Merge branch 'master' into bug/16995-YII_CSRF_TOKEN-shown-in-url

.github/workflows/main.yml

@@ -5,6 +5,11 @@ on:
   push:
     branches:
       - '*'
+      - '**'
+      - 'dev/**'
+      - 'bug/**'
+      - 'feature/**'
+      - 'zoho/**'
 
 jobs:
   CI-pipeline:
@@ -113,12 +118,15 @@ jobs:
 
       - name: Set up Selenium with firefox
         run: |
-          which firefox
-          firefox -v
+          echo `which firefox`
+          echo `firefox -v`
+          echo `geckodriver --version`
 
           # Setup Selenium with Firefox headless mode, Gecko driver already installed
           wget "https://selenium-release.storage.googleapis.com/3.7/selenium-server-standalone-3.7.1.jar"
           export MOZ_HEADLESS=1
+          export MOZ_HEADLESS_WIDTH=1280
+          export MOZ_HEADLESS_HEIGHT=1024
           java -jar selenium-server-standalone-3.7.1.jar -enablePassThrough false > /dev/null 2> /dev/null &
 
       # Prepare the packages that need to be tested and update the nvm
@@ -136,4 +144,4 @@ jobs:
       - name: Run the test script
         run: |
           DOMAIN=localhost ./third_party/bin/phpunit --testdox --stop-on-failure
-          yarn --cwd ./assets/packages/adminbasics run test
+          yarn --cwd ./assets/packages/adminbasics run test

application/config/config-defaults.php

@@ -87,7 +87,7 @@
 
 // Please be very careful if you want to allow SVG files - there are several XSS dangerous security issues
 $config['allowedthemeimageformats'] = 'gif,ico,jpg,png'; // Image file types allowed to be uploaded in the themes section.
-$config['allowedthemeuploads'] = 'css,js,map,json,eot,ttf,woff,txt,md,xml,woff2,twig'; // Other file types allowed to be uploaded in the themes section.
+$config['allowedthemeuploads'] = 'css,js,map,json,eot,otf,ttf,woff,txt,md,xml,woff2,twig'; // Other file types allowed to be uploaded in the themes section.
 $config['allowedfileuploads'] = [
     //Documents
     'xls', 'doc', 'xlsx', 'docx', 'odt', 'ods', 'pdf',
@@ -100,8 +100,9 @@
     //videos
     'mp4', 'avi', 'mkv', 'mpeg', 'mpg', 'wmv', 'h264', 'h265', 'mov', 'webm', 'divx', 'xvid',
 ];
-$config['allowedresourcesuploads'] = '7z,aiff,asf,avi,bmp,csv,doc,docx,fla,flv,gif,gz,gzip,ico,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg,mpg,ods,odt,pdf,png,ppt,pxd,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,sitd,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xlsx,xml,zip,css,js'; // File types allowed to be uploaded in the resources sections, and with the HTML Editor
-$config['allowedpluginuploads'] = 'gif,ico,jpg,png,css,js,map,json,eot,ttf,woff,txt,md,xml,woff2,twig,php,html';
+// NB: Allowing XML enables XSS, since XML can be an HTML page.
+$config['allowedresourcesuploads'] = '7z,aiff,asf,avi,bmp,csv,doc,docx,fla,flv,gif,gz,gzip,ico,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg,mpg,ods,odt,pdf,png,ppt,pxd,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,sitd,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xlsx,zip,css,js'; // File types allowed to be uploaded in the resources sections, and with the HTML Editor
+$config['allowedpluginuploads'] = 'gif,ico,jpg,png,css,js,map,json,eot,otf,ttf,woff,txt,md,xml,woff2,twig,php,html';
 
 $config['memory_limit'] = '256'; // This sets how much memory LimeSurvey can access in megabytes. 256 MB is the minimum recommended - if you are using PDF functions up to 512 MB may be needed
 
@@ -763,7 +764,7 @@
 
 // Preselected Question Type
 $config['preselectquestiontype'] = 'T';
-$config['preselectquestiontheme'] = 'core';
+$config['preselectquestiontheme'] = 'longfreetext';
 
 // theme editor mode
 $config['defaultthemeteeditormode'] = 'default';

application/config/updater_version.php

@@ -15,7 +15,7 @@
 
     // THIS FILE SHOULD NOT BE CHANGED MANUALLY !
 
-$config['updaterversion'] = 9;
+$config['updaterversion'] = 10;
 $config['comfort_update_server_url'] = 'comfortupdate.limesurvey.org/';
 //$config['comfort_update_server_url'] = 'web.comfortupdate.org/';
 $config['comfort_update_server_ssl'] = 0;

application/config/version.php

@@ -11,10 +11,10 @@
  * See COPYRIGHT.php for copyright notices and details.
  */
 
-$config['versionnumber'] = '5.1.0-dev';
-$config['dbversionnumber'] = 460;
+$config['versionnumber'] = '5.1.10';
+$config['dbversionnumber'] = 474;
 $config['buildnumber'] = '';
 $config['updatable'] = true;
 $config['templateapiversion']  = 3;
-$config['assetsversionnumber'] = '30220';
+$config['assetsversionnumber'] = '30235';
 return $config;

application/controllers/HomepageSettingsController.php

@@ -51,6 +51,11 @@ public function actionIndex()
             $this->redirect($this->createUrl("/admin"));
         }
 
+        // Page size
+        if (App()->request->getParam('pageSize')) {
+            App()->user->setState('pageSize', (int) App()->request->getParam('pageSize'));
+        }
+
         $dataProviderBox = new CActiveDataProvider('Box');
 
         $this->aData = [
@@ -65,7 +70,7 @@ public function actionIndex()
         ];
 
         $this->render('index', [
-            'dataProviderBox' => $dataProviderBox,
+            'dataProviderBox' => $dataProviderBox->model,
             'bShowLogo' => App()->getConfig('show_logo') == "show",
             'bShowLastSurveyAndQuestion' => App()->getConfig('show_last_survey_and_question') == "show",
             'bShowSurveyList' => App()->getConfig('show_survey_list') == "show",

application/controllers/InstallerController.php

@@ -526,6 +526,10 @@ private function stepOptionalConfiguration()
                         $model->db->createCommand()->insert("{{settings_global}}", array('stg_name' => 'siteadminbounce', 'stg_value' => $model->adminEmail));
                         $model->db->createCommand()->insert("{{settings_global}}", array('stg_name' => 'defaultlang', 'stg_value' => $model->surveylang));
 
+                        // Save survey global settings
+                        $model->db->createCommand()->update('{{surveys_groupsettings}}', ['admin' => $model->adminName], "gsid=0");
+                        $model->db->createCommand()->update('{{surveys_groupsettings}}', ['adminemail' => $model->adminEmail], "gsid=0");
+
                         // only continue if we're error free otherwise setup is broken.
                         Yii::app()->session['deletedirectories'] = true;