From 231d02b55f4e5c11b62cdf2de206a99623520acd Mon Sep 17 00:00:00 2001 From: Denis Chenu Date: Thu, 7 Oct 2021 19:01:34 +0200 Subject: [PATCH] =?UTF-8?q?Fixed=20issue=20#14302:=20Easy=20way=20to=20get?= =?UTF-8?q?=20token=20in=20a=20anonymous=20survey=20(super=20admin)=20Dev:?= =?UTF-8?q?=20remove=20token=20hidden=20input=20for=20anonymous=20survey?= =?UTF-8?q?=20Dev:=20get=20$clienttoken=20by=20session=20in=20anonymous=20?= =?UTF-8?q?survey=20Dev:=20$clienttoken=20usage=20:=20check=20token=20vali?= =?UTF-8?q?daty=20on=20all=20page=20(time,=20submitted=20etc=20=E2=80=A6)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/controllers/survey/index.php | 6 ++++++ application/helpers/SurveyRuntimeHelper.php | 5 +++-- application/helpers/frontend_helper.php | 5 ++--- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/application/controllers/survey/index.php b/application/controllers/survey/index.php index 8bab9e7166d..f44b557a93d 100644 --- a/application/controllers/survey/index.php +++ b/application/controllers/survey/index.php @@ -37,7 +37,13 @@ public function action() $surveyid = $param['sid']; $thisstep = $param['thisstep']; $move = getMove(); + + /* Get client token by POST or GET value */ $clienttoken = trim($param['token']); + /* If not set : get by SESSION to avoid multiple submit of same token in different navigator */ + if(empty($clienttoken) && !empty($_SESSION['survey_' . $surveyid]['token'] )) { + $clienttoken = $_SESSION['survey_' . $surveyid]['token']; + } $oSurvey = Survey::model()->findByPk($surveyid); diff --git a/application/helpers/SurveyRuntimeHelper.php b/application/helpers/SurveyRuntimeHelper.php index 9de5e75567f..9e6a31144ad 100644 --- a/application/helpers/SurveyRuntimeHelper.php +++ b/application/helpers/SurveyRuntimeHelper.php @@ -540,8 +540,9 @@ public function run($surveyid, $args) $this->aSurveyInfo['hiddenInputs'] .= \CHtml::hiddenField('start_time', time(), array('id' => 'start_time')); $_SESSION[$this->LEMsessid]['LEMpostKey'] = isset($_POST['LEMpostKeyPreset']) ? $_POST['LEMpostKeyPreset'] : mt_rand(); $this->aSurveyInfo['hiddenInputs'] .= \CHtml::hiddenField('LEMpostKey', $_SESSION[$this->LEMsessid]['LEMpostKey'], array('id' => 'LEMpostKey')); - if (!empty($_SESSION[$this->LEMsessid]['token'])) { - $this->aSurveyInfo['hiddenInputs'] .= \CHtml::hiddenField('token', $_SESSION[$this->LEMsessid]['token'], array('id' => 'token')); + /* Reset session with multiple tabs (show Token mismatch issue) , but only for not anonymous survey */ + if (!empty($_SESSION[$this->LEMsessid]['token']) and $this->aSurveyInfo['anonymized'] != 'Y') { + $this->aSurveyInfo['hiddenInputs'] .= \CHtml::hiddenField('token', $_SESSION[$this->LEMsessid]['token'], array('id'=>'token')); } } diff --git a/application/helpers/frontend_helper.php b/application/helpers/frontend_helper.php index b1ff806bb25..5cff5418a58 100644 --- a/application/helpers/frontend_helper.php +++ b/application/helpers/frontend_helper.php @@ -1897,9 +1897,8 @@ function display_first_page($thissurvey, $aSurveyInfo) $thissurvey['EM']['ScriptsAndHiddenInputs'] .= \CHtml::hiddenField('lastgroupname', '_WELCOME_SCREEN_', array('id' => 'lastgroupname')); //This is to ensure consistency with mandatory checks, and new group test $thissurvey['EM']['ScriptsAndHiddenInputs'] .= \CHtml::hiddenField('LEMpostKey', $_SESSION['survey_' . $surveyid]['LEMpostKey'], array('id' => 'LEMpostKey')); $thissurvey['EM']['ScriptsAndHiddenInputs'] .= \CHtml::hiddenField('thisstep', 0, array('id' => 'thisstep')); - - if (!empty($_SESSION['survey_' . $surveyid]['token'])) { - $thissurvey['EM']['ScriptsAndHiddenInputs'] .= \CHtml::hiddenField('token', $_SESSION['survey_' . $surveyid]['token'], array('id' => 'token')); + if (!empty($_SESSION['survey_'.$surveyid]['token']) && $thissurvey['anonymized'] != "Y") { + $thissurvey['EM']['ScriptsAndHiddenInputs'] .= \CHtml::hiddenField('token', $_SESSION['survey_'.$surveyid]['token'], array('id'=>'token')); } if (!empty($loadsecurity)) {