Fixed issue #09877: Possible issue with activation of token with malf…

…ormed attributedescriptions

Fixed issue : [security] Control CRSF when create token table

application/controllers/admin/tokens.php

@@ -2488,7 +2488,7 @@ function _newtokentable($iSurveyId)
         }
         // The user have rigth to create token, then don't test right after
         Yii::import('application.helpers.admin.token_helper', true);
-        if (Yii::app()->request->getQuery('createtable') == "Y")
+        if (Yii::app()->request->getPost('createtable') == "Y") // Update table, must be CRSF controlled
         {
             Token::createTable($iSurveyId);
             LimeExpressionManager::SetDirtyFlag();  // LimeExpressionManager needs to know about the new token table

application/models/Survey.php

@@ -318,6 +318,7 @@ public function getTokenAttributes()
         {
             return array();
         }
+
         // Catches malformed data
         if ($attdescriptiondata && strpos(key(reset($attdescriptiondata)),'attribute_')===false)
         {
@@ -359,12 +360,15 @@ public function getTokenAttributes()
         foreach ($attdescriptiondata as $sKey=>$aValues)
         {
             if (!is_array($aValues)) $aValues=array();
-            $aCompleteData[$sKey]= array_merge(array(
-                    'description' => '',
-                    'mandatory' => 'N',
-                    'show_register' => 'N',
-                    'cpdbmap' =>''
-                    ),$aValues);
+            if(preg_match("/^attribute_[0-9]$/",$sKey))
+            {
+              $aCompleteData[$sKey]= array_merge(array(
+                      'description' => '',
+                      'mandatory' => 'N',
+                      'show_register' => 'N',
+                      'cpdbmap' =>''
+                      ),$aValues);
+            }
         }
         return $aCompleteData;
     }

application/models/Token.php

@@ -49,7 +49,7 @@ public function attributeLabels() {
                 'validfrom' => gT('Valid from'),
                 'validuntil' => gT('Valid until'),
             );
-			foreach (decodeTokenAttributes($this->survey->attributedescriptions) as $key => $info)
+            foreach (decodeTokenAttributes($this->survey->attributedescriptions) as $key => $info)
             {
                 $labels[$key] = $info['description'];
             }
@@ -104,7 +104,7 @@ public static function createTable($surveyId, array $extraFields = array())
             }
 
             // create fields for the custom token attributes associated with this survey
-            $tokenattributefieldnames = Survey::model()->findByPk($surveyId)->tokenAttributes;
+            $tokenattributefieldnames = Survey::model()->findByPk($surveyId)->getTokenAttributes();
             foreach($tokenattributefieldnames as $attrname=>$attrdetails)
             {
                 if (!isset($fields[$attrname])) {

application/views/admin/token/tokenwarning.php

@@ -20,8 +20,10 @@
             eT("Do you want to create a token table for this survey?");
         ?>
         <br /><br />
-        <input type='submit' value='<?php eT("Initialise tokens"); ?>' onclick="window.open('<?php echo $this->createUrl("admin/tokens/sa/index/surveyid/$surveyid/createtable/Y"); ?>', '_top')" />
-        <input type='submit' value='<?php eT("No, thanks."); ?>' onclick="window.open('<?php echo$this->createUrl("admin/survey/sa/view/surveyid/$surveyid"); ?>', '_top')" /></div>
+        <?php echo CHtml::form(array("admin/tokens/sa/index/surveyid/{$surveyid}"), 'post'); ?>
+        <button type="submit" name="createtable" value="Y"><?php eT("Initialise tokens"); ?></button>
+        <a href="<?php echo $this->createUrl("admin/survey/sa/view/surveyid/$surveyid"); ?>" class="btn btn-link button"><?php eT("No, thanks."); ?></a>
+        </form>
     <?php
     }
     else