Skip to content

Commit

Permalink
Dev: review fce5e1d
Browse files Browse the repository at this point in the history 
Dev: add parameters in returnGlobal ($bRestrictToString default false)
Dev: true for public part
Dev: filters array of sid/qid etc .... for admin part
  • Loading branch information
@Shnoulle
Shnoulle committed Jun 17, 2013
1 parent 137c4c5 commit 3d28e0e
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 63 deletions.
44 changes: 9 additions & 35 deletions application/controllers/survey/index.php
View file
Expand Up @@ -390,12 +390,9 @@ function sendreq(surveyid)
$this->_niceExit($redata, __LINE__, $thissurvey['templatedir'], $asMessage);
}

if (isset($_GET['loadall']) && $_GET['loadall'] == "reload")
if (returnGlobal('loadname',true)=="reload")
{
if (returnGlobal('loadname') && returnGlobal('loadpass'))
{
$_POST['loadall']="reload";
}
$_POST['loadall']="reload";
}

//LOAD SAVED SURVEY
Expand Down Expand Up @@ -462,7 +459,7 @@ function sendreq(surveyid)
isset($_SESSION['survey_'.$surveyid]['step']) && $_SESSION['survey_'.$surveyid]['step']>0 && tableExists("tokens_{$surveyid}}}"))
{
//check if tokens actually haven't been already used
$areTokensUsed = usedTokens(trim(strip_tags(returnGlobal('token'))),$surveyid);
$areTokensUsed = usedTokens(trim(strip_tags(returnGlobal('token',true))),$surveyid);
// check if token actually does exist
// check also if it is allowed to change survey after completion
if ($thissurvey['alloweditaftercompletion'] == 'Y' ) {
Expand Down Expand Up @@ -673,38 +670,15 @@ function _getParameters($args = array(), $post = array())
if(count($args)%2 == 0) {
for ($i = 0; $i < count($args); $i+=2) {
//Sanitize input from URL with returnGlobal
$param[$args[$i]] = returnGlobal($args[$i], $args[$i+1]);
$param[$args[$i]] = returnGlobal($args[$i],true);
}
}

if( !isset($param['lang']) )
$param['lang'] = returnGlobal('lang');
if( !isset($param['action']) )
$param['action'] = returnGlobal('action');
if( !isset($param['newtest']) )
$param['newtest'] = returnGlobal('newtest');
if( !isset($param['qid']) )
$param['qid'] = returnGlobal('qid');
if( !isset($param['gid']) )
$param['gid'] = returnGlobal('gid');
if ( !isset($param['sid']) )
$param['sid'] = (int) returnGlobal('sid');
if ( !isset($param['loadname']) )
$param['loadname'] = returnGlobal('loadname');
if ( !isset($param['loadpass']) )
$param['loadpass'] = returnGlobal('loadpass');
if ( !isset($param['scid']) )
$param['scid'] = returnGlobal('scid');
if ( !isset($param['thisstep']) )
$param['thisstep'] = returnGlobal('thisstep');
if ( !isset($param['move']) )
$param['move'] = returnGlobal('move');
if ( !isset($param['token']) )
$param['token'] = returnGlobal('token');

if ( !isset($param['thisstep']) )
$param['thisstep'] = '';

// Need some $param (else PHP notice)
foreach(array('lang','action','newtest','qid','gid','sid','loadname','loadpass','scid','thisstep','move','token') as $sNeededParam)
{
$param[$sNeededParam]=returnGlobal($sNeededParam,true);
}
return $param;
}

Expand Down
38 changes: 19 additions & 19 deletions application/helpers/common_helper.php
View file
Expand Up @@ -1596,10 +1596,10 @@ function fixMovedQuestionConditions($qid,$oldgid,$newgid) //Function rewrites th
/**
* This function returns POST/REQUEST vars, for some vars like SID and others they are also sanitized
*
* @param mixed $stringname
* @param mixed $urlParam
* @param string $stringname
* @param boolean $bRestrictToString
*/
function returnGlobal($stringname)
function returnGlobal($stringname,$bRestrictToString=false)
{
$urlParam=Yii::app()->request->getParam($stringname);
if(!$urlParam && $aCookies=Yii::app()->request->getCookies() && $stringname!='sid')
Expand All @@ -1609,8 +1609,9 @@ function returnGlobal($stringname)
$urlParam = $aCookies[$stringname];
}
}

if ($urlParam)
$bUrlParamIsArray=is_array($urlParam);
tracevar($bRestrictToString);
if ($urlParam && (!$bUrlParamIsArray || !$bRestrictToString))
{
if ($stringname == 'sid' || $stringname == "gid" || $stringname == "oldqid" ||
$stringname == "qid" || $stringname == "tid" ||
Expand All @@ -1620,18 +1621,18 @@ function returnGlobal($stringname)
$stringname == "qaid" || $stringname == "scid" ||
$stringname == "loadsecurity")
{
if (is_string($urlParam)) {
if($bUrlParamIsArray){
return array_map("sanitize_int",$urlParam);
}else{
return sanitize_int($urlParam);
} else {
return null;
}
}
elseif ($stringname =="lang" || $stringname =="adminlang")
{
if (is_string($urlParam)) {
if($bUrlParamIsArray){
return array_map("sanitize_languagecode",$urlParam);
}else{
return sanitize_languagecode($urlParam);
} else {
return null;
}
}
elseif ($stringname =="htmleditormode" ||
Expand All @@ -1640,18 +1641,18 @@ function returnGlobal($stringname)
$stringname =="templateeditormode"
)
{
if (is_string($urlParam)) {
return sanitize_paranoid_string($urlParam);
} else {
return null;
if($bUrlParamIsArray){
return array_map("sanitize_paranoid_string",$urlParam);
}else{
return sanitize_paranoid_string($urlParam);
}
}
elseif ( $stringname =="cquestions")
{
if (is_string($urlParam)) {
if($bUrlParamIsArray){
return array_map("sanitize_cquestions",$urlParam);
}else{
return sanitize_cquestions($urlParam);
} else {
return null;
}
}
return $urlParam;
Expand All @@ -1660,7 +1661,6 @@ function returnGlobal($stringname)
{
return NULL;
}

}


Expand Down
18 changes: 9 additions & 9 deletions application/helpers/frontend_helper.php
View file
Expand Up @@ -18,7 +18,7 @@ function loadanswers()
global $clienttoken;
$clang = Yii::app()->lang;

$scid=returnGlobal('scid');
$scid=returnGlobal('scid',true);
if (isset($_POST['loadall']) && $_POST['loadall'] == "reload")
{
$query = "SELECT * FROM {{saved_control}} INNER JOIN {$thissurvey['tablename']}
Expand Down Expand Up @@ -1281,7 +1281,7 @@ function buildsurveysession($surveyid,$preview=false)
$_SESSION['survey_'.$surveyid]['templatepath']=getTemplatePath($_SESSION['survey_'.$surveyid]['templatename']).DIRECTORY_SEPARATOR;
$sTemplatePath=$_SESSION['survey_'.$surveyid]['templatepath'];

$loadsecurity = returnGlobal('loadsecurity');
$loadsecurity = returnGlobal('loadsecurity',true);

// NO TOKEN REQUIRED BUT CAPTCHA ENABLED FOR SURVEY ACCESS
if ($tokensexist == 0 && isCaptchaEnabled('surveyaccessscreen',$thissurvey['usecaptcha']) && !$preview)
Expand Down Expand Up @@ -1319,7 +1319,7 @@ function buildsurveysession($surveyid,$preview=false)
{
echo "
<input type='hidden' name='loadall' value='".htmlspecialchars($_GET['loadall'])."' id='loadall' />
<input type='hidden' name='scid' value='".returnGlobal('scid')."' id='scid' />
<input type='hidden' name='scid' value='".returnGlobal('scid',true)."' id='scid' />
<input type='hidden' name='loadname' value='".htmlspecialchars($_GET['loadname'])."' id='loadname' />
<input type='hidden' name='loadpass' value='".htmlspecialchars($_GET['loadpass'])."' id='loadpass' />";
}
Expand Down Expand Up @@ -1399,7 +1399,7 @@ function buildsurveysession($surveyid,$preview=false)
{
echo "
<input type='hidden' name='loadall' value='".htmlspecialchars($_GET['loadall'])."' id='loadall' />
<input type='hidden' name='scid' value='".returnGlobal('scid')."' id='scid' />
<input type='hidden' name='scid' value='".returnGlobal('scid',true)."' id='scid' />
<input type='hidden' name='loadname' value='".htmlspecialchars($_GET['loadname'])."' id='loadname' />
<input type='hidden' name='loadpass' value='".htmlspecialchars($_GET['loadpass'])."' id='loadpass' />";
}
Expand Down Expand Up @@ -1548,7 +1548,7 @@ function buildsurveysession($surveyid,$preview=false)
&& isset($_GET['loadname']) && isset($_GET['loadpass']))
{
echo "<input type='hidden' name='loadall' value='".htmlspecialchars($_GET['loadall'])."' id='loadall' />
<input type='hidden' name='scid' value='".returnGlobal('scid')."' id='scid' />
<input type='hidden' name='scid' value='".returnGlobal('scid',true)."' id='scid' />
<input type='hidden' name='loadname' value='".htmlspecialchars($_GET['loadname'])."' id='loadname' />
<input type='hidden' name='loadpass' value='".htmlspecialchars($_GET['loadpass'])."' id='loadpass' />";
}
Expand All @@ -1567,7 +1567,7 @@ function buildsurveysession($surveyid,$preview=false)
&& isset($_GET['loadname']) && isset($_GET['loadpass']))
{
echo "<input type='hidden' name='loadall' value='".htmlspecialchars($_GET['loadall'])."' id='loadall' />
<input type='hidden' name='scid' value='".returnGlobal('scid')."' id='scid' />
<input type='hidden' name='scid' value='".returnGlobal('scid',true)."' id='scid' />
<input type='hidden' name='loadname' value='".htmlspecialchars($_GET['loadname'])."' id='loadname' />
<input type='hidden' name='loadpass' value='".htmlspecialchars($_GET['loadpass'])."' id='loadpass' />";
}
Expand Down Expand Up @@ -1620,7 +1620,7 @@ function buildsurveysession($surveyid,$preview=false)
}
if (returnGlobal('lang'))
{
$language_to_set=returnGlobal('lang');
$language_to_set=returnGlobal('lang',true);
} elseif (isset($tklanguage))
{
$language_to_set=$tklanguage;
Expand Down Expand Up @@ -2532,7 +2532,7 @@ function checkQuota($checkaction,$surveyid)
<input type='hidden' name='move' value='movenext' id='movenext' />
<button class='nav-button nav-button-icon-left ui-corner-all' class='submit' accesskey='p' onclick=\"javascript:document.limesurvey.move.value = 'moveprev'; document.limesurvey.submit();\" id='moveprevbtn'>".$clang->gT("Previous")."</button>
<input type='hidden' name='thisstep' value='".($_SESSION['survey_'.$surveyid]['step'])."' id='thisstep' />
<input type='hidden' name='sid' value='".returnGlobal('sid')."' id='sid' />
<input type='hidden' name='sid' value='".returnGlobal('sid',true)."' id='sid' />
<input type='hidden' name='token' value='".$clienttoken."' id='token' />
</form>\n";
echo "\t</div>\n";
Expand Down Expand Up @@ -2663,7 +2663,7 @@ function display_first_page() {
echo "\n<input type='hidden' name='token' value='$token' id='token' />\n";
}
echo "\n<input type='hidden' name='lastgroupname' value='_WELCOME_SCREEN_' id='lastgroupname' />\n"; //This is to ensure consistency with mandatory checks, and new group test
$loadsecurity = returnGlobal('loadsecurity');
$loadsecurity = returnGlobal('loadsecurity',true);
if (isset($loadsecurity)) {
echo "\n<input type='hidden' name='loadsecurity' value='$loadsecurity' id='loadsecurity' />\n";
}
Expand Down

0 comments on commit 3d28e0e

Please sign in to comment.