Skip to content

Commit

Permalink
Fixed issue #10197: token in return link can be invalid after saving …
Browse files Browse the repository at this point in the history 
…survey

Dev: Specific to token : Move to Token function, same place than token generation
Dev: Used elsewhere, todo : remove it for 2.5
  • Loading branch information
Denis Chenu committed Jan 5, 2016
1 parent 5f4d864 commit 65160fb
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 4 deletions.
2 changes: 1 addition & 1 deletion application/helpers/replacements_helper.php
View file
Expand Up @@ -364,7 +364,7 @@ function templatereplace($line, $replacements = array(), &$redata = array(), $de
{
if($_token)
{
$returnlink=Yii::app()->getController()->createUrl("survey/index/sid/{$surveyid}",array('token'=>sanitize_token($_token)));
$returnlink=Yii::app()->getController()->createUrl("survey/index/sid/{$surveyid}",array('token'=>Token::sanitizeToken($_token)));
}
else
{
Expand Down
7 changes: 5 additions & 2 deletions application/helpers/sanitize_helper.php
View file
Expand Up @@ -309,7 +309,7 @@ function sanitize_float($float, $min='', $max='')
$fNumber = floatval($fNumber);
if((($min != '') && ($fNumber < $min)) || (($max != '') && ($fNumber > $max)))
return FALSE;
return $fNumber;
return $fNumber;
}
}

Expand Down Expand Up @@ -395,8 +395,11 @@ function sanitize_languagecodeS($codestringtosanitize) {
return implode(" ",$codearray);
}

/**
* @deprecated use Token::sanitizeToken($codetosanitize);
*/
function sanitize_token($codetosanitize) {
return preg_replace('/[^_a-z0-9]/i', '', $codetosanitize);
return Token::sanitizeToken($codetosanitize);
}

function sanitize_signedint($integer, $min='', $max='')
Expand Down
11 changes: 10 additions & 1 deletion application/models/Token.php
View file
Expand Up @@ -151,7 +151,16 @@ public function generateToken()
}
}
}

/**
* Sanitize token show to the user (replace sanitize_helper sanitize_token)
* @param string token to sanitize
* @return string sanitized token
*/
public static function sanitizeToken($token)
{
// According to Yii doc : http://www.yiiframework.com/doc/api/1.1/CSecurityManager#generateRandomString-detail
return return preg_replace('/[^0-9a-zA-Z_~]/', '', $token);
}
/**
* Generates a token for all token objects in this survey.
* Syntax: Token::model(12345)->generateTokens();
Expand Down

0 comments on commit 65160fb

Please sign in to comment.