Dev: POST request with csrfToken check for survey list massive actions

LimeSurvey · May 23, 2016 · a343080 · a343080
1 parent 3c43ac1
commit a343080
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 9 deletions.
diff --git a/application/controllers/admin/export.php b/application/controllers/admin/export.php
@@ -889,18 +889,20 @@ public function dumplabel()
      * Export multiple surveys structure. Called via ajax from surveys list massive action
      * @param string $sSurveys  :json string containing the list of survey to delete
      */
-    public function exportMultipleStructureSurveys($sSurveys)
+    public function exportMultipleStructureSurveys()
     {
+        $sSurveys = $_POST['sSurveys'];
         $exportResult = $this->exportMultipleSurveys($sSurveys, 'structure');
-        Yii::app()->getController()->renderPartial('/admin/survey/massive_actions/_export_archive_results', array('aResults'=>$exportResult['aResults'], 'sZip'=>$exportResult['sZip']));
+        Yii::app()->getController()->renderPartial('/admin/survey/massive_actions/_export_archive_results', array('aResults'=>$exportResult['aResults'], 'sZip'=>$exportResult['sZip'], 'bArchiveIsEmpty'=>$exportResult['bArchiveIsEmpty']));
     }
 
     /**
      * Export multiple surveys archives. Called via ajax from surveys list massive action
      * @param string $sSurveys  :json string containing the list of survey to delete
      */
-    public function exportMultipleArchiveSurveys($sSurveys)
+    public function exportMultipleArchiveSurveys()
     {
+        $sSurveys = $_POST['sSurveys'];
         $exportResult = $this->exportMultipleSurveys($sSurveys, 'archive');
         Yii::app()->getController()->renderPartial('/admin/survey/massive_actions/_export_archive_results', array('aResults'=>$exportResult['aResults'], 'sZip'=>$exportResult['sZip'], 'bArchiveIsEmpty'=>$exportResult['bArchiveIsEmpty']));
     }

diff --git a/application/controllers/admin/surveyadmin.php b/application/controllers/admin/surveyadmin.php
@@ -52,9 +52,9 @@ public function index()
     /**
      * @param string $sSurveys  :json string containing the list of survey to delete
      */
-    public function deleteMultipleSurveys($sSurveys)
+    public function deleteMultipleSurveys()
     {
-        $aSurveys = json_decode($sSurveys);
+        $aSurveys = json_decode($_POST['sSurveys']);
         $aResults = array();
         foreach($aSurveys as $iSurveyID)
         {

diff --git a/scripts/admin/admin_core.js b/scripts/admin/admin_core.js
@@ -58,7 +58,10 @@ $(document).ready(function(){
                 $checkedSid  = JSON.stringify($oCheckedSid);
 
                 $modal       = $('#confirmation-modal');                        // The modal we want to use
-                $actionUrl   = $actionUrl + '/sSurveys/'+$checkedSid;
+
+                $actionUrl   = $actionUrl;
+                $postDatas   = {sSurveys:$checkedSid};
+
                 $modal.data('keepopen', true);                                  // We want to update the modal content after confirmation
 
                 // Needed modal elements
@@ -102,7 +105,7 @@ $(document).ready(function(){
                     $.ajax({
                         url : $actionUrl,
                         type : 'POST',
-                        dataType : 'html',
+                        data :  $postDatas,
 
                         // html contains the buttons
                         success : function(html, statut){
@@ -112,8 +115,8 @@ $(document).ready(function(){
                         },
                         error :  function(html, statut){
                             $ajaxLoader.hide();
-                            $modal.find('.modal-body-text').empty().html(html);
-                            $modal.find('.modal-body-text').append(statut);
+                            $modal.find('.modal-body-text').empty().html(html.responseText);
+                            console.log(html);
                         }
                     });
                 });