From 96199cc60c32887cdee170a9a6b51489f4c56042 Mon Sep 17 00:00:00 2001 From: Carsten Schmitz Date: Mon, 19 Sep 2016 13:03:41 +0200 Subject: [PATCH] Fixed issue: Tokens are silently sanitized on import - should be skipped instead with proper error message in import summary --- application/controllers/admin/tokens.php | 18 +++++++++------ .../{csvpost.php => csvimportresult.php} | 23 +++++++++++++++++-- 2 files changed, 32 insertions(+), 9 deletions(-) rename application/views/admin/token/{csvpost.php => csvimportresult.php} (84%) diff --git a/application/controllers/admin/tokens.php b/application/controllers/admin/tokens.php index 2fd31b0b3d2..b53fd3f1c6d 100644 --- a/application/controllers/admin/tokens.php +++ b/application/controllers/admin/tokens.php @@ -2201,6 +2201,7 @@ public function import($iSurveyId) $aAttrFieldNames = getAttributeFieldNames($iSurveyId); $aDuplicateList = array(); + $aInvalidTokenList= array(); $aInvalidEmailList = array(); $aInvalidFormatList = array(); $aModelErrorList = array(); @@ -2339,6 +2340,7 @@ public function import($iSurveyId) } $bDuplicateFound = false; $bInvalidEmail = false; + $bInvalidToken = false; $aWriteArray['email'] = isset($aWriteArray['email']) ? trim($aWriteArray['email']) : ""; $aWriteArray['firstname'] = isset($aWriteArray['firstname']) ? $aWriteArray['firstname'] : ""; $aWriteArray['lastname'] = isset($aWriteArray['lastname']) ? $aWriteArray['lastname'] : ""; @@ -2393,11 +2395,15 @@ public function import($iSurveyId) } } } - } + } if (!$bDuplicateFound && !$bInvalidEmail && isset($aWriteArray['token']) && trim($aWriteArray['token'])!='') { - $aWriteArray['token'] = sanitize_token($aWriteArray['token']); + if (trim($aWriteArray['token']) != sanitize_token($aWriteArray['token'])); + { + $aInvalidTokenList[] = sprintf(gT("Line %s : %s %s (%s) - token : %s"),$iRecordCount,CHtml::encode($aWriteArray['firstname']),CHtml::encode($aWriteArray['lastname']),CHtml::encode($aWriteArray['email']),CHtml::encode($aWriteArray['token'])); + $bInvalidToken=true; + } // We allways search for duplicate token (it's in model. Allow to reset or update token ? if(Token::model($iSurveyId)->count("token=:token",array(":token"=>$aWriteArray['token']))) { @@ -2406,7 +2412,7 @@ public function import($iSurveyId) } } - if (!$bDuplicateFound && !$bInvalidEmail) + if (!$bDuplicateFound && !$bInvalidEmail && !$bInvalidToken) { // unset all empty value foreach ($aWriteArray as $key=>$value) @@ -2442,15 +2448,14 @@ public function import($iSurveyId) $iRecordCount++; } $iRecordCount = $iRecordCount - 1; - unlink($sFileName); - $aData['aTokenListArray'] = $aTokenListArray;// Big array in memory, just for success ? $aData['iRecordImported'] = $iRecordImported; $aData['iRecordOk'] = $iRecordOk; $aData['iRecordCount'] = $iRecordCount; $aData['aFirstLine'] = $aFirstLine;// Seem not needed $aData['aDuplicateList'] = $aDuplicateList; + $aData['aInvalidTokenList'] = $aInvalidTokenList; $aData['aInvalidFormatList'] = $aInvalidFormatList; $aData['aInvalidEmailList'] = $aInvalidEmailList; $aData['aModelErrorList'] = $aModelErrorList; @@ -2459,8 +2464,7 @@ public function import($iSurveyId) $aData['iSurveyId'] = $aData['surveyid'] = $iSurveyId; $aData['aInvalideAttrFieldName'] = $aInvalideAttrFieldName; $aData['aMissingAttrFieldName'] = $aMissingAttrFieldName; - - $this->_renderWrappedTemplate('token', array( 'csvpost'), $aData); + $this->_renderWrappedTemplate('token', array( 'csvimportresult'), $aData); Yii::app()->end(); } } diff --git a/application/views/admin/token/csvpost.php b/application/views/admin/token/csvimportresult.php similarity index 84% rename from application/views/admin/token/csvpost.php rename to application/views/admin/token/csvimportresult.php index a741457e022..59f79d17b2e 100644 --- a/application/views/admin/token/csvpost.php +++ b/application/views/admin/token/csvimportresult.php @@ -36,10 +36,29 @@

- -

+ +