Skip to content

Commit

Permalink
Fixed issue: [Security] Survey ID not properly sanitized on survey cr…
Browse files Browse the repository at this point in the history 
…eation
  • Loading branch information
@c-schmitz @Shnoulle
c-schmitz authored and Shnoulle committed Mar 13, 2016
1 parent 20e4d6f commit 576cc03
Showing 1 changed file with 4 additions and 9 deletions.
13 changes: 4 additions & 9 deletions application/helpers/admin/import_helper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1541,21 +1541,16 @@ function XMLImportSurvey($sFullFilePath,$sXMLdata=NULL,$sNewSurveyName=NULL,$iDe
function GetNewSurveyID($iOldSID)
{
Yii::app()->loadHelper('database');
$query = "SELECT sid FROM {{surveys}} WHERE sid=$iOldSID";

$aRow = Yii::app()->db->createCommand($query)->queryRow();

//if (!is_null($isresult))
if($aRow!==false)
$aSurvey=Survey::model()->findByPk($iOldSID);
if(!empty($aSurvey))
{
// Get new random ids until one is found that is not used
do
{
$iNewSID = randomChars(5,'123456789');
$query = "SELECT sid FROM {{surveys}} WHERE sid=$iNewSID";
$aRow = Yii::app()->db->createCommand($query)->queryRow();
$aSurvey=Survey::model()->findByPk($iNewSID);
}
while ($aRow!==false);
while (!empty($aSurvey));

return $iNewSID;
}
Expand Down

0 comments on commit 576cc03

Please sign in to comment.