Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixed issue #15909: customToken delete settings by other plugin
Dev: broken SQL for PG or MS in customToken plugin (#1390)
Dev: and always better to use PDO with Yii
Dev: if elseif is really awfull. Usage of switch
Dev: Add translation system (check if it's OK , $this->gT must work)
  • Loading branch information
Shnoulle committed Feb 24, 2020
1 parent 22b98d3 commit 7cc8000
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 47 deletions.
2 changes: 1 addition & 1 deletion application/core/plugins/customToken/config.xml
Expand Up @@ -7,7 +7,7 @@
<last_update>2019-07-22</last_update>
<author>Tools for Research</author>
<authorUrl>https://www.toolsforresearch.com</authorUrl>
<version>1.0.0</version>
<version>1.0.1</version>
<license>MIT</license>
<description><![CDATA[Numeric, non-ambiguous or CAPITAL tokens]]></description>
</metadata>
Expand Down
93 changes: 47 additions & 46 deletions application/core/plugins/customToken/customToken.php
Expand Up @@ -28,45 +28,49 @@ public function init()
public function generateCustomToken()
{
$event = $this->getEvent();
$iSurveyID=$event->get('surveyId');
$iSurveyID = $event->get('surveyId');
$iTokenLength = $event->get('iTokenLength');
$token = "";
if ($this->get('customToken', 'Survey', $iSurveyID) == 0) {
// 0 = No custom function for this survey: return without changes in $event
if (empty($this->get('customToken', 'Survey', $iSurveyID))) {
// 0 or not set. No custom function for this survey: return without changes in $event
return;
}
else if ($this->get('customToken', 'Survey', $iSurveyID) == 1) {
// 1 = Numeric tokens
$token = randomChars($iTokenLength, '123456789');
}
else if ($this->get('customToken', 'Survey', $iSurveyID) == 2) {
// 2 = Without ambiguous characters including 'hard to manually enter'
// https://github.com/LimeSurvey/LimeSurvey/commit/154e026fbe6e53037e46a8c30f2b837459235acc
$token = str_replace(
array('~','_','0','O','1','l','I'),
array('a','z','7','P','8','k','K'), Yii::app()->securityManager->generateRandomString($iTokenLength));
}
else if ($this->get('customToken', 'Survey', $iSurveyID) == 3) {
// 3 = CAPITALS ONLY
if (function_exists('crypto_rand_secure')) {
/**
* Adjusted from Yii::app()->securityManager->generateRandomString($length=32)
* https://github.com/LimeSurvey/LimeSurvey/blob/master/application/core/web/LSYii_SecurityManager.php#L71
* Use crypto_rand_secure($min, $max) defined in application/helpers/common_helper.php
*/
$codeAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0;$i<$iTokenLength;$i++){
$token .= $codeAlphabet[crypto_rand_secure(0,strlen($codeAlphabet))];
}
} else {
/**
* Secure enough, although not cryptographically secure
* https://www.php.net/manual/en/function.rand.php
*/
for($i=0;$i<$iTokenLength;$i++){
$token .= chr(64+rand(1, 26));
switch ($this->get('customToken', 'Survey', $iSurveyID)) {
case 1: // 1 = Numeric tokens
$token = randomChars($iTokenLength, '123456789');
break;
case 2: // 2 = Without ambiguous characters including 'hard to manually enter'
// https://github.com/LimeSurvey/LimeSurvey/commit/154e026fbe6e53037e46a8c30f2b837459235acc
$token = str_replace(
array('~','_','0','O','1','l','I'),
array('a','z','7','P','8','k','K'),
Yii::app()->securityManager->generateRandomString($iTokenLength)
);
break;
case 3: // 3 = CAPITALS ONLY
if (function_exists('crypto_rand_secure')) {
/**
* Adjusted from Yii::app()->securityManager->generateRandomString($length=32)
* https://github.com/LimeSurvey/LimeSurvey/blob/master/application/core/web/LSYii_SecurityManager.php#L71
* Use crypto_rand_secure($min, $max) defined in application/helpers/common_helper.php
*/
$codeAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0;$i<$iTokenLength;$i++){
$token .= $codeAlphabet[crypto_rand_secure(0,strlen($codeAlphabet))];
}
} else {
/**
* Secure enough, although not cryptographically secure
* https://www.php.net/manual/en/function.rand.php
*/
for($i=0;$i<$iTokenLength;$i++){
$token .= chr(64+rand(1, 26));
}
}
}
break;
default:
// Must never happen
return;
}
$event->set('token', $token);
}
Expand All @@ -85,13 +89,13 @@ public function beforeSurveySettings()
'customToken' => array(
'type' => 'select',
'options'=>array(
0=>'No custom function for this survey',
1=>'Numeric tokens',
2=>'Without ambiguous characters',
3=>'CAPITALS ONLY'
),
0=>$this->gT('No custom function for this survey'),
1=>$this->gT('Numeric tokens'),
2=>$this->gT('Without ambiguous characters'),
3=>$this->gT('CAPITALS ONLY')
),
'default' => 0,
'label' => 'Custom token:',
'label' => $this->gT('Custom token'),
'current' => $this->get('customToken', 'Survey', $event->get('survey'))
)
)
Expand All @@ -104,9 +108,8 @@ public function beforeSurveySettings()
public function newSurveySettings()
{
$event = $this->getEvent();
foreach ($event->get('settings') as $name => $value)
{
$this->set($name, $value, 'Survey', $event->get('survey'));
foreach ($event->get('settings') as $name => $value) {
$this->set($name, $value, 'Survey', $event->get('survey'));
}
}

Expand All @@ -115,9 +118,7 @@ public function newSurveySettings()
*/
public function beforeDeactivate()
{
$sDBPrefix = Yii::app()->db->tablePrefix;
$sql = "DELETE FROM {$sDBPrefix}plugin_settings WHERE `key` LIKE :key";
Yii::app()->db->createCommand($sql)->execute(array(':key' => "customToken"));
PluginSetting::model()->deleteAll("plugin_id = :plugin_id", array(":plugin_id" => $this->id));
}

}

0 comments on commit 7cc8000

Please sign in to comment.