Commit
Fixed issue [security] : no CRSF control when delete saved response Dev: move to LimeGridView Dev: Add Permission check
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,54 +1,49 @@ | ||
<div class='side-body <?php echo getSideBodyClass(true); ?>'> | ||
<h3> | ||
<span style='font-weight:bold;'><?php eT('Saved responses'); ?></span> | ||
<?php echo flattenText($sSurveyName) . ' ' . sprintf(gT('ID: %s'), $iSurveyId); ?> | ||
<?php eT('Saved responses'); ?> | ||
<small><?php echo flattenText($sSurveyName) . ' ' . sprintf(gT('ID: %s'), $iSurveyId); ?></small> | ||
</h3> | ||
|
||
<div class="row"> | ||
<div class="col-lg-12 content-right"> | ||
<div class="alert alert-info" role="alert"> | ||
<?php eT('Total:'); ?> <?php echo getSavedCount($iSurveyId); ?> | ||
</div> | ||
|
||
<p> | ||
<table class='browsetable table' style='margin:0 auto; width:60%'> | ||
<thead> | ||
<tr> | ||
<th><?php eT('ID'); ?></th> | ||
<th><?php eT('Actions'); ?></th> | ||
<th><?php eT('Identifier'); ?></th> | ||
<th><?php eT('IP address'); ?></th> | ||
<th><?php eT('Date saved'); ?></th> | ||
<th><?php eT('Email address'); ?></th> | ||
</tr> | ||
</thead> | ||
|
||
<tbody> | ||
<?php foreach($aResults as $oResult) | ||
{ ?> | ||
<tr> | ||
<td><?php echo $oResult->scid; ?></td> | ||
<td align='center'> | ||
|
||
<?php if (Permission::model()->hasSurveyPermission($iSurveyId,'responses','update')) | ||
{ ?> | ||
<span onclick="window.open('<?php echo $this->createUrl("admin/dataentry/sa/editdata/subaction/edit/surveyid/{$iSurveyId}/id/{$oResult->srid}"); ?>', '_top')" title='<?php eT('Edit entry'); ?>' class="fa fa-pencil text-success"></span> | ||
<?php } | ||
if (Permission::model()->hasSurveyPermission($iSurveyId,'responses','delete')) | ||
{ ?> | ||
<span class="fa fa-trash text-warning" title='<?php eT('Delete entry'); ?>' onclick="if (confirm('<?php eT('Are you sure you want to delete this entry?', 'js'); ?>')) { window.open('<?php echo $this->createUrl("admin/saved/delete/surveyid/{$iSurveyId}/srid/{$oResult->srid}/scid/{$oResult->scid}"); ?>', '_top'); }" ></span> | ||
<?php } ?> | ||
</td> | ||
|
||
<td><?php echo htmlspecialchars($oResult->identifier); ?></td> | ||
<td><?php echo $oResult->ip; ?></td> | ||
<td><?php echo $oResult->saved_date; ?></td> | ||
<td><?php echo CHtml::link(htmlspecialchars($oResult->email),'mailto:'.htmlspecialchars($oResult->email)); ?></td> | ||
|
||
</tr> | ||
<?php } ?> | ||
</tbody> | ||
</table> | ||
<br /> | ||
</p> | ||
</div></div></div> | ||
<?php | ||
$this->widget('ext.LimeGridView.LimeGridView', array( | ||
'id' => 'saved-grid', | ||
'ajaxUpdate' => 'saved-grid', | ||
'dataProvider' => $dataProvider, | ||
'ajaxType' => 'POST', | ||
'template' => "{items}\n<div class='row'><div class='col-sm-4 col-md-offset-4'>{pager}</div><div class='col-sm-4'>{summary}</div></div>", | ||
'columns' => array( | ||
array( | ||
'header' => gT("ID"), | ||
'name' => 'scid', | ||
), | ||
array( | ||
'class'=>'bootstrap.widgets.TbButtonColumn', | ||
'template'=>'{editresponse}{delete}', | ||
//~ 'htmlOptions' => array('class' => 'text-left response-buttons'), | ||
'buttons'=> $SavedControlModel->getGridButtons($iSurveyId), | ||
), | ||
array( | ||
'header' => gT("Identifier"), | ||
'name' => 'identifier', | ||
), | ||
array( | ||
'header' => gT("IP address"), | ||
'name' => 'ip', | ||
), | ||
array( | ||
'header' => gT("Date saved"), | ||
'name' => 'saved_date', | ||
), | ||
array( | ||
'header' => gT("Email address"), | ||
'name' => 'email', | ||
), | ||
), | ||
), | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
Shnoulle
Author
Collaborator
|
||
); | ||
?> | ||
</div> | ||
</div> | ||
</div> |
This file was deleted.
2 comments
on commit 391dba0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Merge conflict with develop branch. Please merge (sorry).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Argl, i know there are update to do (call of /ls/
but didn't know there are merge issue …)
I look :) thanks for reminder
Syntax error here. Please fix.