Dev: Fixed limereplacementfields

Dev: and maybe another. Dev: todo : never send qid//gid// or qid=&gid= (i think)
LimeSurvey · Jun 15, 2017 · 1de1639 · 1de1639
1 parent bdc1570
commit 1de1639
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/application/core/Survey_Common_Action.php b/application/core/Survey_Common_Action.php
@@ -145,7 +145,7 @@ private function _addPseudoParams($params)
         /* Control sid,gid and qid params validity see #12434 */
         // Fill param with according existing param, replace existing parameters.
         // iGroupId/gid can be found with qid/iQuestionId
-        if(isset($params['iQuestionId'])) {
+        if(isset($params['iQuestionId']) && $params['iQuestionId']!=='') {
             if((string)(int)$params['iQuestionId']!==(string)$params['iQuestionId']) { // pgsql need filtering before find
                 throw new CHttpException(403,gT("Invalid question id"));
             }
@@ -158,7 +158,7 @@ private function _addPseudoParams($params)
             }
         }
         // iSurveyId/iSurveyID/sid can be found with gid/iGroupId
-        if(isset($params['iGroupId'])) {
+        if(isset($params['iGroupId']) && $params['iGroupId']!=='') {
             if((string)(int)$params['iGroupId']!==(string)$params['iGroupId']) { // pgsql need filtering before find
                 throw new CHttpException(403,gT("Invalid group id"));
             }
@@ -171,7 +171,7 @@ private function _addPseudoParams($params)
             }
         }
         // Finally control validity of sid
-        if(isset($params['iSurveyId'])) {
+        if(isset($params['iSurveyId']) && $params['iSurveyId']!=='') {
             if((string)(int)$params['iSurveyId']!==(string)$params['iSurveyId']) { // pgsql need filtering before find
                 // 403 mean The request was valid, but the server is refusing action.
                 throw new CHttpException(403,gT("Invalid survey id"));