Revert "New feature #15693: Allow simple user to update script with X…

…SS enable" Dev: bad push … This reverts commit 96c06a9.
LimeSurvey · Jan 17, 2020 · 97d8e34 · 97d8e34 · Shnoulle · Jan 17, 2020
1 parent 96c06a9
commit 97d8e34
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 33 deletions.
diff --git a/application/config/config-defaults.php b/application/config/config-defaults.php
@@ -237,12 +237,6 @@
 // allow these users to be able to use Javascript etc. .
 $config['filterxsshtml'] = true;
 
-// disablescriptwithxss
-// Allow update of script in question
-// true : Default : follow XSS rules
-// false : allowed for all
-$config['disablescriptwithxss'] = true;
-
 // usercontrolSameGroupPolicy
 // If this option is set to true, then limesurvey operators will only 'see'
 // users that belong to at least one of their groups

diff --git a/application/core/LSWebUser.php b/application/core/LSWebUser.php
@@ -133,9 +133,6 @@ public function isXssFiltered()
             // Permission::model exist only after 172 DB version
             return Yii::app()->getConfig('filterxsshtml');
         }
-        if (!Yii::app()->getConfig('disablescriptwithxss')) {
-            return true;
-        }
         if (Yii::app()->getConfig('filterxsshtml')) {
             return !\Permission::model()->hasGlobalPermission('superadmin', 'read');
         }

diff --git a/application/views/admin/globalsettings/_security.php b/application/views/admin/globalsettings/_security.php
@@ -11,7 +11,7 @@
         <?php $this->widget('yiiwheels.widgets.switch.WhSwitch', array(
             'name' => 'surveyPreview_require_Auth',
             'id'=>'surveyPreview_require_Auth',
-            'value' => Yii::app()->getConfig('surveyPreview_require_Auth'),
+            'value' => getGlobalSetting('surveyPreview_require_Auth'),
             'onLabel'=>gT('On'),
             'offLabel' => gT('Off')));
         ?>
@@ -24,42 +24,24 @@
         <?php $this->widget('yiiwheels.widgets.switch.WhSwitch', array(
             'name' => 'filterxsshtml',
             'id'=>'filterxsshtml',
-            'value' => Yii::app()->getConfig('filterxsshtml'),
+            'value' => getGlobalSetting('filterxsshtml'),
             'onLabel'=>gT('On'),
             'offLabel' => gT('Off')
             ));
         ?>
     </div>
-    <div class="help-block">
-        <span class='text-success'><?php eT("Note: XSS filtering is always disabled for the superadministrator."); ?></span>
-    </div>
-</div>
-
-<div class="form-group">
-    <label class=" control-label"  for='disablescriptwithxss'><?php eT("Disable question script for XSS restricted user:"); ?></label>
     <div class="">
-        <?php $this->widget('yiiwheels.widgets.switch.WhSwitch', array(
-            'name' => 'filterxsshtml',
-            'id'=>'filterxsshtml',
-            'value' => Yii::app()->getConfig('disablescriptwithxss'),
-            'onLabel'=>gT('On'),
-            'offLabel' => gT('Off')
-            ));
-        ?>
-    </div>
-    <div class="help-block">
-        <span class='text-warning'><?php eT("If you disable this option : user with XSS restriction still can add script. This allow user to add cross-site scripting javascript system."); ?></span>
+        <span class='hint'><?php eT("Note: XSS filtering is always disabled for the superadministrator."); ?></span>
     </div>
 </div>
 
-
 <div class="form-group">
     <label class=" control-label"  for='usercontrolSameGroupPolicy'><?php eT("Group member can only see own group:"); ?></label>
     <div class="">
         <?php $this->widget('yiiwheels.widgets.switch.WhSwitch', array(
             'name' => 'usercontrolSameGroupPolicy',
             'id'=>'usercontrolSameGroupPolicy',
-            'value' => Yii::app()->getConfig('usercontrolSameGroupPolicy'),
+            'value' => getGlobalSetting('usercontrolSameGroupPolicy'),
             'onLabel'=>gT('On'),
             'offLabel' => gT('Off')));
         ?>
@@ -75,7 +57,7 @@
     <div class="">
         <?php $this->widget('yiiwheels.widgets.buttongroup.WhButtonGroup', array(
             'name' => 'x_frame_options',
-            'value'=> Yii::app()->getConfig('x_frame_options'),
+            'value'=> getGlobalSetting('x_frame_options'),
             'selectOptions'=>array(
                 "allow"=>gT("Allow",'unescaped'),
                 "sameorigin"=>gT("Same origin",'unescaped')
@@ -93,7 +75,7 @@
     <div class="">
         <?php $this->widget('yiiwheels.widgets.buttongroup.WhButtonGroup', array(
             'name' => 'force_ssl',
-            'value'=> Yii::app()->getConfig('force_ssl'),
+            'value'=> getGlobalSetting('force_ssl'),
             'selectOptions'=>array(
                 "on"=>gT("On",'unescaped'),
                 "off"=>gT("Off",'unescaped')