Revert "Fixed issue #17527: Validate before using updateAll (#2028)"

This reverts commit 2530170.
LimeSurvey · Nov 19, 2021 · 5e5a5e5 · 5e5a5e5
1 parent 5423939
commit 5e5a5e5
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 29 deletions.
diff --git a/application/models/LSActiveRecord.php b/application/models/LSActiveRecord.php
@@ -19,8 +19,6 @@
 
 class LSActiveRecord extends CActiveRecord
 {
-    /** @var string[] Array of attributes that should be XSS filtered on mass updates */
-    protected $xssFilterAttributes = [];
 
     /**
      * Lists the behaviors of this model
@@ -211,29 +209,4 @@ public function deleteAllByAttributes($attributes, $condition = '', $params = ar
         return parent::deleteAllByAttributes(array(), $criteria, array());
     }
 
-    /**
-     * Updates records with the specified condition.
-     * XSS filtering is enforced for attributes listed in model's $xssFilterAttributes property.
-     * See {@link find()} for detailed explanation about $condition and $params.
-     * Note, the attributes are not checked for safety and no validation is done.
-     * @param array $attributes list of attributes (name=>$value) to be updated
-     * @param mixed $condition query condition or criteria.
-     * @param array $params parameters to be bound to an SQL statement.
-     * @return integer the number of rows being updated
-     */
-    public function updateAll($attributes, $condition = '', $params = array())
-    {
-        if (!empty($this->xssFilterAttributes)) {
-            $validator = new LSYii_Validators;
-            if ($validator->xssfilter) {
-                $attributeNames = array_keys($attributes);
-                $attributesToFilter = array_intersect($attributeNames, $this->xssFilterAttributes);
-                foreach ($attributesToFilter as $attribute) {
-                    $attributes[$attribute] = $validator->xssFilter($attributes[$attribute]);
-                }
-            }
-        }
-
-        return parent::updateAll($attributes, $condition, $params);
-    }
 }
diff --git a/application/models/QuestionAttribute.php b/application/models/QuestionAttribute.php
@@ -30,8 +30,6 @@
  */
 class QuestionAttribute extends LSActiveRecord
 {
-    protected $xssFilterAttributes = ['value'];
-
     /**
      * @inheritdoc
      * @return QuestionAttribute