Fixed issue [security] #16841: Reflected XSS during registration

Dev: fix other XSS for admin user
LimeSurvey · Nov 23, 2020 · ab23642 · ab23642
1 parent 4341214
commit ab23642
Show file tree

Hide file tree

Showing 7 changed files with 18 additions and 18 deletions.
diff --git a/application/controllers/RegisterController.php b/application/controllers/RegisterController.php
@@ -122,7 +122,7 @@ public function actionIndex($sid = null)
         $this->aRegisterErrors = $event->get('aRegisterErrors');
         $iTokenId = $event->get('iTokenId');
         // Test if we come from register form (and submit)
-        if ((Yii::app()->request->getPost('register')) && !$iTokenId) {
+        if ((App()->request->getPost('register')) && !$iTokenId) {
             self::getRegisterErrors($iSurveyId);
             if (empty($this->aRegisterErrors)) {
                 $iTokenId = self::getTokenId($iSurveyId);
@@ -159,8 +159,8 @@ public function getRegisterErrors($iSurveyId)
 
         // Check the security question's answer
         if (isCaptchaEnabled('registrationscreen', $aSurveyInfo['usecaptcha'])) {
-            $sLoadSecurity = Yii::app()->request->getPost('loadsecurity', '');
-            $captcha = Yii::app()->getController()->createAction("captcha");
+            $sLoadSecurity = App()->request->getPost('loadsecurity', '');
+            $captcha = App()->getController()->createAction("captcha");
             $captchaCorrect = $captcha->validate($sLoadSecurity, false);
 
             if (!$captchaCorrect) {
@@ -202,8 +202,8 @@ public function getRegisterSuccess($iSurveyId, $iTokenId)
         $aData['active'] = $oSurvey->active;        
         $aData['iSurveyId'] = $iSurveyId;
         $aData['sLanguage'] = App()->language;
-        $aData['sFirstName'] = Yii::app()->request->getPost('register_firstname', '');
-        $aData['sLastName'] = Yii::app()->request->getPost('register_lastname', '');
+        $aData['sFirstName'] = $oToken->firstname;
+        $aData['sLastName'] = $oToken->lastname;
         $aData['sEmail'] = $oToken->email;
         $aData['thissurvey'] = $oSurvey->attributes;
 
@@ -369,14 +369,14 @@ public function getFieldValue($iSurveyId)
         $sLanguage = Yii::app()->language;
         $aSurveyInfo = getSurveyInfo($iSurveyId, $sLanguage);
         $aFieldValue = array();
-        $aFieldValue['sFirstName'] = Yii::app()->request->getPost('register_firstname', '');
-        $aFieldValue['sLastName'] = Yii::app()->request->getPost('register_lastname', '');
-        $aFieldValue['sEmail'] = Yii::app()->request->getPost('register_email', '');
+        $aFieldValue['sFirstName'] = App()->request->getPost('register_firstname', '');
+        $aFieldValue['sLastName'] = App()->request->getPost('register_lastname', '');
+        $aFieldValue['sEmail'] = App()->request->getPost('register_email', '');
         $aRegisterAttributes = $aSurveyInfo['attributedescriptions'];
         $aFieldValue['aAttribute'] = array();
         foreach ($aRegisterAttributes as $key=>$aRegisterAttribute) {
             if ($aRegisterAttribute['show_register'] == 'Y') {
-                $aFieldValue['aAttribute'][$key] = Yii::app()->request->getPost('register_'.$key, '');
+                $aFieldValue['aAttribute'][$key] = App()->request->getPost('register_'.$key, '');
             }
         }
         return $aFieldValue;

diff --git a/application/controllers/admin/dataentry.php b/application/controllers/admin/dataentry.php
@@ -1670,7 +1670,7 @@ public function insert()
 
                             $aToken = new Token($surveyid);  
                             $aToken->setAttributes($tokendata, false);  
-                            $aToken->encryptSave();
+                            $aToken->encryptSave(true);
                             $aDataentrymsgs[] = CHtml::tag('font', array('class'=>'successtitle'), gT("A survey participant entry for the saved survey has been created too."));
                         }
                         if ($saver['email']) {

diff --git a/application/controllers/admin/participantsaction.php b/application/controllers/admin/participantsaction.php
@@ -702,7 +702,7 @@ public function updateParticipant($aData, array $extraAttributes = array())
         }
 
         $participant->attributes = $aData;
-        $participant->encryptSave();
+        $participant->encryptSave(true);
 
         foreach ($extraAttributes as $htmlName => $attributeValue) {
             list(, $attribute_id) = explode('_', $htmlName);

diff --git a/application/controllers/admin/tokens.php b/application/controllers/admin/tokens.php
@@ -456,7 +456,7 @@ public function editMultiple()
                             $token->$k = $v;
                         }
 
-                        $bUpdateSuccess = $token->encryptSave();
+                        $bUpdateSuccess = $token->encryptSave(true);
                         if ($bUpdateSuccess) {
                             $aResults[$iTokenId]['status']    = true;
                             $aResults[$iTokenId]['message']   = gT('Updated');
@@ -703,7 +703,7 @@ public function addnew($iSurveyId)
                 // AutoExecute
                 $token = Token::create($iSurveyId);
                 $token->setAttributes($aData, false);
-                $inresult = $token->encryptSave();
+                $inresult = $token->encryptSave(true);
                 $aData['success'] = $inresult;
                 $aData['errors'] = $token->getErrors();
             } else {
@@ -848,7 +848,7 @@ public function edit($iSurveyId, $iTokenId, $ajax = false)
                     $token->$k = $v;
                 }
 
-                $result = $token->encryptSave();
+                $result = $token->encryptSave(true);
 
                 if ($result) {
                     \ls\ajax\AjaxHelper::outputSuccess($sOutput.gT('The survey participant was successfully updated.'));
@@ -1006,7 +1006,7 @@ public function addDummies($iSurveyId, $subaction = '')
                 $token->generateToken($aData['tokenlength']);
 
                 $existingtokens[$token->token] = true;
-                $token->encryptSave();
+                $token->encryptSave(true);
                 $newDummyToken++;
             }
             $aData['thissurvey'] = getSurveyInfo($iSurveyId);

diff --git a/application/helpers/admin/import_helper.php b/application/helpers/admin/import_helper.php
@@ -2368,7 +2368,7 @@ function XMLImportTokens($sFullFilePath, $iSurveyID, $sCreateMissingAttributeFie
 
         $token = Token::create($iSurveyID, 'allowinvalidemail');
         $token->setAttributes($insertdata, false);
-        if (!$token->encryptSave()) {
+        if (!$token->encryptSave(true)) {
             $results['warnings'][] = CHtml::errorSummary($token, gT("Skipped participant entry:"));
         } else {
             $results['tokens']++;

diff --git a/application/helpers/remotecontrol/remotecontrol_handle.php b/application/helpers/remotecontrol/remotecontrol_handle.php
@@ -1991,7 +1991,7 @@ public function set_participant_properties($sSessionKey, $iSurveyID, $aTokenQuer
                 }
 
                 $oToken->setAttributes($aTokenData, false);
-                if ($oToken->encryptSave()) {
+                if ($oToken->encryptSave(true)) {
                     return $oToken->attributes;
                 } else {
                     return array('status' => $oToken->getErrors());

diff --git a/application/models/Participant.php b/application/models/Participant.php
@@ -630,7 +630,7 @@ public function insertParticipant($aData)
         }
 
         try {
-            $result = $oParticipant->encryptSave();
+            $result = $oParticipant->encryptSave(true);
             if (!$result) {
                 return $this->flattenErrorMessages($oParticipant->getErrors());
             }