Fixed issue #16142: Deleting a participant after he/she started the s…

…urvey keeps the survey available (#1405) Dev: unset invalid token ($oToken is null)
LimeSurvey · May 20, 2020 · bb4daa7 · bb4daa7
1 parent cdfbcb2
commit bb4daa7
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/application/controllers/survey/index.php b/application/controllers/survey/index.php
@@ -119,7 +119,6 @@ public function action()
 
 
         if ($tokensexist == 1 && isset($token) && $token != "" && tableExists("{{tokens_".$surveyid."}}") && !$previewmode) {
-
             // check also if it is allowed to change survey after completion
             if ($thissurvey['alloweditaftercompletion'] == 'Y') {
                 $oToken = $tokenInstance = Token::model($surveyid)->editable()->findByAttributes(array('token' => $token));
@@ -129,6 +128,10 @@ public function action()
             if (empty($tokenInstance)) {
                 $oToken = Token::model($surveyid)->findByAttributes(array('token' => $token));
             }
+            if(empty($oToken)) {
+                // #16142 quick fix : unset invalid token
+                $token = null;
+            }
         }
 
         $this->_loadLimesurveyLang($surveyid);
@@ -451,8 +454,7 @@ public function action()
         // this check is done in buildsurveysession and error message
         // could be more interresting there (takes into accound captcha if used)
         if ($tokensexist == 1 && isset($token) && $token != "" && tableExists("{{tokens_".$surveyid."}}") && !$previewmode) {
-            if (empty($tokenInstance)) {
-                if ($oToken) {
+            if (empty($tokenInstance) && $oToken ) {
                     $now = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", Yii::app()->getConfig("timeadjust"));
 
                     // This can not happen (TokenInstance must fix this)
@@ -486,9 +488,9 @@ public function action()
                         null,
                         array($sError)
                     );
-                } else {
-                    $sError = gT("This is a controlled survey. You need a valid token to participate.");
-                }
+            } else {
+                // Must never happen : unset invalid token for the second time
+                $token = null;
             }
         }