@ -697,12 +697,16 @@ class responses extends Survey_Common_Action
if (!empty($aResponseId)) {
// Now, zip all the files in the filelist
if (count($aResponseId) == 1) {
$zipfilename = "Files_for_survey_{$iSurveyId}_response_{$aResponseId[0]}.zip";
$zipfilename = "Files_for_survey_{$iSurveyId}_response_{$aResponseId[0]}.zip";
} else {
$zipfilename = "Files_for_survey_{$iSurveyId}.zip";
$zipfilename = "Files_for_survey_{$iSurveyId}.zip";
}
$this->_zipFiles($iSurveyId, $aResponseId, $zipfilename);
$this->_zipFiles(
$iSurveyId,
$aResponseId,
sanitize_filename($zipfilename, false, false, false)
);
} else {
// No response : redirect to browse with a alert
Yii::app()->setFlashMessage(gT("The requested files do not exist on the server."), 'error');
......
......@@ -59,6 +59,7 @@ class SurveyAdmin extends Survey_Common_Action
$aSurveys = json_decode(Yii::app()->request->getPost('sItems'));
$aResults = array();
foreach ($aSurveys as $iSurveyID) {
$iSurveyID = (int) $iSurveyID;
$oSurvey = Survey::model()->findByPk($iSurveyID);
$aResults[$iSurveyID]['title'] = $oSurvey->correct_relation_defaultlanguage->surveyls_title;
if (Permission::model()->hasSurveyPermission($iSurveyID, 'survey', 'delete')) {
......@@ -293,7 +294,7 @@ class SurveyAdmin extends Survey_Common_Action
*/
public function importsurveyresources()
{
$iSurveyID = Yii::app()->request->getPost('surveyid');
$iSurveyID = (int) Yii::app()->request->getPost('surveyid');
if (!empty($iSurveyID)) {
......@@ -2096,6 +2097,7 @@ class SurveyAdmin extends Survey_Common_Action
*/
private function _registerScriptFiles()
{
App()->getClientScript()->registerScriptFile(App()->getConfig('adminscripts') . 'surveysettings.js', LSYii_ClientScript::POS_BEGIN);
App()->getClientScript()->registerPackage('jquery-json');
App()->getClientScript()->registerPackage('bootstrap-switch');
......@@ -2395,7 +2397,7 @@ class SurveyAdmin extends Survey_Common_Action
// there is no Survey ID to check for permissions, so the error could be misleading.
LSUploadHelper::checkUploadedFileSizeAndRenderJson('file', $debug);
$iSurveyID = Yii::app()->request->getPost('surveyid');
$iSurveyID = (int) Yii::app()->request->getPost('surveyid');
$success = false;
if(!Permission::model()->hasSurveyPermission($iSurveyID, 'surveycontent', 'update')) {
return Yii::app()->getController()->renderPartial(
......
......@@ -172,13 +172,13 @@ class themes extends Survey_Common_Action
*/
public function upload()
{
// Code for backward compatiblity with custom themes that are expecting to upload images to upload subaction.
// Code for backward compatiblity with custom themes that are expecting to upload images to upload subaction.
// That happens as their options.twig are outdated.
// Now that the upload subaction doesn't handle all uploads, weneed to dispatch to the proper.
$action = returnGlobal('action');
if ($action == 'templateuploadimagefile') {
return $this->templateuploadimagefile();
}
}
if ($action == 'templateupload') {
return $this->templateupload();
}
......@@ -200,7 +200,7 @@ class themes extends Survey_Common_Action
/**
* Responsible to import a template image file.
*
*
* Called from Theme Options
*
* @access public
......@@ -218,7 +218,7 @@ class themes extends Survey_Common_Action
$uploadresult = "";
$success = false;
$debug = [];
$oTemplateConfiguration = Template::getInstance($sTemplateName);
$debug[] = $sTemplateName;
......@@ -237,7 +237,7 @@ class themes extends Survey_Common_Action
// Check file size and render JSON on error
LSUploadHelper::checkUploadedFileSizeAndRenderJson('file', $debug);
$checkImageContent = LSYii_ImageValidator::validateImage($_FILES["file"]);
if ($checkImageContent['check'] === false) {
$message = $checkImageContent['check'] === false ? $checkImageContent['uploadresult'] : null;
......@@ -283,7 +283,7 @@ class themes extends Survey_Common_Action
/**
* Responsible to import a template archive.
*
*
* Called from theme list and editor
*
* @access public
......@@ -298,7 +298,7 @@ class themes extends Survey_Common_Action
$uploadresult = "";
$success = false;
$debug = [];
Yii::app()->loadLibrary('admin.pclzip');
// Redirect back if demo mode is set.
......@@ -380,7 +380,7 @@ class themes extends Survey_Common_Action
/**
* Responsible to import a file into a template.
*
*
* Called from Theme Editor
*
* @access public
......@@ -418,7 +418,7 @@ class themes extends Survey_Common_Action
$fullfilepath = $dirfilepath.$filename;
$status = 'error';
if (Yii::app()->getConfig('demoMode')) {
$uploadresult = gT("Demo mode: Uploading template files is disabled.");
Yii::app()->setFlashMessage($uploadresult, $status);
......@@ -556,7 +556,7 @@ class themes extends Survey_Common_Action
if (returnGlobal('action') == "templaterename" && returnGlobal('newname') && returnGlobal('copydir')) {
$sNewName = sanitize_dirname(returnGlobal('newname'));
$sNewDirectoryPath = Yii::app()->getConfig('userthemerootdir')."/".$sNewName;
$sOldDirectoryPath = Yii::app()->getConfig('userthemerootdir')."/".returnGlobal('copydir');
$sOldDirectoryPath = Yii::app()->getConfig('userthemerootdir') . "/" . sanitize_dirname(returnGlobal('copydir'));
if (isStandardTemplate(returnGlobal('newname'))) {
Yii::app()->user->setFlash('error', sprintf(gT("Template could not be renamed to '%s'."), $sNewName)." ".gT("This name is reserved for standard template."));
......@@ -774,8 +774,10 @@ class themes extends Survey_Common_Action
$action = returnGlobal('action');
$editfile = returnGlobal('editfile');
$relativePathEditfile = returnGlobal('relativePathEditfile');
$sTemplateName = Template::templateNameFilter(App()->request->getPost('templatename'));
$relativePathEditfile = sanitize_dirname(returnGlobal('relativePathEditfile'));
$sTemplateName = Template::templateNameFilter(
sanitize_filename(App()->request->getPost('templatename'), false, false, false)
);
$screenname = returnGlobal('screenname');
$oEditedTemplate = Template::model()->getTemplateConfiguration($sTemplateName, null, null, true)->prepareTemplateRendering($sTemplateName);
......
......@@ -1297,12 +1297,6 @@ class tokens extends Survey_Common_Action
$aData['sidemenu']["token_menu"] = true;
$aData['token_bar']['closebutton']['url'] = 'admin/tokens/sa/index/surveyid/' . $iSurveyId; // Close button
if (Yii::app()->request->getParam('action') == "remind") {
$aData['token_bar']['sendreminderbutton'] = true;
} else {
$aData['token_bar']['sendinvitationbutton'] = true; // Invitation button
}
$aTokenIds = $this->getTokenIds();
$sSubAction = $this->getSubAction();
$bIsInvitation = $sSubAction == 'invite';
......@@ -2754,6 +2748,12 @@ class tokens extends Survey_Common_Action
$bEmail = $sSubAction == 'invite';
$aTokenIds = $this->getTokenIds();
if ($sSubAction == "remind") {
$aData['token_bar']['sendreminderbutton'] = true;
} else {
$aData['token_bar']['sendinvitationbutton'] = true; // Invitation button
}
// Fill empty email template by default text
foreach ($aSurveyLangs as $sSurveyLanguage) {
$aData['thissurvey'][$sSurveyLanguage] = getSurveyInfo($iSurveyId, $sSurveyLanguage);
......
......@@ -32,7 +32,7 @@ class index extends CAction
$this->_loadRequiredHelpersAndLibraries();
$param = $this->_getParameters(func_get_args(), $_POST);
$surveyid = $param['sid'];
$surveyid = (int) $param['sid'];
$thisstep = $param['thisstep'];
$move = getMove();
......
......@@ -95,9 +95,9 @@ class LsDefaultDataSets
'admin_notification_subject'=>gT("Response submission for survey {SURVEYNAME}", $mode),
'admin_notification'=>gT("Hello,\n\nA new response was submitted for your survey '{SURVEYNAME}'.\n\nClick the following link to see the individual response:\n{VIEWRESPONSEURL}\n\nClick the following link to edit the individual response:\n{EDITRESPONSEURL}\n\nView statistics by clicking here:\n{STATISTICSURL}", $mode),
'confirmation_subject'=>gT("Confirmation of your participation in our survey"),
'confirmation'=>gT("Dear {FIRSTNAME},\n\nthis email is to confirm that you have completed the survey titled {SURVEYNAME} and your response has been saved. Thank you for participating.\n\nIf you have any further questions about this email, please contact {ADMINNAME} on {ADMINEMAIL}.\n\nSincerely,\n\n{ADMINNAME}", $mode),
'confirmation'=>gT("Dear {FIRSTNAME},\n\nThis email is to confirm that you have completed the survey titled {SURVEYNAME} and your response has been saved. Thank you for participating.\n\nIf you have any further questions about this email, please contact {ADMINNAME} on {ADMINEMAIL}.\n\nSincerely,\n\n{ADMINNAME}", $mode),
'invitation_subject'=>gT("Invitation to participate in a survey", $mode),
'invitation'=>gT("Dear {FIRSTNAME},\n\nyou have been invited to participate in a survey.\n\nThe survey is titled:\n\"{SURVEYNAME}\"\n\n\"{SURVEYDESCRIPTION}\"\n\nTo participate, please click on the link below.\n\nSincerely,\n\n{ADMINNAME} ({ADMINEMAIL})\n\n----------------------------------------------\nClick here to do the survey:\n{SURVEYURL}", $mode)."\n\n".gT("If you do not want to participate in this survey and don't want to receive any more invitations please click the following link:\n{OPTOUTURL}", $mode)."\n\n".gT("If you are blacklisted but want to participate in this survey and want to receive invitations please click the following link:\n{OPTINURL}", $mode),
'invitation'=>gT("Dear {FIRSTNAME},\n\nYou have been invited to participate in a survey.\n\nThe survey is titled:\n\"{SURVEYNAME}\"\n\n\"{SURVEYDESCRIPTION}\"\n\nTo participate, please click on the link below.\n\nSincerely,\n\n{ADMINNAME} ({ADMINEMAIL})\n\n----------------------------------------------\nClick here to do the survey:\n{SURVEYURL}", $mode)."\n\n".gT("If you do not want to participate in this survey and don't want to receive any more invitations please click the following link:\n{OPTOUTURL}", $mode)."\n\n".gT("If you are blacklisted but want to participate in this survey and want to receive invitations please click the following link:\n{OPTINURL}", $mode),
'reminder_subject'=>gT("Reminder to participate in a survey", $mode),
'reminder'=>gT("Dear {FIRSTNAME},\n\nRecently we invited you to participate in a survey.\n\nWe note that you have not yet completed the survey, and wish to remind you that the survey is still available should you wish to take part.\n\nThe survey is titled:\n\"{SURVEYNAME}\"\n\n\"{SURVEYDESCRIPTION}\"\n\nTo participate, please click on the link below.\n\nSincerely,\n\n{ADMINNAME} ({ADMINEMAIL})\n\n----------------------------------------------\nClick here to do the survey:\n{SURVEYURL}", $mode)."\n\n".gT("If you do not want to participate in this survey and don't want to receive any more invitations please click the following link:\n{OPTOUTURL}", $mode),
'registration_subject'=>gT("Survey registration confirmation", $mode),
......
......@@ -153,6 +153,12 @@ var onClickListAction = function () {
/* Define what should be done when user confirm the mass action */
/* remove all existing action before adding the new one */
$modalButton.off('click').on('click', function(){
var $form = $modal.find('form');
if ($form.data('trigger-validation')) {
if (!$form[0].reportValidity()) {
return;
}
}
// Custom datas comming from the modal (like sid)
var $postDatas = {sItems:$oCheckedItems};
......
......@@ -99,7 +99,7 @@ class AjaxHelper
private static function echoString($str)
{
header('Content-Type: application/json');
echo $str;
echo CHtml::encode($str);
\Yii::app()->end();
}
}
......