Dev: merge 'Master' branch into develop

.gitignore

@@ -54,5 +54,12 @@ Thumbs.db
 .buildpath
 *.un~
 launch.json
+# ignore plugins directory by default except LS plugin
+# if you want to add a new distributed plugin : add the directory here
+/plugins/*
+!/plugins/index.html
+!/plugins/Demo/
+!/plugins/AuditLog/
+enabletests
 
 

application/config/internal.php

@@ -58,6 +58,8 @@
         // This line just point application.vendor.Twig to application/third_party/Twig
         // @see: ETwigViewRenderer::$twigPathAlias
         'application.vendor.Twig'=>'application.third_party.Twig',
+        // 'CaptchaExtendedAction' => realpath(__DIR__ . '/../extensions/captchaExtended/CaptchaExtendedAction.php'),
+        // 'CaptchaExtendedValidator' => realpath(__DIR__ . '/../extensions/captchaExtended/CaptchaExtendedValidator.php')
     ),
 
     'modules'=>array(
@@ -84,12 +86,13 @@
         'application.models.*',
         'application.controllers.*',
         'application.modules.*',
-
         'bootstrap.helpers.*',
         'bootstrap.widgets.*',
         'bootstrap.behaviors.*',
         'yiiwheels.widgets.select2.WhSelect2',
-        'third_party.Twig.*'
+        'third_party.Twig.*',
+        'ext.captchaExtended.CaptchaExtendedAction',
+        'ext.captchaExtended.CaptchaExtendedValidator'
 
     ),
     'preload' => array ('log'),

application/config/third_party.php

@@ -370,5 +370,14 @@
             'jquery.autocomplete'.$minVersion.'.js'
         ),
     ),
-
+    'jszip' => array(
+        'basePath' => 'third_party.jszip',
+        'js' => array(
+            'jszip.js',
+            'fileSaver.js',
+        ),
+        'depends' => array(
+            'jquery',
+        )
+    )
 );

application/config/version.php

@@ -16,5 +16,5 @@
 $config['dbversionnumber'] = 292;
 $config['buildnumber'] = '';
 $config['updatable'] = true;
-$config['assetsversionnumber'] = '2647';
+$config['assetsversionnumber'] = '2660';
 return $config;

application/controllers/InstallerController.php

@@ -885,6 +885,11 @@ function check_DirectoryWriteable($directory, &$data, $base, $keyError, $bRecurs
         if (!check_PHPFunction('mb_convert_encoding', $aData['mbstringPresent']))
             $bProceed = false;
 
+        // zlib library check    
+        if (!check_PHPFunction('zlib_get_coding_type', $aData['zlibPresent']))  {
+            $bProceed = false;
+        }
+
         // JSON library check
         if (!check_PHPFunction('json_encode', $aData['bJSONPresent']))
             $bProceed = false;

application/controllers/OptoutController.php

@@ -24,11 +24,55 @@ class OptoutController extends LSYii_Controller {
      public $layout = 'bare';
      public $defaultAction = 'tokens';
 
+
+     function actiontokens()
+     {
+
+
+         $iSurveyID     = Yii::app()->request->getQuery('surveyid');
+         $sLanguageCode = Yii::app()->request->getQuery('langcode');
+         $sToken        = Token::sanitizeToken(Yii::app()->request->getQuery('token'));
+
+         Yii::app()->loadHelper('database');
+         Yii::app()->loadHelper('sanitize');
+
+         //IF there is no survey id, redirect back to the default public page
+         if (!$iSurveyID){
+             $this->redirect(array('/'));
+         }
+
+         $iSurveyID = (int)$iSurveyID; //Make sure it's an integer (protect from SQL injects)
+         //Check that there is a SID
+         // Get passed language from form, so that we dont lose this!
+         if (!isset($sLanguageCode) || $sLanguageCode == "" || !$sLanguageCode)
+         {
+             $sBaseLanguage = Survey::model()->findByPk($iSurveyID)->language;
+         }
+         else
+         {
+             $sBaseLanguage = sanitize_languagecode($sLanguageCode);
+         }
+
+         Yii::app()->setLanguage($sBaseLanguage);
+
+         $aSurveyInfo=getSurveyInfo($iSurveyID,$sBaseLanguage);
+
+         if ($aSurveyInfo==false || !tableExists("{{tokens_{$iSurveyID}}}")){
+             throw new CHttpException(404, "The survey in which you are trying to participate does not seem to exist. It may have been deleted or the link you were given is outdated or incorrect.");
+         }else{
+             $sMessage = "<p>".gT('Please confirm that you want to opt out of this survey by clicking the button below.').'<br>'. gT("After confirmation you won't receive any invitations or reminders for this survey anymore.")."</p>";
+             $sMessage .= '<p><a href="'.Yii::app()->createUrl('optout/removetokens', array('surveyid'=>$iSurveyID, 'langcode'=> $sBaseLanguage, 'token' => $sToken )).'" class="btn btn-default btn-lg">'.gT("I confirm").'</a><p>';
+             $this->_renderHtml($sMessage, $aSurveyInfo, $iSurveyID);
+         }
+
+
+     }
+
     /**
      * This function is run when opting out of an individual token table. The other function /optout/participants
      * opts the user out of ALL survey invitations from the system
      */
-    function actiontokens()
+    function actionremovetokens()
     {
         $iSurveyID=Yii::app()->request->getQuery('surveyid');
         $sLanguageCode=Yii::app()->request->getQuery('langcode');

application/controllers/RegisterController.php

@@ -48,8 +48,8 @@ public function actions()
     {
         return array(
             'captcha' => array(
-                'class' => 'CCaptchaAction',
-                'backColor'=>0xf6f6f6
+                'class' => 'CaptchaExtendedAction',
+                'mode'=>CaptchaExtendedAction::MODE_MATH
             )
         );
     }

application/controllers/SurveyController.php

@@ -80,8 +80,9 @@ public function actions()
             'uploader' => 'application.controllers.uploader',
             'verification' => 'application.controllers.verification',
             'captcha' => array(
-                'class' => 'CCaptchaAction',
-                'backColor'=>0xf6f6f6
+              'class'=>'CaptchaExtendedAction',
+              // if needed, modify settings
+              'mode'=>CaptchaExtendedAction::MODE_MATH,
             )
         );
     }

application/controllers/admin/NotificationController.php

@@ -28,17 +28,15 @@ public function index()
     public function getNotificationAsJSON($notId)
     {
         $this->checkPermission();
-
-        $not = Notification::model()->findByPk($notId);
-
-        if ($not)
-        {
-            echo json_encode(array('result' => $not->getAttributes()));
+        if ((string) (int) $notId !== (string) $notId) {
+
         }
-        else
-        {
-            echo json_encode(array('error' => 'Found no notification with id ' . $notId));
+        $not = Notification::model()->findByPk($notId);
+        if(!$not) {
+            throw new CHttpException(404,sprintf(gT("Notification %s not found"),$notId));
         }
+        header('Content-type: application/json');
+        echo json_encode(array('result' => $not->getAttributes()));
     }
 
     /**
@@ -51,17 +49,16 @@ public function notificationRead($notId)
     {
         $this->checkPermission();
 
-        try
-        {
-            $not = Notification::model()->findByPk($notId);
-            $result = $not->markAsRead();
-            echo json_encode(array('result' => $result));
+        if ((string) (int) $notId !== (string) $notId) {
+            throw new CHttpException(403,gT("Invalid notification id"));
         }
-        catch (Exception $ex)
-        {
-            echo json_encode(array('error' => $ex->getMessage()));
+        $not = Notification::model()->findByPk($notId);
+        if(!$not) {
+            throw new CHttpException(404,sprintf(gT("Notification %s not found"),$notId));
         }
-
+        $result = $not->markAsRead();
+        header('Content-type: application/json');
+        echo json_encode(array('result' => $result));
     }
 
     /**
@@ -73,7 +70,6 @@ public function notificationRead($notId)
     public function actionGetMenuWidget($surveyId = null, $showLoader = false)
     {
         $this->checkPermission();
-
         echo self::getMenuWidget($surveyId, $showLoader);
     }
 
@@ -85,14 +81,14 @@ public function actionGetMenuWidget($surveyId = null, $showLoader = false)
     public function clearAllNotifications($surveyId = null)
     {
         Notification::model()->deleteAll(
-            'entity = \'user\' AND entity_id = ' . Yii::app()->user->id
+            'entity = :entity AND entity_id = :entity_id',
+            array(":entity"=>'user',":entity_id"=>Yii::app()->user->id)
         );
 
-        if (!is_null($surveyId))
-        {
-            $surveyId = intval($surveyId);
+        if (is_int($surveyId)) {
             Notification::model()->deleteAll(
-                'entity = \'survey\' AND entity_id = ' . $surveyId
+                'entity = :entity AND entity_id = :entity_id',
+                array(":entity"=>'survey',":entity_id"=>$surveyId)
             );
         }
     }
@@ -104,9 +100,8 @@ public function clearAllNotifications($surveyId = null)
     protected function checkPermission()
     {
         // Abort if user is not logged in
-        if(Yii::app()->user->isGuest)
-        {
-            die('No permission');
+        if (Yii::app()->user->isGuest) {
+            throw new CHttpException(401);
         }
     }
 
@@ -129,10 +124,13 @@ public static function getMenuWidget($surveyId = null, $showLoader = false)
         $data = array();
         $data['surveyId'] = $surveyId;
         $data['showLoader'] = $showLoader;
-        $data['clearAllNotificationsUrl'] = Yii::app()->createUrl('admin/notification', array(
+        $params=array(
             'sa' => 'clearAllNotifications',
-            'surveyId' => $surveyId
-        ));
+        );
+        if ($surveyId) {
+            $params['surveyId'] = $surveyId;
+        }
+        $data['clearAllNotificationsUrl'] = Yii::app()->createUrl('admin/notification', $params);
         $data['updateUrl'] = Notification::getUpdateUrl($surveyId);
         $data['nrOfNewNotifications'] = Notification::countNewNotifications($surveyId);
         $data['nrOfNotifications'] = Notification::countNotifications($surveyId);

application/controllers/admin/database.php

@@ -1317,6 +1317,30 @@ private function actionInsertCopyQuestion($iSurveyID)
                     $validAttributes    = Question::getQuestionTemplateAttributes($validAttributes, $aAttributeValues, $cqr );
 
                     $aLanguages=array_merge(array(Survey::model()->findByPk($iSurveyID)->language),Survey::model()->findByPk($iSurveyID)->additionalLanguages);
+                /* Start to fix some param before save (TODO : use models directly ?) */
+                /* Date management */
+                Yii::app()->loadHelper('surveytranslator');
+                $formatdata=getDateFormatData(Yii::app()->session['dateformat']);
+                $startdate = App()->request->getPost('startdate');
+                if (trim($startdate)=="")
+                {
+                    $startdate=null;
+                }
+                else
+                {
+                    $datetimeobj = DateTime::createFromFormat($formatdata['phpdate'].' H:i', $startdate );
+                    $startdate=$datetimeobj->format("Y-m-d H:i:s");
+                }
+                $expires = App()->request->getPost('expires');
+                if (trim($expires)=="")
+                {
+                    $expires=null;
+                }
+                else
+                {
+                    $datetimeobj = DateTime::createFromFormat($formatdata['phpdate'].' H:i', $expires);
+                    $expires=$datetimeobj->format("Y-m-d H:i:s");
+                }
 
                     foreach ($validAttributes as $validAttribute)
                     {

application/controllers/admin/dataentry.php

@@ -710,8 +710,8 @@ public function editdata($subaction, $id, $surveyid, $language='')
                             ;
                             if ($idrow[$fname['fieldname']]!='')
                             {
-                                $datetimeobj = new Date_Time_Converter($idrow[$fname['fieldname']], "Y-m-d H:i:s");
-                                $thisdate = $datetimeobj->convert($dateformatdetails['phpdate']);
+                                $datetimeobj = DateTime::createFromFormat("!Y-m-d H:i:s", $idrow[$fname['fieldname']]);
+                                $thisdate = $datetimeobj->format($dateformatdetails['phpdate']);
                             }
                             else
                             {
@@ -1503,12 +1503,10 @@ public function update()
                         $qidattributes = getQuestionAttributeValues($irow['qid']);
                         $dateformatdetails = getDateFormatDataForQID($qidattributes, $thissurvey);
 
-                        $this->getController()->loadLibrary('Date_Time_Converter');
-                        $datetimeobj = new date_time_converter($thisvalue,$dateformatdetails['phpdate']) ;
+                        $datetimeobj = DateTime::createFromFormat('!' . $dateformatdetails['phpdate'], $thisvalue);
                         //need to check if library get initialized with new value of constructor or not.
 
-                        //$datetimeobj = new Date_Time_Converter($thisvalue,$dateformatdetails['phpdate']);
-                        $updateqr .= dbQuoteID($fieldname)." = '{$datetimeobj->convert("Y-m-d H:i:s")}', \n";
+                        $updateqr .= dbQuoteID($fieldname)." = '{$datetimeobj->format("Y-m-d H:i:s")}', \n";
                     }
                 }
                 elseif (($irow['type'] == 'N' || $irow['type'] == 'K') && $thisvalue == "")
@@ -1766,11 +1764,10 @@ public function insert()
                         }
                         elseif ($irow['type'] == 'D')
                         {
-                            Yii::app()->loadLibrary('Date_Time_Converter');
                             $qidattributes = getQuestionAttributeValues($irow['qid']);
                             $dateformatdetails = getDateFormatDataForQID($qidattributes, $thissurvey);
-                            $datetimeobj = new Date_Time_Converter($_POST[$fieldname],$dateformatdetails['phpdate']);
-                            $insert_data[$fieldname] = $datetimeobj->convert("Y-m-d H:i:s");
+                            $datetimeobj = DateTime::createFromFormat('!' . $dateformatdetails['phpdate'], $_POST[$fieldname]);
+                            $insert_data[$fieldname] = $datetimeobj->format("Y-m-d H:i:s");
                         }
                         else
                         {
@@ -2466,23 +2463,21 @@ private function _array_filter_help($qidattributes, $surveyprintlang, $surveyid)
         if(!empty($qidattributes['array_filter']))
         {
 
-            $newquestiontext = Question::model()->findByAttributes(array('title' => $qidattributes['array_filter'], 'language' => $surveyprintlang, 'sid' => $surveyid));
-            if(is_object($newquestiontext))
-            {
-                $newquestiontext->getAttribute('question');
+            /** @var Question $question */
+            $question = Question::model()->findByAttributes(array('title' => $qidattributes['array_filte'], 'language' => $surveyprintlang, 'sid' => $surveyid));
+            if($question) {
                 $output .= "\n<p class='extrahelp'>
-                ".sprintf(gT("Only answer this question for the items you selected in question %s ('%s')"),$qidattributes['array_filter'], flattenText(breakToNewline($newquestiontext)))."
+                ".sprintf(gT("Only answer this question for the items you selected in question %s ('%s')"),$qidattributes['array_filter'], flattenText(breakToNewline($question->question)))."
                 </p>\n";
             }
         }
         if(!empty($qidattributes['array_filter_exclude']))
         {
-            $newquestiontext = Question::model()->findByAttributes(array('title' => $qidattributes['array_filter_exclude'], 'language' => $surveyprintlang, 'sid' => $surveyid));
-            if(is_object($newquestiontext))
-            {
-                $newquestiontext->getAttribute('question');
+            /** @var Question $question */
+            $question = Question::model()->findByAttributes(array('title' => $qidattributes['array_filter_exclude'], 'language' => $surveyprintlang, 'sid' => $surveyid));
+            if($question) {
                 $output .= "\n    <p class='extrahelp'>
-                ".sprintf(gT("Only answer this question for the items you did not select in question %s ('%s')"),$qidattributes['array_filter_exclude'], breakToNewline($newquestiontext))."
+                ".sprintf(gT("Only answer this question for the items you did not select in question %s ('%s')"),$qidattributes['array_filter_exclude'], breakToNewline($question->question))."
                 </p>\n";
             }
         }

application/controllers/admin/homepagesettings.php

@@ -56,6 +56,11 @@ public function create()
         $model=new Boxes;
         if(isset($_POST['Boxes']))
         {
+            if (Yii::app()->getConfig('demoMode'))
+            {
+                Yii::app()->setFlashMessage(gT('This setting cannot be changed because demo mode is active.'),'error');
+                $this->getController()->redirect(Yii::app()->getController()->createUrl("/admin/homepagesettings"));
+            }
             $model->attributes=$_POST['Boxes'];
             if($model->save())
             {

application/controllers/admin/htmleditor_pop.php

@@ -39,8 +39,7 @@ function index()
             $aData['sControlIdDis'] = $aData['sFieldName'] . '_popupctrldis';
             $aData['toolbarname'] = 'popup';
             $aData['htmlformatoption'] = '';
-
-            if (in_array($aData['sFieldType'], array('email-inv', 'email-reg', 'email-conf', 'email-rem')))
+            if (in_array($aData['sFieldType'], array('email-invitation', 'email-registration', 'email-confirmation', 'email-reminder')))
             {
                 $aData['htmlformatoption'] = ',fullPage:true';
             }