Dev: Merge branch 'preventLoops'

LimeSurvey · Jul 22, 2016 · 2f35e85 · 2f35e85
2 parents 0e51fd1 + 9700ea2
commit 2f35e85
Show file tree

Hide file tree

Showing 7 changed files with 74 additions and 50 deletions.
diff --git a/application/controllers/admin/globalsettings.php b/application/controllers/admin/globalsettings.php
@@ -59,7 +59,7 @@ private function _displaySettings()
         Yii::app()->loadHelper('surveytranslator');
 
         // Save refurl from where global settings screen is called!
-        $refurl = Yii::app()->getRequest()->getUrlReferrer(Yii::app()->createUrl('admin'), array('globalsettings'));
+        $refurl = Yii::app()->getRequest()->getUrlReferrer(Yii::app()->createUrl('admin'));
 
         // Some URLs are not to be allowed to refered back to.
         // These exceptions can be added to the $aReplacements array

diff --git a/application/controllers/admin/labels.php b/application/controllers/admin/labels.php
@@ -228,7 +228,7 @@ public function index($sa, $lid=0)
         $aData['labelbar']['buttons']['edition']= TRUE;
         $aData['labelbar']['savebutton']['form'] = 'labelsetform';
         $aData['labelbar']['savebutton']['text'] = gT("Save");
-        $aData['labelbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl('admin/labels/sa/view'), array('newlabelset') );  // Close button, UrlReferrer
+        $aData['labelbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl('admin/labels/sa/view') );  // Close button, UrlReferrer
         $this->_renderWrappedTemplate('labels', $aViewUrls, $aData);
 
     }
@@ -337,7 +337,7 @@ public function view($lid = 0)
             $aData['labelbar']['buttons']['delete'] = true;
             $aData['labelbar']['savebutton']['form'] = 'mainform';
             $aData['labelbar']['savebutton']['text'] = gT("Save changes");
-            $aData['labelbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl('admin/labels/sa/view') , array('newlabelset'));
+            $aData['labelbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl('admin/labels/sa/view') );
             $aData['labelbar']['buttons']['edition'] = true;
 
             $aData['labelbar']['buttons']['edit'] = true;
@@ -433,7 +433,7 @@ public function exportmulti()
         {
             $aData['labelbar']['savebutton']['form'] = 'exportlabelset';
             $aData['labelbar']['savebutton']['text'] = gT("Export multiple label sets");
-            $aData['labelbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl('admin/labels/sa/view'), array('newlabelset') );
+            $aData['labelbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl('admin/labels/sa/view') );
             $aData['labelbar']['buttons']['edition'] = TRUE;
             $this->_renderWrappedTemplate('labels', 'exportmulti_view', $aData);
         }

diff --git a/application/controllers/admin/statistics.php b/application/controllers/admin/statistics.php
@@ -825,7 +825,7 @@ protected function _renderWrappedTemplate($sAction = 'export', $aViewUrls = arra
     {
         $this->registerScriptFile( 'ADMIN_SCRIPT_PATH', 'bootstrap-switch.min.js');
 
-        $aData['menu']['closeurl'] = Yii::app()->request->getUrlReferrer(Yii::app()->createUrl("/admin/survey/sa/view/surveyid/".$aData['surveyid']), array('simpleStatistics', 'admin/statistics/sa/index') );
+        $aData['menu']['closeurl'] = Yii::app()->request->getUrlReferrer(Yii::app()->createUrl("/admin/survey/sa/view/surveyid/".$aData['surveyid']) );
 
         $aData['display'] = array();
         $aData['display']['menu_bars'] = false;

diff --git a/application/controllers/admin/usergroups.php b/application/controllers/admin/usergroups.php
@@ -113,7 +113,7 @@ public function mail($ugid)
             $aViewUrls = 'mailUserGroup_view';
         }
 
-        $aData['usergroupbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer();  // Close button, UrlReferrer
+        $aData['usergroupbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer(App()->createUrl('admin/usergroups/sa/index'));  // Close button, UrlReferrer
 
         $this->_renderWrappedTemplate('usergroup', $aViewUrls, $aData);
     }
@@ -202,7 +202,7 @@ public function add()
         }
         $aData['usergroupbar']['savebutton']['form']= 'usergroupform';
         $aData['usergroupbar']['savebutton']['text']= gT('Save');
-        $aData['usergroupbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer();  // Close button, urlReferrer
+        $aData['usergroupbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer(App()->createUrl('admin/usergroups/sa/index'));  // Close button, urlReferrer
         $aData['usergroupbar']['add'] = 'admin/usergroups';
         $this->_renderWrappedTemplate('usergroup', $aViewUrls, $aData);
     }
@@ -247,7 +247,7 @@ function edit($ugid)
             }
         }
 
-        $aData['usergroupbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer();  // Close button, urlReferrer
+        $aData['usergroupbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer(App()->createUrl('admin/usergroups/sa/index'));  // Close button, urlReferrer
         $aData['usergroupbar']['savebutton']['form']= 'usergroupform';
         $aData['usergroupbar']['savebutton']['text']= gT("Update user group");
 

diff --git a/application/core/LSHttpRequest.php b/application/core/LSHttpRequest.php
@@ -45,9 +45,12 @@ class LSHttpRequest extends CHttpRequest
      * If it the case, a paramater can be set to tell what referrer to return.
      * If the referrer is an external url, Yii return by default the current url.
      *
-     * To avoid looping between two urls (like simpleStatistics <=> Expert Statistics),
-     * it can be necessary to check if the referrer contains a specific word (an action in general)
-     * So if you want to forbid a return to a certain page, just provide an alternative url, and the forbidden key world
+     * DEPRECATED
+     * #To avoid looping between two urls (like simpleStatistics <=> Expert Statistics),
+     * #it can be necessary to check if the referrer contains a specific word (an action in general)
+     * #So if you want to forbid a return to a certain page, just provide an alternative url, and the forbidden key world
+     *
+     * The checkLoopInNavigationStack-Method will check for looping, though the forbiddenUrl array is not required anymore
      *
      * Not all "close" and "save and close" buttons should use it.
      * Only close button for pages that can be accessed since different places.
@@ -75,38 +78,72 @@ class LSHttpRequest extends CHttpRequest
      * TODO : Each time a new quick action or button is added to access an existing page, the "close" & "save and close" button should be updated to use getUrlReferrer()
      *
      * @param $sAlternativeUrl string, the url to return if referrer url is the same than current url.
-     * @param $aForbiddenWordsInUrl array, an array containing forbidden words in url
      * @return string if success, else null
      */
-    public function getUrlReferrer($sAlternativeUrl=null, $aForbiddenWordsInUrl=array())
+    public function getUrlReferrer($sAlternativeUrl=null)
     {
 
        $referrer = parent::getUrlReferrer();
        $baseReferrer    = str_replace(Yii::app()->getBaseUrl(true), "", $referrer);
        $baseRequestUri  = str_replace(Yii::app()->getBaseUrl(), "", Yii::app()->request->requestUri);
        $referrer = ($baseReferrer != $baseRequestUri)?$referrer:null;
-
-       // Checks if the alternative url should be used
-       if(isset($sAlternativeUrl))
-       {
-           // Use alternative url if the referrer is equal to current url.
-           if(is_null($referrer))
-           {
-               $referrer = $sAlternativeUrl;
-           }
-
-           // Use alternative url if a forbidden word appears in the referrer
-           foreach($aForbiddenWordsInUrl as $sForbiddenWord)
-           {
-               if (strpos($referrer, $sForbiddenWord) !== false)
-               {
-                   $referrer = $sAlternativeUrl;
-               }
-           }
+        //Use alternative url if the $referrer is still available in the checkLoopInNavigationStack
+        if( ($this->checkLoopInNavigationStack($referrer)) || (is_null($referrer)) )
+        {
+            // Checks if the alternative url should be used
+            if(isset($sAlternativeUrl))
+            {
+                $referrer = $sAlternativeUrl;
+            }
+            else 
+            {
+               return App()->createUrl('admin/index');
+            }
        }
        return $referrer;
     }
 
+    /**
+    * Method to update the LimeSurvey Navigation Stack to prevent looping
+    */
+    public function updateNavigationStack()
+    {
+        $referrer = parent::getUrlReferrer();
+        $navStack = App()->session['LSNAVSTACK'];
+
+        if(!is_array($navStack))
+        {
+            $navStack = array();
+        }
+
+        array_unshift($navStack,$referrer);
+
+        if(count($navStack)>5)
+        {
+            array_pop($navStack);
+        }
+        App()->session['LSNAVSTACK'] = $navStack;
+    }
+
+    /**
+    * Method to check if an url is part of the stack
+    * Returns true, when an url is saved in the stack
+    * @param $referrerURL The URL that is checked against the stack 
+    */
+    protected function checkLoopInNavigationStack($referrerURL)
+    {
+        $navStack = App()->session['LSNAVSTACK'];
+        foreach($navStack as $url)
+        {
+            $refEqualsUrl = ($referrerURL == $url);
+              if ($refEqualsUrl)
+              {
+                  return true;
+              }
+        }
+        return false;  
+    }
+
     protected function normalizeRequest(){
         parent::normalizeRequest();
 

diff --git a/application/core/Survey_Common_Action.php b/application/core/Survey_Common_Action.php
@@ -27,7 +27,7 @@ class Survey_Common_Action extends CAction
     public function __construct($controller=null, $id=null)
     {
         parent::__construct($controller, $id);
-
+        Yii::app()->request->updateNavigationStack();
         // Make sure viewHelper can be autoloaded
         Yii::import('application.helpers.viewHelper');
     }
@@ -533,7 +533,7 @@ function _tokenbar($aData)
             if(isset($aData['token_bar']['closebutton']['url']))
             {
                 $sAlternativeUrl = $aData['token_bar']['closebutton']['url'];
-                $aData['token_bar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl($sAlternativeUrl) , array('tokenify') );
+                $aData['token_bar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl($sAlternativeUrl) );
             }
 
             $this->getController()->renderPartial("/admin/token/token_bar", $aData);
@@ -695,10 +695,7 @@ function _nquestiongroupbar($aData)
             if(isset($aData['questiongroupbar']['closebutton']['url']))
             {
                 $sAlternativeUrl = $aData['questiongroupbar']['closebutton']['url'];
-                $aForbiddenWordsInUrl = array(
-                    'add'
-                );
-                $aData['questiongroupbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer(Yii::app()->createUrl($sAlternativeUrl), $aForbiddenWordsInUrl);
+                $aData['questiongroupbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer(Yii::app()->createUrl($sAlternativeUrl));
             }
 
             $this->getController()->renderPartial("/admin/survey/QuestionGroups/questiongroupbar_view", $aData);
@@ -712,9 +709,7 @@ function _fullpagebar($aData)
             if(isset($aData['fullpagebar']['closebutton']['url']))
             {
                 $sAlternativeUrl        = '/admin/index';
-                $aForbiddenWordsInUrl[] ='modifyuser';
-                $aForbiddenWordsInUrl[] ='personalsettings';
-                $aData['fullpagebar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl($sAlternativeUrl), $aForbiddenWordsInUrl );
+                $aData['fullpagebar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl($sAlternativeUrl));
             }
             $this->getController()->renderPartial("/admin/super/fullpagebar_view", $aData);
         }
@@ -876,15 +871,7 @@ function _surveybar($aData)
             if(isset($aData['surveybar']['closebutton']['url']))
             {
                 $sAlternativeUrl = $aData['surveybar']['closebutton']['url'];
-                $aForbiddenWordsInUrl = isset($aData['surveybar']['closebutton']['forbidden'])?$aData['surveybar']['closebutton']['forbidden']:array();
-                $aForbiddenWordsInUrl[]='assessmentedit';
-                $aForbiddenWordsInUrl[]='newsurvey';
-                $aForbiddenWordsInUrl[]='editlocalsettings';
-                $aForbiddenWordsInUrl[]='setsurveysecurity';
-                $aForbiddenWordsInUrl[]='importsurveyresources';
-                $aForbiddenWordsInUrl[]='newquestion';
-                $aForbiddenWordsInUrl[]='add';
-                $aData['surveybar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl($sAlternativeUrl), $aForbiddenWordsInUrl );
+                $aData['surveybar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl($sAlternativeUrl));
             }
 
             if($aData['gid']==null)

diff --git a/application/views/admin/survey/deleteSurvey_view.php b/application/views/admin/survey/deleteSurvey_view.php
@@ -26,7 +26,7 @@
                     <?php echo CHtml::beginForm($this->createUrl("admin/survey/sa/delete/surveyid/{$surveyid}"), 'post');?>
                         <input type='hidden' name='delete' value='yes'>
                         <input type='submit'  class="btn btn-lg btn-warning" value='<?php eT("Delete survey"); ?>'>
-                        <input type='button'  class="btn btn-lg btn-default" value='<?php eT("Cancel"); ?>' onclick="window.open('<?php echo Yii::app()->request->getUrlReferrer( Yii::app()->createUrl("admin/survey/sa/view/surveyid/$surveyid") , array() ); ?>', '_top')" />
+                        <input type='button'  class="btn btn-lg btn-default" value='<?php eT("Cancel"); ?>' onclick="window.open('<?php echo Yii::app()->request->getUrlReferrer( Yii::app()->createUrl("admin/survey/sa/view/surveyid/$surveyid") ); ?>', '_top')" />
                     <?php echo CHtml::endForm(); ?>
                 </p>
         </div>