Skip to content

Commit

Permalink
Fixed issue #10509: [Security] issue when saving/loading responses on…
Browse files Browse the repository at this point in the history 
… public survey
  • Loading branch information
@c-schmitz
c-schmitz committed Feb 23, 2016
1 parent a697215 commit 94d7717
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion application/helpers/frontend_helper.php
View file
Expand Up @@ -73,7 +73,7 @@ function loadanswers()
// If survey come from reload (GET or POST); some value need to be found on saved_control, not on survey
if (Yii::app()->request->getParam('loadall') == "reload")
{
$oSavedSurvey=SavedControl::model()->find("identifier=:identifier AND (access_code=:access_code OR access_code=:sha256_code)",array(':identifier'=>$sLoadName,':access_code'=>md5($sLoadPass),':sha256_code'=>hash('sha256',$sLoadPass)));
$oSavedSurvey=SavedControl::model()->find("sid = :sid AND identifier=:identifier AND (access_code=:access_code OR access_code=:sha256_code)",array(':sid' => $surveyid, ':identifier'=>$sLoadName,':access_code'=>md5($sLoadPass),':sha256_code'=>hash('sha256',$sLoadPass)));
// We don't need to control if we have one, because we do the test before
$_SESSION['survey_'.$surveyid]['scid'] = $oSavedSurvey->scid;
$_SESSION['survey_'.$surveyid]['step'] = ($oSavedSurvey->saved_thisstep>1)?$oSavedSurvey->saved_thisstep:1;
Expand Down

0 comments on commit 94d7717

Please sign in to comment.