Merge branch 'master' of https://github.com/LimeSurvey/LimeSurvey

LimeSurvey · Sep 23, 2019 · 973907e · 973907e
2 parents 810fa6f + 1507371
commit 973907e
Show file tree

Hide file tree

Showing 13 changed files with 260 additions and 69 deletions.
diff --git a/application/commands/TwigCommand.php b/application/commands/TwigCommand.php
@@ -36,14 +36,15 @@ public function actionGenerateTwigTmpFiles( ) {
         $thissurvey = $oTemplateForPreview->getDefaultDataForRendering();
         $thissurvey['templatedir'] = $templatename;
 
-        $aScreenList = $oTemplateForPreview->getScreenListWithLayoutAndContent();
+        $aScreenList = $oTemplateForPreview->getScreensDetails();
 
-        foreach($aScreenList as $sScreenName => $aLayoutAndContent){
-          foreach($aLayoutAndContent as $sLayout => $sContent){
+        foreach($aScreenList as $sScreenName => $aTitleAndLayouts){
+          foreach($aTitleAndLayouts['layouts'] as $sLayout => $sContent){
             $aLogs[$templatename][$sScreenName][$sLayout] =  $sContent;
             $sLayoutFile  = $sLayout ;
             $thissurvey['include_content'] = $sContent;
 
+
             $myoutput = Yii::app()->twigRenderer->renderTemplateForTemplateEditor(
                   $sLayoutFile,
                   array(
@@ -53,10 +54,17 @@ public function actionGenerateTwigTmpFiles( ) {
             );
           }
         }
+
+        // Render all the twig strings inside the XML itself 
+        $aTwigFromXml = $oTemplateForPreview->getTwigStrings();
+
+        foreach($aTwigFromXml as $sTwig){
+          Yii::app()->twigRenderer->convertTwigToHtml($sTwig);
         }
-      }
 
-      // Here you can var dump the logs, it will not conflict with header generation
-    //  var_dump($aLogs);
+      }
     }
+    // Here you can var dump the logs, it will not conflict with header generation
+    //var_dump($aLogs);
+  }
 }
diff --git a/application/config/version.php b/application/config/version.php
@@ -12,9 +12,9 @@
  */
 
 
-$config['versionnumber'] = '3.17.17';
+$config['versionnumber'] = '3.18.0';
 $config['dbversionnumber'] = 359;
 $config['buildnumber'] = '';
 $config['updatable'] = true;
-$config['assetsversionnumber'] = '30099';
+$config['assetsversionnumber'] = '30100';
 return $config;
diff --git a/application/controllers/admin/printablesurvey.php b/application/controllers/admin/printablesurvey.php
@@ -1306,6 +1306,7 @@ function index($surveyid, $lang = null, $bReturn = false)
             // Previous version of PHP needs two regular expressions to do the same thing and thus will run a bit slower.
             $server_is_newer = version_compare(PHP_VERSION, '5.1.0', '>');
             $rounds = 0;
+            Template::getInstance($oSurvey->template);
             return Yii::app()->twigRenderer->renderTemplateFromFile('layout_print.twig', ['aSurveyInfo' => $aSurveyInfo, 'print' => $printarray], $bReturn);
             // die(print_r(['aSurveyInfo' => $aSurveyInfo, 'print' => $printarray], true));
             // echo self::_populate_template($oTemplate, 'survey', ['aSurveyInfo' => $aSurveyInfo, 'print' => $printarray]);

diff --git a/application/controllers/admin/themes.php b/application/controllers/admin/themes.php
@@ -940,23 +940,7 @@ protected function _initialise($templatename, $screenname, $editfile, $showsumma
 
 
         // Standard screens
-        // Only these may be viewed
-        $screens = array();
-
-        $screens['welcome']         = gT('Welcome', 'unescaped'); // first  page*
-        $screens['question']        = gT('Question', 'unescaped'); // main
-        $screens['completed']       = gT('Completed', 'unescaped'); // submit?
-        $screens['clearall']        = gT('Clear all', 'unescaped');
-        $screens['load']            = gT('Load', 'unescaped');
-        $screens['save']            = gT('Save', 'unescaped');
-        $screens['surveylist']      = gT('Survey list', 'unescaped');
-        $screens['error']           = gT('Error', 'unescaped');
-        $screens['assessments']     = gT('Assessments', 'unescaped');
-        $screens['register']        = gT('Registration', 'unescaped');
-        $screens['printanswers']    = gT('Print answers', 'unescaped');
-        $screens['pdf']             = gT('PDF', 'unescaped');
-        $screens['navigation']      = gT('Navigation', 'unescaped');
-        //$screens['misc']            = gT('Miscellaneous files', 'unescaped');
+        $screens = $oEditedTemplate->getScreensList();
 
         Yii::app()->session['s_lang'] = Yii::app()->session['adminlang'];
 
@@ -992,14 +976,7 @@ protected function _initialise($templatename, $screenname, $editfile, $showsumma
         // NB: Used by answer print PDF layout.
         $print = [];
 
-        $thissurvey = $oEditedTemplate->getDefaultDataForRendering();
-
-
-
-  //      $thissurvey['templatedir'] = $templatename;
-
-
-
+        $thissurvey  = $oEditedTemplate->getDefaultDataForRendering();
         $templatedir = $oEditedTemplate->viewPath;
         $templateurl = getTemplateURL($templatename);
 

diff --git a/application/controllers/survey/index.php b/application/controllers/survey/index.php
@@ -227,7 +227,7 @@ public function action()
 
                 App()->getPluginManager()->dispatchEvent($event);
                 if(Permission::getUserId()) {
-                    throw new CHttpException(403, gT("We are sorry but you don't have permissions to do this."));
+                    throw new CHttpException(403, gT("We are sorry but you don't have permissions to do this.",'unescaped'));
                 }
                 throw new CHttpException(401, gT("We are sorry but you don't have permissions to do this.",'unescaped'));
             }

diff --git a/application/helpers/export_helper.php b/application/helpers/export_helper.php
@@ -2025,7 +2025,9 @@ function tokensExport($iSurveyID)
 
     $oSurvey = Survey::model()->findByPk($iSurveyID);
     $bIsNotAnonymous = ($oSurvey->anonymized == 'N' && $oSurvey->active == 'Y'); // db table exist (survey_$iSurveyID) ?
-
+    $bIsDateStamped = ($oSurvey->datestamp == 'Y' && $oSurvey->active == 'Y'); // db table exist (survey_$iSurveyID) ?
+    $attrfieldnames = getAttributeFieldNames($iSurveyID);
+
     $oRecordSet = Yii::app()->db->createCommand()->from("{{tokens_$iSurveyID}} lt");
     $databasetype = Yii::app()->db->getDriverName();
     $oRecordSet->where("1=1");
@@ -2042,7 +2044,6 @@ function tokensExport($iSurveyID)
         $oRecordSet->andWhere("lt.completed='N'");
         if ($bIsNotAnonymous) {
             $oRecordSet->leftJoin("{{survey_$iSurveyID}} ls", 'lt.token=ls.token');
-            $oRecordSet->andWhere("ls.id IS NULL");
             $oRecordSet->select("lt.*, ls.id");
         }
     }
@@ -2053,12 +2054,20 @@ function tokensExport($iSurveyID)
         $oRecordSet->select("lt.*, ls.id");
     }
     if ($iTokenStatus == 4 && $bIsNotAnonymous) {
-        $oRecordSet->selectDistinct('lt.tid, lt.firstname, lt.lastname, lt.email, lt.emailstatus, lt.token, lt.language, lt.sent, lt.remindersent, lt.remindercount, lt.completed, lt.usesleft, lt.validfrom, lt.validuntil, MAX(ls.startdate) as started');
+        // create comma-separated string from attribute names to be used in this sql query
+        if (!empty($attrfieldnames)){
+            $sAttributes = ', ' . implode(', ', $attrfieldnames);
+        } else {
+            $sAttributes = '';
+        }
+        $oRecordSet->selectDistinct('lt.tid, lt.firstname, lt.lastname, lt.email, lt.emailstatus, lt.token, lt.language, lt.sent, lt.remindersent, lt.remindercount, lt.completed, lt.usesleft, lt.validfrom, lt.validuntil' . $sAttributes . ($bIsDateStamped ? ', MAX(ls.startdate) as started' : ''));
         $oRecordSet->join("{{survey_$iSurveyID}} ls", 'lt.token=ls.token');
         $oRecordSet->andWhere("ls.submitdate IS NULL");
-        $oRecordSet->andWhere("ls.startdate IS NOT NULL");
         $oRecordSet->andWhere("lt.completed='N'");
-        $oRecordSet->group('lt.tid, lt.firstname, lt.lastname, lt.email, lt.emailstatus, lt.token, lt.language, lt.sent, lt.remindersent, lt.remindercount, lt.completed, lt.usesleft, lt.validfrom, lt.validuntil');
+        if ($bIsDateStamped){
+            $oRecordSet->andWhere("ls.startdate IS NOT NULL");
+            $oRecordSet->group('lt.tid, lt.firstname, lt.lastname, lt.email, lt.emailstatus, lt.token, lt.language, lt.sent, lt.remindersent, lt.remindercount, lt.completed, lt.usesleft, lt.validfrom, lt.validuntil, ' . $sAttributes);
+        }
     }
 
     if ($iInvitationStatus == 1) {
@@ -2088,10 +2097,9 @@ function tokensExport($iSurveyID)
     // Export UTF8 WITH BOM
     $tokenoutput = chr(hexdec('EF')).chr(hexdec('BB')).chr(hexdec('BF'));
     $tokenoutput .= "tid,firstname,lastname,email,emailstatus,token,language,validfrom,validuntil,invited,reminded,remindercount,completed,usesleft";
-    if ($iTokenStatus == 4 && $bIsNotAnonymous) {
+    if ($iTokenStatus == 4 && $bIsNotAnonymous && $bIsDateStamped) {
         $tokenoutput .= ',started';
     }
-    $attrfieldnames = getAttributeFieldNames($iSurveyID);
     $attrfielddescr = getTokenFieldsAndNames($iSurveyID, true);
     foreach ($attrfieldnames as $attr_name) {
         $tokenoutput .= ", $attr_name";
@@ -2133,7 +2141,7 @@ function tokensExport($iSurveyID)
         $tokenoutput .= '"'.trim($brow['remindercount']).'",';
         $tokenoutput .= '"'.trim($brow['completed']).'",';
         $tokenoutput .= '"'.trim($brow['usesleft']).'",';
-        if ($iTokenStatus == 4 && $bIsNotAnonymous) {
+        if ($iTokenStatus == 4 && $bIsNotAnonymous && $bIsDateStamped) {
             $tokenoutput .= '"'.trim($brow['started']).'",';
         }
         foreach ($attrfieldnames as $attr_name) {

diff --git a/application/models/Participant.php b/application/models/Participant.php
@@ -503,18 +503,31 @@ public function search()
 
         // Include a query for each extra attribute to filter
         foreach ($extraAttributeValues as $attributeId => $value) {
-
             $attributeType = $this->allExtraAttributes[$attributeId]['attribute_type'];
             $attributeId = (int) substr($attributeId, 3);
 
+            /** @var string Param name to bind in prepared statement */
+            $bindKey = ':attribute_id' . $attributeId;
+            $callParticipantAttributes = Yii::app()->db->createCommand()
+                ->selectDistinct('pa.participant_id')
+                ->from('{{participant_attribute}} AS pa')
+                ->where('attribute_id='.$bindKey, array($bindKey => $attributeId));
+            // NB: Binding in andWhere() is not enough since the subquery is converted to string.
+            // See: https://forum.yiiframework.com/t/show-sql-generated-from-cdbcriteria/45021
+            $criteria->params[$bindKey] = $attributeId;
+
             // Use "LIKE" for text-box, equal for other types
             if ($attributeType == 'TB') {
-                $callParticipantAttributes = "SELECT DISTINCT pa.participant_id FROM {{participant_attribute}} AS pa WHERE attribute_id = '".$attributeId."' AND value LIKE '%".$value."%'";
+                $callParticipantAttributes->andWhere('like', 'value', '%' . $value . '%');
             } else {
-                $callParticipantAttributes = "SELECT DISTINCT pa.participant_id FROM {{participant_attribute}} AS pa WHERE attribute_id = '".$attributeId."' AND value = '".$value."'";
+                /** @var string Param name to bind in prepared statement */
+                $bindKey = ':value' . $attributeId;
+                $callParticipantAttributes->andWhere('value = ' . $bindKey, array($bindKey => $value));
+                // NB: Binding in andWhere() is not enough since the subquery is converted to string.
+                $criteria->params[$bindKey] = $value;
             }
 
-            $criteria->addCondition('t.participant_id IN ('.$callParticipantAttributes.')');
+            $criteria->addCondition('t.participant_id IN ('.$callParticipantAttributes->getText().')');
         }
 
         $DBCountActiveSurveys = SurveyLink::model()->tableName();

diff --git a/application/models/TemplateConfiguration.php b/application/models/TemplateConfiguration.php
@@ -96,6 +96,7 @@ class TemplateConfiguration extends TemplateConfig
     public $template_extends;
     public $template_description;
 
+
     /**
      * @return string the associated database table name
      */
@@ -461,6 +462,8 @@ public function searchGrid()
         $criteria->compare('template.description', $this->template_description, true);
         $criteria->compare('template.extends', $this->template_extends, true);
 
+
+
         $coreTemplates = Template::getStandardTemplateList();
         if ($this->template_type == 'core'){
             $criteria->addInCondition('template_name', $coreTemplates);
@@ -476,6 +479,27 @@ public function searchGrid()
         ));
     }
 
+    /**
+     * Twig statements can be used in Theme description
+     */
+    public function getDescription()
+    {
+      $sDescription = $this->template->description;
+
+      // If wrong Twig in manifest, we don't want to block the whole list rendering
+      // Note: if no twig statement in the description, twig will just render it as usual
+      try {
+          $sDescription = Yii::app()->twigRenderer->convertTwigToHtml($this->template->description);
+      } catch (\Exception $e) {
+        // It should never happen, but let's avoid to anoy final user in production mode :) 
+        if (YII_DEBUG){
+          Yii::app()->setFlashMessage("Twig error in template ".$this->template->name." description <br> Please fix it and reset the theme <br>".$e, 'error');
+        }
+      }
+
+      return $sDescription;
+    }
+
     /**
      * Returns the static model of the specified AR class.
      * Please note that you should have this exact method in all your CActiveRecord descendants!