Fixed issue: XSS filter for attributes is applied when the participan…

…t is marked as completed or quota out
LimeSurvey · Oct 6, 2016 · 757b085 · 757b085
1 parent bbb5965
commit 757b085
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/application/helpers/frontend_helper.php b/application/helpers/frontend_helper.php
@@ -477,7 +477,8 @@ function submittokens($quotaexit=false)
     $today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i", Yii::app()->getConfig("timeadjust"));
 
     // check how many uses the token has left
-    $token = Token::model($surveyid,'FinalSubmit')->findByAttributes(array('token' => $clienttoken));
+    $token = Token::model($surveyid)->findByAttributes(array('token' => $clienttoken));
+    $token->scenario = 'FinalSubmit';  // Do not XSS filter token data
 
     if ($quotaexit==true)
     {