Fixed issue: View access to survey group even though no permission

Fixed issue: Don't update survey group if no POST was submitted Fixed issue: Create token table on Postgres throws index error, if done repeatedly
LimeSurvey · Oct 22, 2020 · 37e9f26 · 37e9f26
1 parent 3c5028f
commit 37e9f26
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/application/controllers/admin/questiongroups.php b/application/controllers/admin/questiongroups.php
@@ -282,6 +282,10 @@ public function delete($iSurveyId=null, $iGroupId=null)
 
     public function view($surveyid, $gid)
     {
+        if (!Permission::model()->hasSurveyPermission($surveyid, 'surveycontent', 'read')) {
+            Yii::app()->user->setFlash('error', gT("Access denied"));
+            $this->getController()->redirect(array('admin/survey/sa/listquestiongroups/surveyid/'.$surveyid));
+        }                
         $aData = array();
         $aData['surveyid'] = $iSurveyID = $surveyid;
         $survey = Survey::model()->findByPk($iSurveyID);
@@ -534,6 +538,12 @@ public function update($gid)
         $surveyid = $group->sid;
         $survey = Survey::model()->findByPk($surveyid);
 
+        if (!App()->request->isPostRequest) {
+            $this->getController()->redirect(
+                array('admin/questiongroups/sa/view/surveyid/'.$surveyid.'/gid/'.$gid)
+            );
+        }
+
         if (Permission::model()->hasSurveyPermission($surveyid, 'surveycontent', 'update')) {
             Yii::app()->loadHelper('surveytranslator');
 

diff --git a/application/models/Token.php b/application/models/Token.php
@@ -190,7 +190,7 @@ public static function createTable($surveyId, array $extraFields = array())
         $db->createCommand()->createTable($sTableName, $fields);
 
         /**
-         * The random component in the index name is needed because MSSQL is being the dorky kid and 
+         * The random component in the index name is needed because Postgres is being the dorky kid and 
          * complaining about duplicates when renaming the table and trying to use the same index again 
          * on a new token table (for example on reactivation)
          */
@@ -203,7 +203,7 @@ public static function createTable($surveyId, array $extraFields = array())
                 $db->createCommand()->createIndex('idx_email', $sTableName, 'email(30)', false);
                 break;
             case 'pgsql':
-                $db->createCommand()->createIndex('idx_email', $sTableName, 'email', false);
+                $db->createCommand()->createIndex('idx_email_'.$surveyId_.rand(1, 50000), $sTableName, 'email', false);
                 break;
         }