From 7cc80005533c3974b8b25f89d7c5ad8434726bf0 Mon Sep 17 00:00:00 2001 From: Denis Chenu Date: Mon, 24 Feb 2020 15:01:17 +0100 Subject: [PATCH] Fixed issue #15909: customToken delete settings by other plugin Dev: broken SQL for PG or MS in customToken plugin (#1390) Dev: and always better to use PDO with Yii Dev: if elseif is really awfull. Usage of switch Dev: Add translation system (check if it's OK , $this->gT must work) --- .../core/plugins/customToken/config.xml | 2 +- .../core/plugins/customToken/customToken.php | 93 ++++++++++--------- 2 files changed, 48 insertions(+), 47 deletions(-) diff --git a/application/core/plugins/customToken/config.xml b/application/core/plugins/customToken/config.xml index 6ad01003b42..e22f99dfe75 100644 --- a/application/core/plugins/customToken/config.xml +++ b/application/core/plugins/customToken/config.xml @@ -7,7 +7,7 @@ 2019-07-22 Tools for Research https://www.toolsforresearch.com - 1.0.0 + 1.0.1 MIT diff --git a/application/core/plugins/customToken/customToken.php b/application/core/plugins/customToken/customToken.php index c5c49ec962d..783cda9cae7 100644 --- a/application/core/plugins/customToken/customToken.php +++ b/application/core/plugins/customToken/customToken.php @@ -28,45 +28,49 @@ public function init() public function generateCustomToken() { $event = $this->getEvent(); - $iSurveyID=$event->get('surveyId'); + $iSurveyID = $event->get('surveyId'); $iTokenLength = $event->get('iTokenLength'); $token = ""; - if ($this->get('customToken', 'Survey', $iSurveyID) == 0) { - // 0 = No custom function for this survey: return without changes in $event + if (empty($this->get('customToken', 'Survey', $iSurveyID))) { + // 0 or not set. No custom function for this survey: return without changes in $event return; } - else if ($this->get('customToken', 'Survey', $iSurveyID) == 1) { - // 1 = Numeric tokens - $token = randomChars($iTokenLength, '123456789'); - } - else if ($this->get('customToken', 'Survey', $iSurveyID) == 2) { - // 2 = Without ambiguous characters including 'hard to manually enter' - // https://github.com/LimeSurvey/LimeSurvey/commit/154e026fbe6e53037e46a8c30f2b837459235acc - $token = str_replace( - array('~','_','0','O','1','l','I'), - array('a','z','7','P','8','k','K'), Yii::app()->securityManager->generateRandomString($iTokenLength)); - } - else if ($this->get('customToken', 'Survey', $iSurveyID) == 3) { - // 3 = CAPITALS ONLY - if (function_exists('crypto_rand_secure')) { - /** - * Adjusted from Yii::app()->securityManager->generateRandomString($length=32) - * https://github.com/LimeSurvey/LimeSurvey/blob/master/application/core/web/LSYii_SecurityManager.php#L71 - * Use crypto_rand_secure($min, $max) defined in application/helpers/common_helper.php - */ - $codeAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; - for($i=0;$i<$iTokenLength;$i++){ - $token .= $codeAlphabet[crypto_rand_secure(0,strlen($codeAlphabet))]; - } - } else { - /** - * Secure enough, although not cryptographically secure - * https://www.php.net/manual/en/function.rand.php - */ - for($i=0;$i<$iTokenLength;$i++){ - $token .= chr(64+rand(1, 26)); + switch ($this->get('customToken', 'Survey', $iSurveyID)) { + case 1: // 1 = Numeric tokens + $token = randomChars($iTokenLength, '123456789'); + break; + case 2: // 2 = Without ambiguous characters including 'hard to manually enter' + // https://github.com/LimeSurvey/LimeSurvey/commit/154e026fbe6e53037e46a8c30f2b837459235acc + $token = str_replace( + array('~','_','0','O','1','l','I'), + array('a','z','7','P','8','k','K'), + Yii::app()->securityManager->generateRandomString($iTokenLength) + ); + break; + case 3: // 3 = CAPITALS ONLY + if (function_exists('crypto_rand_secure')) { + /** + * Adjusted from Yii::app()->securityManager->generateRandomString($length=32) + * https://github.com/LimeSurvey/LimeSurvey/blob/master/application/core/web/LSYii_SecurityManager.php#L71 + * Use crypto_rand_secure($min, $max) defined in application/helpers/common_helper.php + */ + $codeAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + for($i=0;$i<$iTokenLength;$i++){ + $token .= $codeAlphabet[crypto_rand_secure(0,strlen($codeAlphabet))]; + } + } else { + /** + * Secure enough, although not cryptographically secure + * https://www.php.net/manual/en/function.rand.php + */ + for($i=0;$i<$iTokenLength;$i++){ + $token .= chr(64+rand(1, 26)); + } } - } + break; + default: + // Must never happen + return; } $event->set('token', $token); } @@ -85,13 +89,13 @@ public function beforeSurveySettings() 'customToken' => array( 'type' => 'select', 'options'=>array( - 0=>'No custom function for this survey', - 1=>'Numeric tokens', - 2=>'Without ambiguous characters', - 3=>'CAPITALS ONLY' - ), + 0=>$this->gT('No custom function for this survey'), + 1=>$this->gT('Numeric tokens'), + 2=>$this->gT('Without ambiguous characters'), + 3=>$this->gT('CAPITALS ONLY') + ), 'default' => 0, - 'label' => 'Custom token:', + 'label' => $this->gT('Custom token'), 'current' => $this->get('customToken', 'Survey', $event->get('survey')) ) ) @@ -104,9 +108,8 @@ public function beforeSurveySettings() public function newSurveySettings() { $event = $this->getEvent(); - foreach ($event->get('settings') as $name => $value) - { - $this->set($name, $value, 'Survey', $event->get('survey')); + foreach ($event->get('settings') as $name => $value) { + $this->set($name, $value, 'Survey', $event->get('survey')); } } @@ -115,9 +118,7 @@ public function newSurveySettings() */ public function beforeDeactivate() { - $sDBPrefix = Yii::app()->db->tablePrefix; - $sql = "DELETE FROM {$sDBPrefix}plugin_settings WHERE `key` LIKE :key"; - Yii::app()->db->createCommand($sql)->execute(array(':key' => "customToken")); + PluginSetting::model()->deleteAll("plugin_id = :plugin_id", array(":plugin_id" => $this->id)); } }