From 96199cc60c32887cdee170a9a6b51489f4c56042 Mon Sep 17 00:00:00 2001
From: Carsten Schmitz
Date: Mon, 19 Sep 2016 13:03:41 +0200
Subject: [PATCH] Fixed issue: Tokens are silently sanitized on import - should
be skipped instead with proper error message in import summary
---
application/controllers/admin/tokens.php | 18 +++++++++------
.../{csvpost.php => csvimportresult.php} | 23 +++++++++++++++++--
2 files changed, 32 insertions(+), 9 deletions(-)
rename application/views/admin/token/{csvpost.php => csvimportresult.php} (84%)
diff --git a/application/controllers/admin/tokens.php b/application/controllers/admin/tokens.php
index 2fd31b0b3d2..b53fd3f1c6d 100644
--- a/application/controllers/admin/tokens.php
+++ b/application/controllers/admin/tokens.php
@@ -2201,6 +2201,7 @@ public function import($iSurveyId)
$aAttrFieldNames = getAttributeFieldNames($iSurveyId);
$aDuplicateList = array();
+ $aInvalidTokenList= array();
$aInvalidEmailList = array();
$aInvalidFormatList = array();
$aModelErrorList = array();
@@ -2339,6 +2340,7 @@ public function import($iSurveyId)
}
$bDuplicateFound = false;
$bInvalidEmail = false;
+ $bInvalidToken = false;
$aWriteArray['email'] = isset($aWriteArray['email']) ? trim($aWriteArray['email']) : "";
$aWriteArray['firstname'] = isset($aWriteArray['firstname']) ? $aWriteArray['firstname'] : "";
$aWriteArray['lastname'] = isset($aWriteArray['lastname']) ? $aWriteArray['lastname'] : "";
@@ -2393,11 +2395,15 @@ public function import($iSurveyId)
}
}
}
- }
+ }
if (!$bDuplicateFound && !$bInvalidEmail && isset($aWriteArray['token']) && trim($aWriteArray['token'])!='')
{
- $aWriteArray['token'] = sanitize_token($aWriteArray['token']);
+ if (trim($aWriteArray['token']) != sanitize_token($aWriteArray['token']));
+ {
+ $aInvalidTokenList[] = sprintf(gT("Line %s : %s %s (%s) - token : %s"),$iRecordCount,CHtml::encode($aWriteArray['firstname']),CHtml::encode($aWriteArray['lastname']),CHtml::encode($aWriteArray['email']),CHtml::encode($aWriteArray['token']));
+ $bInvalidToken=true;
+ }
// We allways search for duplicate token (it's in model. Allow to reset or update token ?
if(Token::model($iSurveyId)->count("token=:token",array(":token"=>$aWriteArray['token'])))
{
@@ -2406,7 +2412,7 @@ public function import($iSurveyId)
}
}
- if (!$bDuplicateFound && !$bInvalidEmail)
+ if (!$bDuplicateFound && !$bInvalidEmail && !$bInvalidToken)
{
// unset all empty value
foreach ($aWriteArray as $key=>$value)
@@ -2442,15 +2448,14 @@ public function import($iSurveyId)
$iRecordCount++;
}
$iRecordCount = $iRecordCount - 1;
-
unlink($sFileName);
-
$aData['aTokenListArray'] = $aTokenListArray;// Big array in memory, just for success ?
$aData['iRecordImported'] = $iRecordImported;
$aData['iRecordOk'] = $iRecordOk;
$aData['iRecordCount'] = $iRecordCount;
$aData['aFirstLine'] = $aFirstLine;// Seem not needed
$aData['aDuplicateList'] = $aDuplicateList;
+ $aData['aInvalidTokenList'] = $aInvalidTokenList;
$aData['aInvalidFormatList'] = $aInvalidFormatList;
$aData['aInvalidEmailList'] = $aInvalidEmailList;
$aData['aModelErrorList'] = $aModelErrorList;
@@ -2459,8 +2464,7 @@ public function import($iSurveyId)
$aData['iSurveyId'] = $aData['surveyid'] = $iSurveyId;
$aData['aInvalideAttrFieldName'] = $aInvalideAttrFieldName;
$aData['aMissingAttrFieldName'] = $aMissingAttrFieldName;
-
- $this->_renderWrappedTemplate('token', array( 'csvpost'), $aData);
+ $this->_renderWrappedTemplate('token', array( 'csvimportresult'), $aData);
Yii::app()->end();
}
}
diff --git a/application/views/admin/token/csvpost.php b/application/views/admin/token/csvimportresult.php
similarity index 84%
rename from application/views/admin/token/csvpost.php
rename to application/views/admin/token/csvimportresult.php
index a741457e022..59f79d17b2e 100644
--- a/application/views/admin/token/csvpost.php
+++ b/application/views/admin/token/csvimportresult.php
@@ -36,10 +36,29 @@
-
-
+
+