Dev: Merge branch 'master' into develop

CONTRIBUTING.md

@@ -0,0 +1,67 @@
+# How to contribute
+
+Third-party patches are essential for keeping LimeSurvey great. We simply can't
+access the huge number of platforms and myriad configurations for running
+LimeSurvey. We want to keep it as easy as possible to contribute changes that
+get things working in your environment. There are a few guidelines that we
+need contributors to follow so that we can have a chance of keeping on
+top of things.
+
+## Getting started
+
+* Make sure you have a [LimeSurvey account](https://www.limesurvey.org)
+* Make sure you have a [GitHub account](https://github.com/signup/free)
+* Submit a ticket at https://bugs.limesurvey.org for your issue, assuming one does not already exist.
+  * Clearly describe the issue including steps to reproduce when it is a bug.
+  * Make sure you fill in the earliest version that you know has the issue.
+* Fork the repository on GitHub
+
+## Making changes
+
+* Create a topic branch from where you want to base your work.
+  * This is usually the master branch.
+  * Only target release branches if you are certain your fix must be on that
+    branch.
+  * To quickly create a topic branch based on master; `git checkout -b
+    fix/master/my_contribution master`. Please avoid working directly on the
+    `master` branch.
+* Make commits of logical units.
+* Check for unnecessary whitespace with `git diff --check` before committing.
+* Make sure your commit messages are in the proper format - check out our 
+  [commit message guidelines](https://manual.limesurvey.org/Standard_for_Git_commit_messages).
+
+
+## Writing translatable code
+
+We use gettext-tooling to extract user-facing strings and pull in translations 
+based on the user's locale at runtime. In order for this tooling to work, all 
+user-facing strings must be wrapped in the `gT()` translation function, so they 
+can be extracted into files for the translators.
+
+When adding user-facing strings to your work, follow these guidelines:
+* Use full sentences. Strings built up out of concatenated bits are hard to translate.
+* Use string formatting instead of interpolation.
+    Ex. `sprintf(gT('Creating new user %s.'), $sUsername)`
+* Use `ngT()` for pluralization.
+
+It is the responsibility of contributors to ensure that all
+user-facing strings are marked in new PRs before merging.
+
+
+## Submitting changes
+
+* Push your changes to a topic branch in your fork of the repository.
+* Submit a pull request to the repository in the LimeSurvey organization.
+* Update your bug tracker ticket to mark that you have submitted code and are ready for it to be reviewed.
+  * Include a link to the pull request in the ticket.
+* The core team looks at Pull Requests on a regular basis in a weekly triage
+* After feedback has been given we expect responses within two weeks. After two
+  weeks we may close the pull request if it isn't showing any activity.
+
+# Additional resources
+
+* [Bug tracker (Mantis)](https://bugs.limesurvey.org)
+* [Standard for Git commit messages](https://manual.limesurvey.org/Standard_for_Git_commit_messages)
+* [General GitHub documentation](https://help.github.com/)
+* [GitHub pull request documentation](https://help.github.com/articles/creating-a-pull-request/)
+* #limesurvey IRC channel on freenode.org ([Archive](https://www.limesurvey.org/community/irc-logs-limesurvey)

application/config/config-defaults.php

@@ -93,9 +93,6 @@
 
 $config['maxemails']          = 50;               // The maximum number of emails to send in one go (this is to prevent your mail server or script from timeouting when sending mass mail)
 
-// Enable or Disable LDAP feature
-$config['enableLdap'] = false;
-
 // Experimental parameters, only change if you know what you're doing
 //
 // filterout_incomplete_answers
@@ -593,16 +590,13 @@
 $config['proxy_host_name'] = '';
 $config['proxy_host_port'] = 80;
 
+/** Forced superadmin rights, users in this array can not have superadmin total right disable.
+ * Default use the user created at the installation.
+ * @var integer[]
+ */
+$config['forcedsuperadmin'] = array(1);
 
 // === Advanced Setup
-// The following parameters need information from config.php
-// and thus are defined here (After reading your config.php file).
-// This means that if you want to tweak these very advanced parameters
-// you'll have to do this in this file and not in config.php
-// In this case, don't forget to backup your config-defaults.php settings when upgrading LS
-// and report them to the new config-defaults.php file (Do not simply overwrite the new
-// config-defaults file with your old one
-
 //The following url and dir locations do not need to be modified unless you have a non-standard
 //LimeSurvey installation. Do not change unless you know what you are doing.
 

application/controllers/AdminController.php

@@ -102,24 +102,21 @@ protected function _sessioncontrol()
     {
         // From personal settings
         if (Yii::app()->request->getPost('action') == 'savepersonalsettings') {
-            if (Yii::app()->request->getPost('lang')=='auto')
-            {
+            if (Yii::app()->request->getPost('lang')=='auto') {
                 $sLanguage= getBrowserLanguage();
-            }
-            else
-            {
+            } else {
                 $sLanguage=sanitize_languagecode(Yii::app()->request->getPost('lang'));
             }
             Yii::app()->session['adminlang'] = $sLanguage;
         }
-
-        if (empty(Yii::app()->session['adminlang']))
+        if (empty(Yii::app()->session['adminlang'])) {
             Yii::app()->session["adminlang"] = Yii::app()->getConfig("defaultlang");
-
+        }
         Yii::app()->setLanguage(Yii::app()->session["adminlang"]);
 
-        if (!empty($this->user_id))
+        if (!empty($this->user_id)) {
             $this->_GetSessionUserRights($this->user_id);
+        }
     }
 
     /**
@@ -282,8 +279,9 @@ public function _GetSessionUserRights($loginID)
     */
     public function _getAdminHeader($meta = false, $return = false)
     {
-        if (empty(Yii::app()->session['adminlang']))
+        if (empty(Yii::app()->session['adminlang'])) {
             Yii::app()->session["adminlang"] = Yii::app()->getConfig("defaultlang");
+        }
 
         $aData = array();
         $aData['adminlang'] = Yii::app()->language;

application/controllers/RegisterController.php

@@ -260,9 +260,9 @@ public function sendRegistrationEmail($iSurveyId,$iTokenId){
         $useHtmlEmail = (getEmailFormat($iSurveyId) == 'html');
         $aMail['subject']=preg_replace("/{TOKEN:([A-Z0-9_]+)}/","{"."$1"."}",$aMail['subject']);
         $aMail['message']=preg_replace("/{TOKEN:([A-Z0-9_]+)}/","{"."$1"."}",$aMail['message']);
-        $aReplacementFields["{SURVEYURL}"] = App()->createAbsoluteUrl("/survey/index/sid/{$iSurveyId}",array('lang'=>$sLanguage,'token'=>$sToken));
-        $aReplacementFields["{OPTOUTURL}"] = App()->createAbsoluteUrl("/optout/tokens/surveyid/{$iSurveyId}",array('langcode'=>$sLanguage,'token'=>$sToken));
-        $aReplacementFields["{OPTINURL}"] = App()->createAbsoluteUrl("/optin/tokens/surveyid/{$iSurveyId}",array('langcode'=>$sLanguage,'token'=>$sToken));
+        $aReplacementFields["{SURVEYURL}"] = Yii::app()->getController()->createAbsoluteUrl("/survey/index/sid/{$iSurveyId}",array('lang'=>$sLanguage,'token'=>$sToken));
+        $aReplacementFields["{OPTOUTURL}"] = Yii::app()->getController()->createAbsoluteUrl("/optout/tokens/surveyid/{$iSurveyId}",array('langcode'=>$sLanguage,'token'=>$sToken));
+        $aReplacementFields["{OPTINURL}"] = Yii::app()->getController()->createAbsoluteUrl("/optin/tokens/surveyid/{$iSurveyId}",array('langcode'=>$sLanguage,'token'=>$sToken));
         foreach(array('OPTOUT', 'OPTIN', 'SURVEY') as $key)
         {
             $url = $aReplacementFields["{{$key}URL}"];

application/controllers/admin/authentication.php

@@ -35,6 +35,11 @@ class Authentication extends Survey_Common_Action
      */
     public function index()
     {
+        /* Set adminlang to the one set in dropdown */
+        if(Yii::app()->request->getPost('loginlang','default')!='default') {
+            Yii::app()->session['adminlang'] = Yii::app()->request->getPost('loginlang','default');
+            Yii::app()->setLanguage(Yii::app()->session["adminlang"]);
+        }
         // The page should be shown only for non logged in users
         $this->_redirectIfLoggedIn();
 
@@ -223,12 +228,9 @@ public function forgotpassword()
     {
         $this->_redirectIfLoggedIn();
 
-        if (!Yii::app()->request->getPost('action'))
-        {
+        if (!Yii::app()->request->getPost('action')) {
             $this->_renderWrappedTemplate('authentication', 'forgotpassword');
-        }
-        else
-        {
+        } else {
             $sUserName = Yii::app()->request->getPost('user');
             $sEmailAddr = Yii::app()->request->getPost('email');
 
@@ -237,13 +239,10 @@ public function forgotpassword()
             // Preventing attacker from easily knowing whether the user and email address are valid or not (and slowing down brute force attacks)
             usleep(rand(Yii::app()->getConfig("minforgottenpasswordemaildelay"),Yii::app()->getConfig("maxforgottenpasswordemaildelay")));
 
-            if (count($aFields) < 1 || ($aFields[0]['uid'] != 1 && !Permission::model()->hasGlobalPermission('auth_db','read',$aFields[0]['uid'])))
-            {
+            if (count($aFields) < 1 || ($aFields[0]['uid'] != 1 && !Permission::model()->hasGlobalPermission('auth_db','read',$aFields[0]['uid']))) {
                 // Wrong or unknown username and/or email. For security reasons, we don't show a fail message
-                $aData['message'] = '<br>'.gT('If username and email are valid and you are allowed to use internal database authentication a new password has been sent to you').'<br>';
-            }
-            else
-            {
+                $aData['message'] = '<br>'.gT('If the username and email address is valid and you are allowed to use the internal database authentication a new password has been sent to you').'<br>';
+            } else {
                 $aData['message'] = '<br>'.$this->_sendPasswordEmail($sEmailAddr, $aFields).'</br>';
             }
             $this->_renderWrappedTemplate('authentication', 'message', $aData);
@@ -294,7 +293,7 @@ private function _sendPasswordEmail($sEmailAddr, $aFields)
         {
             User::model()->updatePassword($aFields[0]['uid'], $sNewPass);
             // For security reasons, we don't show a successful message
-            $sMessage = gT('If username and email are valid and you are allowed to use internal database authentication a new password has been sent to you');
+            $sMessage = gT('If the username and email address is valid and you are allowed to use the internal database authentication a new password has been sent to you');
         }
         else
         {
@@ -391,6 +390,7 @@ private static function doRedirect()
     protected function _renderWrappedTemplate($sAction = 'authentication', $aViewUrls = array(), $aData = array())
     {
         $aData['display']['menu_bars'] = false;
+        $aData['language'] = Yii::app()->getLanguage() != Yii::app()->getConfig("defaultlang") ? Yii::app()->getLanguage() : 'default';
         parent::_renderWrappedTemplate($sAction, $aViewUrls, $aData);
     }
 

application/controllers/admin/dataentry.php

@@ -1485,9 +1485,14 @@ public function update()
                         $dateformatdetails = getDateFormatDataForQID($qidattributes, $thissurvey);
 
                         $datetimeobj = DateTime::createFromFormat('!' . $dateformatdetails['phpdate'], $thisvalue);
+                        if ($datetimeobj) {
+                            $dateoutput  = $datetimeobj->format('Y-m-d H:i');
+                        } else {
+                            $dateoutput = '';
+                        }
                         //need to check if library get initialized with new value of constructor or not.
 
-                        $updateqr .= dbQuoteID($fieldname)." = '{$datetimeobj->format("Y-m-d H:i:s")}', \n";
+                        $updateqr .= dbQuoteID($fieldname)." = '{$dateoutput}', \n";
                     }
                 }
                 elseif (($irow['type'] == 'N' || $irow['type'] == 'K') && $thisvalue == "")
@@ -1742,7 +1747,12 @@ public function insert()
                             $qidattributes = QuestionAttribute::model()->getQuestionAttributes($irow['qid']);
                             $dateformatdetails = getDateFormatDataForQID($qidattributes, $thissurvey);
                             $datetimeobj = DateTime::createFromFormat('!' . $dateformatdetails['phpdate'], $_POST[$fieldname]);
-                            $insert_data[$fieldname] = $datetimeobj->format("Y-m-d H:i:s");
+                            if($datetimeobj) {
+                                $dateoutput = $datetimeobj->format('Y-m-d H:i');
+                            } else {
+                                $dateoutput = '';
+                            }
+                            $insert_data[$fieldname] = $dateoutput;
                         }
                         else
                         {

application/controllers/admin/export.php

@@ -281,6 +281,7 @@ public function exportresults()
         $options->selectedColumns = Yii::app()->request->getPost('colselect');
         $options->responseMinRecord = sanitize_int(Yii::app()->request->getPost('export_from'));
         $options->responseMaxRecord = sanitize_int(Yii::app()->request->getPost('export_to'));
+        $options->aResponses = nice_addslashes(Yii::app()->request->getPost('responses_id'));
         $options->answerFormat = $sAnswerFormat;
         $options->convertY = $bConvertY;
         $options->yValue = ($bConvertY)?$sYValue:null;

application/controllers/admin/globalsettings.php

@@ -111,6 +111,90 @@ private function _displaySettings()
         $this->_renderWrappedTemplate('', 'globalSettings_view', $data);
     }
 
+    /**
+     * Loaded by Ajax when user clicks "Calculate storage".
+     * @return void
+     */
+    public function getStorageData()
+    {
+        Yii::import('application.helpers.admin.ajax_helper', true);
+        $data = array();
+
+        $uploaddir = Yii::app()->getConfig("uploaddir");
+        $decimals = 1;
+
+        $data['totalStorage'] = humanFilesize(folderSize($uploaddir), $decimals);
+        $data['templateSize'] = humanFilesize(folderSize($uploaddir . '/templates'), $decimals);
+        $data['surveySize']   = humanFilesize(folderSize($uploaddir . '/surveys'), $decimals);
+        $data['labelSize']    = humanFilesize(folderSize($uploaddir . '/labels'), $decimals);
+
+        $data['surveys']   = $this->getSurveyFolderStorage($uploaddir, $decimals);
+        $data['templates'] = $this->getTemplateFolderStorage($uploaddir, $decimals);
+
+        $html = Yii::app()->getController()->renderPartial(
+            '/admin/global_settings/_storage_ajax',
+            $data,
+            true
+        );
+
+        ls\ajax\AjaxHelper::outputHtml($html, 'global-settings-storage');
+    }
+
+    /**
+     * Get storage of folder storage.
+     * @param string $uploaddir
+     * @param int $decimals
+     * @return array
+     */
+    protected function getSurveyFolderStorage($uploaddir, $decimals)
+    {
+        $surveyFolders = array_filter(glob($uploaddir . '/surveys/*'), 'is_dir');
+        $surveys = array();
+        foreach ($surveyFolders as $folder) {
+            $parts = explode('/', $folder);
+            $surveyId = (int) end($parts);
+            $surveyinfo = getSurveyInfo($surveyId);
+            $size = folderSize($folder);
+            if ($size > 0) {
+                $surveys[] = array(
+                    'sizeInBytes' => $size,
+                    'size'        => humanFilesize($size, $decimals),
+                    'name'        => $surveyinfo === false ? '(' . gT('deleted') . ')' : $surveyinfo['name'],
+                    'deleted'     => $surveyinfo === false,
+                    'showPurgeButton' => Permission::model()->hasGlobalPermission('superadmin', 'delete')
+                                         && $surveyinfo === false,
+                    'sid'         => $surveyId
+                );
+            }
+        }
+        return $surveys;
+    }
+
+    /**
+     * Get storage of template folders.
+     * @param string $uploaddir
+     * @param int $decimals
+     * @return array
+     */
+    protected function getTemplateFolderStorage($uploaddir, $decimals)
+    {
+        $templateFolders = array_filter(glob($uploaddir . '/templates/*'), 'is_dir');
+        $templates = array();
+        foreach ($templateFolders as $folder) {
+            $parts = explode('/', $folder);
+            $templateName = end($parts);
+            $size = folderSize($folder);
+            if ($size > 0) {
+                $templates[] = array(
+                    'sizeInBytes' => $size,
+                    'size'        => humanFilesize($size, $decimals),
+                    'name'        => $templateName
+                );
+            }
+        }
+        return $templates;
+    }
+
     private function _saveSettings()
     {
         if ($_POST['action'] !== "globalsettingssave") {

application/controllers/admin/participantsaction.php

@@ -1425,7 +1425,7 @@ public function editAttributeName()
                 }
             }
         }
-        if(is_array($AttributeNameLanguages) &&  $operation === 'edit')
+        if(is_array($AttributeNameLanguages))
         {
             foreach($AttributeNameLanguages as $lnKey => $lnValue)
             {
@@ -2109,7 +2109,7 @@ public function summaryview()
     public function setSession()
     {
         unset(Yii::app()->session['participantid']);
-        Yii::app()->session['participantid'] = Yii::app()->request->getPost('participantid');
+        Yii::app()->session['participantid'] = Yii::app()->request->getPost('itemsid');
     }
 
     /**