Fixed issue [security]: removed post request from query builder

LimeSurvey · Feb 3, 2017 · b9332f6 · b9332f6
1 parent 0d25142
commit b9332f6
Showing 1 changed file with 0 additions and 4 deletions.
diff --git a/application/controllers/admin/responses.php b/application/controllers/admin/responses.php
@@ -1089,10 +1089,6 @@ function oldbrowse($iSurveyID)
                 $limit = $dtcount;
             }
 
-            //NOW LETS SHOW THE DATA
-            if (Yii::app()->request->getPost('sql') && stripcslashes(Yii::app()->request->getPost('sql')) !== "" && Yii::app()->request->getPost('sql') != "NULL")
-                $oCriteria->addCondition(stripcslashes(Yii::app()->request->getPost('sql')));
-
             if (!is_null($tokenRequest)) {
                 $oCriteria->addCondition('t.token = ' . Yii::app()->db->quoteValue($tokenRequest));
             }