Fixed issue #08033: since enable CSRF protection: Cannot access advan…

…ced question attributes Dev there were two errors: 1. wrong Url Target 2. No YII_CSRF_TOKEN supplied
LimeSurvey · Aug 13, 2013 · 4f75692 · 4f75692
1 parent bda7aac
commit 4f75692
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/application/views/admin/survey/Question/editQuestion_view.php b/application/views/admin/survey/Question/editQuestion_view.php
@@ -1,6 +1,8 @@
 <script type='text/javascript'>
-    var attr_url = "<?php echo $this->createUrl('/admin/questions/sa/ajaxquestionattributes'); ?>";
+    var attr_url = "<?php echo $this->createUrl('/admin/questions/ajaxquestionattributes'); ?>";
     var imgurl = '<?php echo Yii::app()->getConfig('imageurl'); ?>';
+    var yii_csrf = "<?php echo Yii::app()->request->csrfToken; ?>";
+
 </script>
 <?php PrepareEditorScript(true, $this); ?>
 

diff --git a/scripts/admin/admin_core.js b/scripts/admin/admin_core.js
@@ -191,7 +191,8 @@ function updatequestionattributes()
     if (selected_value==undefined) selected_value = $("#question_type").val();
     $('#advancedquestionsettings').load(attr_url,{qid:$('#qid').val(),
         question_type:selected_value,
-        sid:$('#sid').val()
+        sid:$('#sid').val(),
+        'YII_CSRF_TOKEN':yii_csrf
     }, function(){
         // Loads the tooltips for the toolbars