Skip to content

Commit

Permalink
Fixed issue [security] #18514 : no CSRF control when delete token tab…
Browse files Browse the repository at this point in the history 
…le (#2750)

Dev: move to a post action forum, validate with getPost
  • Loading branch information
@Shnoulle
Shnoulle committed Feb 1, 2023
1 parent 3223a5d commit ba068af
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 56 deletions.
44 changes: 21 additions & 23 deletions application/controllers/admin/Tokens.php
View file
Expand Up @@ -2365,34 +2365,32 @@ public function kill(int $iSurveyId)

$aData['topBar']['hide'] = true;

if (!Yii::app()->request->getQuery('ok')) {
if (!Yii::app()->request->getPost('ok')) {
$aData['sidemenu']['state'] = false;
$aData['backupTableName'] = $newtableDisplay;

$this->renderWrappedTemplate('token', 'deleteParticipantsTable', $aData);
} else /* The user has confirmed they want to delete the tokens table */
{
Yii::app()->db->createCommand()->renameTable("{{{$oldtable}}}", "{{{$newtable}}}");

$archivedTokenSettings = new ArchivedTableSettings();
$archivedTokenSettings->survey_id = $iSurveyId;
$archivedTokenSettings->user_id = $userID;
$archivedTokenSettings->tbl_name = $newtable;
$archivedTokenSettings->tbl_type = 'token';
$archivedTokenSettings->created = $DBDate;
$archivedTokenSettings->properties = $aData['thissurvey']['tokenencryptionoptions'];
$archivedTokenSettings->attributes = json_encode($aData['thissurvey']['attributedescriptions']);
$archivedTokenSettings->save();

//Remove any survey_links to the CPDB
SurveyLink::model()->deleteLinksBySurvey($iSurveyId);
return;
}
/* The user has confirmed they want to delete the tokens table */
Yii::app()->db->createCommand()->renameTable("{{{$oldtable}}}", "{{{$newtable}}}");

$aData['sidemenu']['state'] = false;
$aData['backupTableName'] = $newtableDisplay;
$this->renderWrappedTemplate('token', 'afterDeleteParticipantsTable', $aData);
$archivedTokenSettings = new ArchivedTableSettings();
$archivedTokenSettings->survey_id = $iSurveyId;
$archivedTokenSettings->user_id = $userID;
$archivedTokenSettings->tbl_name = $newtable;
$archivedTokenSettings->tbl_type = 'token';
$archivedTokenSettings->created = $DBDate;
$archivedTokenSettings->properties = $aData['thissurvey']['tokenencryptionoptions'];
$archivedTokenSettings->attributes = json_encode($aData['thissurvey']['attributedescriptions']);
$archivedTokenSettings->save();

LimeExpressionManager::SetDirtyFlag(); // so that knows that survey participants tables have changed
}
//Remove any survey_links to the CPDB
SurveyLink::model()->deleteLinksBySurvey($iSurveyId);

$aData['sidemenu']['state'] = false;
$aData['backupTableName'] = $newtableDisplay;
$this->renderWrappedTemplate('token', 'afterDeleteParticipantsTable', $aData);
LimeExpressionManager::SetDirtyFlag(); // so that knows that survey participants tables have changed
}

/**
Expand Down
9 changes: 3 additions & 6 deletions application/views/admin/token/afterDeleteParticipantsTable.php
View file
Expand Up @@ -18,13 +18,10 @@
<br /> <br />
<?php eT("You can switch back to closed-access mode at any time. Navigate to Settings --> Survey participants and click on the 'Switch to closed-access mode' button."); ?>
<br /><br />
<input
<a
class="btn btn-default"
type="submit"
value="<?php eT('Main Admin Screen'); ?>"
onclick="window.open(
'<?php echo $this->createUrl("surveyAdministration/view/surveyid/{$iSurveyId}"); ?>',
'_top'" />
href="<?php echo $this->createUrl("surveyAdministration/view/surveyid/{$iSurveyId}"); ?>"
><?php eT('Main Admin Screen'); ?></a>
</div>
</div>
</div>
Expand Down
59 changes: 32 additions & 27 deletions application/views/admin/token/deleteParticipantsTable.php
View file
Expand Up @@ -7,33 +7,38 @@
<div class="row welcom survey-action">
<div class="col-lg-12 content-right">
<div class="jumbotron message-box">
<?php echo CHtml::form(
array("admin/tokens/sa/kill", 'surveyid' => $surveyid),
'post',
array('id' => 'deletetokentable', 'name' => 'deletetokentable')
); ?>
<h3 class="lead"><?php eT('Delete survey participants table'); ?></h3>
<p>
<?php eT('Deleting the participants table will switch the survey back to open-access mode.'); ?>
<br /> <br />
<?php eT('Access codes will no longer be required to access this survey.'); ?>
<br /> <br />
<?php eT('A backup of this table will be made if you proceed. Your site administrator will be able to access this table.'); ?>
<br />
<?php echo '('. $backupTableName .')'; ?>
<br /> <br />
<?php eT("You can switch back to closed-access mode at any time. Navigate to Settings --> Survey participants and click on the 'Switch to closed-access mode' button."); ?>
<br /> <br />
</p>
<input
class="btn btn-default"
type="submit"
value="<?php eT('Cancel'); ?>"
onclick="window.open(
'<?php echo $this->createUrl("admin/tokens/sa/index/surveyid/{$iSurveyId}"); ?>',
'_top')" />
<input
class="btn btn-danger"
type='submit'
value="<?php eT('Delete table'); ?>"
onclick="window.open(
'<?php echo $this->createUrl("admin/tokens/sa/kill/surveyid/{$iSurveyId}/ok/Y"); ?>',
'_top')" />

<?php eT('Deleting the participants table will switch the survey back to open-access mode.'); ?>
<br /> <br />
<?php eT('Access codes will no longer be required to access this survey.'); ?>
<br /> <br />
<?php eT('A backup of this table will be made if you proceed. Your site administrator will be able to access this table.'); ?>
<br />
<?php echo '(' . $backupTableName . ')'; ?>
<br /> <br />
<?php eT("You can switch back to closed-access mode at any time. Navigate to Settings --> Survey participants and click on the 'Switch to closed-access mode' button."); ?>
<br />
</p>
<button
class="btn btn-danger"
type='submit'
name="ok"
value="Y"
>
<?php eT('Delete table'); ?>
</button>
<a
class="btn btn-default"
href="<?php echo $this->createUrl("admin/tokens/sa/index/surveyid/{$iSurveyId}"); ?>"
><?php eT('Cancel'); ?></a>
</form>
</div>
</div>
</div>
</div>
</div>

0 comments on commit ba068af

Please sign in to comment.