From 75b52f0f64d4d7696e5ed2f2dbadaba86637ffd7 Mon Sep 17 00:00:00 2001
From: Denis Chenu <denis@sondages.pro>
Date: Thu, 6 Dec 2018 19:49:49 +0100
Subject: [PATCH] Fixed issue #14323: Error - resetting conditions Fixed issue
 : No CSRF control when delete all condition Dev: remove this AWFULL
 onclick="window.open"

---
 application/controllers/admin/conditionsaction.php |  8 +++-----
 .../views/admin/conditions/deleteAllConditions.php | 14 ++++++++------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/application/controllers/admin/conditionsaction.php b/application/controllers/admin/conditionsaction.php
index 471a19561f4..6203c922298 100644
--- a/application/controllers/admin/conditionsaction.php
+++ b/application/controllers/admin/conditionsaction.php
@@ -635,14 +635,12 @@ protected function getMethod()
 */
 protected function resetSurveyLogic($iSurveyID)
 {
-    $request = Yii::app()->request;
-    $postOk = $request->getQuery('ok');
-    if (empty($postOk)) {
+    if (empty(Yii::app()->request->getPost('ok'))) {
         $data = array('iSurveyID' => $iSurveyID);
         $content = $this->getController()->renderPartial('/admin/conditions/deleteAllConditions', $data, true);
         $this->_renderWrappedTemplate('conditions', array('message' => array(
-        'title' => gT("Warning"),
-        'message' => $content
+            'title' => gT("Warning"),
+            'message' => $content
         )));
         Yii::app()->end();
     } else {
diff --git a/application/views/admin/conditions/deleteAllConditions.php b/application/views/admin/conditions/deleteAllConditions.php
index f4d6df6cf11..75bf5ab79c4 100644
--- a/application/views/admin/conditions/deleteAllConditions.php
+++ b/application/views/admin/conditions/deleteAllConditions.php
@@ -7,16 +7,18 @@
 <p>
     <?php eT("Continue?"); ?>
 </p>
-
+<?php echo CHtml::beginForm(array("admin/conditions/sa/index/",'subaction'=>'resetsurveylogic','surveyid'=>$iSurveyID)); ?>
 <button
-    class='btn btn-default'
-    onclick="window.open('<?php echo $this->createUrl("admin/conditions/sa/index/subaction/resetsurveylogic/surveyid/$iSurveyID")."?ok=Y"; ?>', '_top')"
+    class='btn btn-danger'
+    type = "submit"
+    name = "ok"
+    value="Y";
 >
     <?php eT('Yes'); ?>
 </button>
-<button
+<a
     class='btn btn-default'
-    onclick="window.open('<?php echo $this->createUrl("admin/survey/sa/view/surveyid/$iSurveyID"); ?>', '_top')"
+    href="<?php echo $this->createUrl("admin/survey/sa/view/surveyid/$iSurveyID"); ?>"
 >
     <?php eT('Cancel'); ?>
-</button>
+</a>