Fixed issue #14039: Captcha prevent panel integration. GET URL parame…

…ter not captured (#1896) Co-authored-by: encuestabizdevgit <devgit@encuesta.biz>
LimeSurvey · Jun 4, 2021 · 395f9f8 · 395f9f8
1 parent 0ccd567
commit 395f9f8
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 3 deletions.
diff --git a/application/core/LSHttpRequest.php b/application/core/LSHttpRequest.php
@@ -39,6 +39,9 @@ class LSHttpRequest extends CHttpRequest
     public $noCsrfValidationRoutes = array();
     public $noCsrfValidationParams = array();
 
+    /** @var array<string,mixed>|null the request query parameters (name-value pairs) */
+    private $queryParams;
+
     /**
      * Return the referal url,
      * it's used for the "close" buttons, and the "save and close" buttons
@@ -219,4 +222,29 @@ public function getPathInfo()
         return $this->_pathInfo;
     }
 
+    /**
+     * Returns the request parameters given in the [[queryString]].
+     *
+     * This method will return the contents of `$_GET` if params where not explicitly set.
+     * @return array the request GET parameter values.
+     * @see setQueryParams()
+     */
+    public function getQueryParams()
+    {
+        if ($this->queryParams === null) {
+            return $_GET;
+        }
+
+        return $this->queryParams;
+    }
+
+    /**
+     * Sets the request [[queryString]] parameters.
+     * @param array $values the request query parameters (name-value pairs)
+     * @see getQueryParams()
+     */
+    public function setQueryParams($values)
+    {
+        $this->queryParams = $values;
+    }
 }
diff --git a/application/helpers/frontend_helper.php b/application/helpers/frontend_helper.php
@@ -884,8 +884,9 @@ function prefillFromCommandLine($surveyid)
     } else {
         $startingValues = $_SESSION['survey_'.$surveyid]['startingValues'];
     }
-    if (Yii::app()->getRequest()->getRequestType()=='GET') {
-        $getValues = array_diff_key($_GET,array_combine($reservedGetValues, $reservedGetValues));
+    $request = Yii::app()->getRequest();
+    if (in_array($request->getRequestType(), ['GET', 'POST'])) {
+        $getValues = array_diff_key($request->getQueryParams(), array_combine($reservedGetValues, $reservedGetValues));
         if(!empty($getValues)) {
             $qcode2sgqa = array();
             Yii::import('application.helpers.viewHelper');
@@ -1320,7 +1321,7 @@ function renderRenderWayForm($renderWay, array $scenarios, $sTemplateViewPath, $
             // Rendering layout_user_forms.twig
             $thissurvey                     = $oSurvey->attributes;
             $thissurvey["aForm"]            = $aForm;
-            $thissurvey['surveyUrl']        = App()->createUrl("/survey/index", array("sid"=>$surveyid));
+            $thissurvey['surveyUrl']        = App()->createUrl("/survey/index", array_merge(["sid"=>$surveyid], getForwardParameters(Yii::app()->getRequest())));
             $thissurvey['include_content']  = 'userforms';
 
             Yii::app()->clientScript->registerScriptFile(Yii::app()->getConfig("generalscripts").'nojs.js', CClientScript::POS_HEAD);
@@ -2214,3 +2215,31 @@ function cookieConsentLocalization()
         gT('Please be patient until you are forwarded to the final URL.')
     );
 }
+
+/**
+ * Returns an array of URL parameters that can be forwarded
+ *
+ * @param LSHttpRequest $request the HTTP request
+ *
+ * @return array<string,mixed>
+ */
+function getForwardParameters($request)
+{
+    $reservedGetValues = array(
+        'token',
+        'sid',
+        'gid',
+        'qid',
+        'lang',
+        'newtest',
+        'action',
+        'seed',
+        'index.php',
+    );
+
+    $parameters = [];
+    if (in_array($request->getRequestType(), ['GET', 'POST'])) {
+        $parameters = array_diff_key($request->getQueryParams(), array_flip($reservedGetValues));
+    }
+    return $parameters;
+}