Fixed issue #11818: Non-sanitized output in massive actions for quest…

…ion list

application/views/admin/survey/Question/massive_actions/_set_css_class.php

@@ -9,7 +9,7 @@
         <div class="col-sm-8">
             <input type="text" class="form-control custom-data attributes-to-update" id="cssclass" name="cssclass" value="">
         </div>
-        <input type="hidden" name="sid" value="<?php echo $_GET['surveyid']; ?>" class="custom-data"/>
+        <input type="hidden" name="sid" value="<?php echo (int) Yii::app()->request->getParam('surveyid',0); ?>" class="custom-data"/>
         <input type="hidden" name="aValidQuestionTypes" value="15ABCDEFGHIKLMNOPQRSTUWXYZ!:;|*" class="custom-data"/>
     </div>
 </form>

application/views/admin/survey/Question/massive_actions/_set_questions_other.php

@@ -9,6 +9,6 @@
         <div class="col-sm-8">
             <?php $this->widget('yiiwheels.widgets.switch.WhSwitch', array('name' => 'other', 'value'=> '', 'htmlOptions'=>array('class'=>'custom-data  bootstrap-switch-boolean', 'data-gridid'=>'question-grid'), 'onLabel'=>gT('On'),'offLabel'=>gT('Off')));?>
         </div>
-        <input type="hidden" name="sid" value="<?php echo $_GET['surveyid']; ?>" class="custom-data"/>
+        <input type="hidden" name="sid" value="<?php echo (int) Yii::app()->request->getParam('surveyid',0); ?>" class="custom-data"/>
     </div>
 </form>

application/views/admin/survey/Question/massive_actions/_set_statistics_options.php

@@ -56,7 +56,7 @@
         </div>
     </div>
 
-    <input type="hidden" name="sid" value="<?php echo $_GET['surveyid']; ?>" class="custom-data"/>
+    <input type="hidden" name="sid" value="<?php echo (int) Yii::app()->request->getParam('surveyid',0); ?>" class="custom-data"/>
     <input type="hidden" name="aValidQuestionTypes" value="15ABCDEFGHIKLMNOPQRSTUWXYZ!:;|*" class="custom-data"/>
 </form>
 <br/><br/>