Skip to content

Commit

Permalink
Dev: review stat management screen (#659)
Browse files Browse the repository at this point in the history 
Dev: review stat management screen
Dev: remove a potential XSS (echo $oQuestion->question) or broken HTML
Dev: remove XSS

* Dev: less height on header

* Dev: scrutinizer : 1!= true ... :/

* Dev: 2 XSS : quota->name and quota->language->url

* Dev: unsure (not needed currently) unicity of table className for grid
Dev: see yiisoft/yii#3241
  • Loading branch information
@Shnoulle
Shnoulle committed Mar 10, 2017
1 parent 9b05625 commit 7a330c0
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 46 deletions.
69 changes: 34 additions & 35 deletions application/views/admin/quotas/viewquotas_quota_members.php
View file
Expand Up @@ -14,46 +14,45 @@
$tooltip = gT("Allow user to modify his last answers before terminate survey.");
$icon = 'fa-exclamation-triangle';
}


?>

<div class="panel panel-<?php echo ($oQuota->active==1 ? 'primary' : 'default') ?>">
<div class="panel-heading">
<span class="h4" >
<span class="fa <?php echo $icon?>" data-toggle="tooltip" title="<?php echo $tooltip;?>"></span>
<div class="pull-right small">
<span><span class="fa <?php echo $icon?>"></span> <?php echo $tooltip;?></span>
<?php if($oQuota->autoload_url == 1):?>
&nbsp;<span class="fa fa-external-link" data-toggle="tooltip" data-html="true" title="<?php echo eT('Autoload URL:').' '.$oQuota->mainLanguagesetting->quotals_url;?>"></span>
<span><span class="fa fa-external-link"></span> <?php echo gT('Autoload URL:').' '.htmlentities($oQuota->mainLanguagesetting->quotals_url);?>"</span>
<?php endif;?>
&nbsp;<?php echo $oQuota->name;?>
</span>
<span class="pull-right">
<?php echo CHtml::beginForm(array("admin/quotas/sa/new_answer/surveyid/{$oSurvey->getPrimaryKey()}"), 'post');?>
<?php echo CHtml::hiddenField('sid',$oSurvey->getPrimaryKey());?>
<?php echo CHtml::hiddenField('action','quotas');?>
<?php echo CHtml::hiddenField('quota_id',$oQuota->getPrimaryKey());?>
<?php echo CHtml::hiddenField('subaction','new_answer');?>
<?php echo CHtml::submitButton(gT("Add answer"),array(
'name'=>'submit',
'class'=>'quota_new btn btn-default btn-xs',
));?>
<?php echo CHtml::endForm();?>

</span>
</div>

<div class="panel-body" style="margin: 3px;padding: 3px;">
<div style="display: table; width: 100%;" >
<div style="display: table-row;" >
<div style="display: table-cell" class="h5"><?php eT('Question');?></div>
<div style="display: table-cell" class="h5"><?php eT('Answer');?></div>
<div style="display: table-cell"></div>
</div>
<?php if (!empty($aQuotaItems) && isset($aQuotaItems[$oQuota->id]) && !empty($aQuotaItems[$oQuota->id])){
foreach($aQuotaItems[$oQuota->id] as $aQuotaItem){
$this->renderPartial('/admin/quotas/viewquotas_quota_members_item',array('oSurvey'=>$oSurvey,'oQuota'=>$oQuota,'data'=>$aQuotaItem));
}
}?>
</div>
<?php echo viewHelper::flatEllipsizeText($oQuota->name) ;?>
</div>
</div>
<table class="table table-quota-items table-striped table-condensed" >
<thead>
<tr>
<th><?php eT('Question');?></th>
<th><?php eT('Answer');?></th>
<th class="text-right">
<?php echo CHtml::beginForm(array("admin/quotas/sa/new_answer/surveyid/{$oSurvey->getPrimaryKey()}"), 'post');?>
<?php echo CHtml::hiddenField('sid',$oSurvey->getPrimaryKey());?>
<?php echo CHtml::hiddenField('action','quotas');?>
<?php echo CHtml::hiddenField('quota_id',$oQuota->getPrimaryKey());?>
<?php echo CHtml::hiddenField('subaction','new_answer');?>
<?php echo CHtml::submitButton(gT("Add answer"),array(
'name'=>'submit',
'class'=>'quota_new btn btn-default',
));?>
<?php echo CHtml::endForm();?>
</th>
</tr>
</thead>
<tbody>
<?php if (!empty($aQuotaItems) && isset($aQuotaItems[$oQuota->id]) && !empty($aQuotaItems[$oQuota->id])){ ?>
<?php foreach($aQuotaItems[$oQuota->id] as $aQuotaItem){
$this->renderPartial('/admin/quotas/viewquotas_quota_members_item',array('oSurvey'=>$oSurvey,'oQuota'=>$oQuota,'data'=>$aQuotaItem));
}?>
<?php } else {?>
<tr><td class="text-danger" colspan="3"><?php eT("No answers have been set for this quota.");?></td></tr>
<?php }?>
</tbody>
</table>
</div>
16 changes: 8 additions & 8 deletions application/views/admin/quotas/viewquotas_quota_members_item.php
View file
Expand Up @@ -8,20 +8,20 @@
/* @var Question $oQuestion */
$oQuestion = $data['oQuestion'];
?>
<div style="display: table-row;">
<div data-container="body" data-toggle="tooltip" title="<?php echo $oQuestion->question;?>" style="display: table-cell">
<tr>
<td data-toggle="tooltip" data-container="body" title="<?php echo viewHelper::flatEllipsizeText($oQuestion->question,true,60,'...',0.6); ?>">
<?php echo $oQuestion->title?>
</div>
<div style="display: table-cell">
<?php echo $data['answer_title']?>
</div>
<div style="display: table-cell" align="right">
</td>
<td>
<?php echo viewHelper::flatEllipsizeText($data['answer_title'],true,80,'...',0.6); ?>
</td>
<td class="text-right">
<?php $this->renderPartial('/admin/quotas/viewquotas_quota_members_actions',
array(
'oSurvey'=>$oSurvey,
'oQuota'=>$oQuota,
'oQuotaMember' =>$data['oQuotaMember'],
));
?>
</div>
</td>
</div>
5 changes: 2 additions & 3 deletions application/views/admin/quotas/viewquotas_view.php
View file
Expand Up @@ -38,7 +38,6 @@
'enablePagination'=>false,
'template' => '{items}',
'columns' => array(

array(
'id'=>'id',
'class'=>'CCheckBoxColumn',
Expand Down Expand Up @@ -100,7 +99,7 @@
),

),
'itemsCssClass' =>'table-striped table-condensed',
'itemsCssClass' =>'table-quotas table-striped table-condensed',
));
?>
</div>
Expand Down Expand Up @@ -132,4 +131,4 @@
</div>
</div>
</div>
</div>
</div>

0 comments on commit 7a330c0

Please sign in to comment.