From ea34784c8b33087722a6c7441e8acf608affac6e Mon Sep 17 00:00:00 2001 From: Carsten Schmitz Date: Fri, 2 Dec 2016 09:55:18 +0100 Subject: [PATCH 1/3] Fixed issue: [security] Possible session fixation on survey entry with token --- application/helpers/frontend_helper.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/application/helpers/frontend_helper.php b/application/helpers/frontend_helper.php index 9a4669a70ce..b8ed0781d03 100644 --- a/application/helpers/frontend_helper.php +++ b/application/helpers/frontend_helper.php @@ -1164,6 +1164,7 @@ function buildsurveysession($surveyid,$preview=false) } } + //RESET ALL THE SESSION VARIABLES AND START AGAIN unset($_SESSION['survey_'.$surveyid]['grouplist']); unset($_SESSION['survey_'.$surveyid]['fieldarray']); @@ -1172,7 +1173,9 @@ function buildsurveysession($surveyid,$preview=false) unset($_SESSION['survey_'.$surveyid]['fieldmap-' . $surveyid . '-randMaster']); unset($_SESSION['survey_'.$surveyid]['groupReMap']); $_SESSION['survey_'.$surveyid]['fieldnamesInfo'] = Array(); - + // Generate Session ID + Yii:app()->session->regenerateID(true); + // Multi lingual support order : by REQUEST, if not by Token->language else by survey default language if (returnGlobal('lang',true)) { From 1329da4c20f5a321efb1f6a8e2addb6e96dbbd33 Mon Sep 17 00:00:00 2001 From: Carsten Schmitz Date: Tue, 6 Dec 2016 12:06:48 +0100 Subject: [PATCH 2/3] Release 2.6.2-lts Build 161206 --- application/config/version.php | 2 +- docs/release_notes.txt | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/application/config/version.php b/application/config/version.php index 0ff5e6a5abd..4f9db49b7d6 100644 --- a/application/config/version.php +++ b/application/config/version.php @@ -12,7 +12,7 @@ *150413 */ -$config['versionnumber'] = "2.6.1-lts"; +$config['versionnumber'] = "2.6.2-lts"; $config['dbversionnumber'] = 184; $config['buildnumber'] = ''; $config['updatable'] = true; diff --git a/docs/release_notes.txt b/docs/release_notes.txt index 40d229d0cca..33aead0d6ab 100644 --- a/docs/release_notes.txt +++ b/docs/release_notes.txt @@ -59,6 +59,9 @@ Thank you to everyone who helped with this new release! CHANGE LOG ------------------------------------------------------ +Changes from 2.06LTS (build 161024) to 2.6.2LTS (build 161206) Dez 6, 2016 +-Fixed issue #11606: Date/Time filled does not record the answer (Olle Haerstedt) +-Fixed issue: [security] Possible session fixation on survey entry with token (Carsten Schmitz) Changes from 2.06LTS (build 160801) to 2.6.1LTS (build 161024) Oct 24, 2016 -Fixed issue #11455: MapQuest discontinued their free services (Markus Flür) From 6358111f0ff4938d692ecf3dd5f4cae7ee80bf8b Mon Sep 17 00:00:00 2001 From: LouisGac Date: Fri, 9 Dec 2016 15:26:35 +0100 Subject: [PATCH 3/3] Fixed issue #11996: possible remote code execution --- application/core/LSYii_Controller.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/application/core/LSYii_Controller.php b/application/core/LSYii_Controller.php index b476c40d16b..47486955955 100644 --- a/application/core/LSYii_Controller.php +++ b/application/core/LSYii_Controller.php @@ -170,4 +170,14 @@ public function createAbsoluteUrl($route,$params=array(),$schema='',$ampersand=' else return parent::createAbsoluteUrl($route,$params,$schema,$ampersand); } + + + /** + * Loads page states from a hidden input. + * @return array the loaded page states + */ + protected function loadPageStates() + { + return array(); + } }