Skip to content

Commit

Permalink
Fixed issue #08887: Question text and help : unable to use html entit…
Browse files Browse the repository at this point in the history 
…ies of < and > for admin

Dev: did we need to move fixCKeditor to model, think yes but unsure
  • Loading branch information
@Shnoulle
Shnoulle committed Mar 21, 2014
1 parent de81f17 commit c4e45cc
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 17 deletions.
31 changes: 17 additions & 14 deletions application/controllers/admin/database.php
View file
Expand Up @@ -36,6 +36,10 @@ function index($sa = null)
$iQuestionID=returnGlobal('qid');
$sDBOutput = '';

$oFixCKeditor= new LSYii_Validators;
$oFixCKeditor->fixCKeditor=true;
$oFixCKeditor->xssfilter=false;

if ($sAction == "updatedefaultvalues" && Permission::model()->hasSurveyPermission($iSurveyID, 'surveycontent','update'))
{

Expand Down Expand Up @@ -144,7 +148,7 @@ function index($sa = null)
$sAnswerText=Yii::app()->request->getPost('answer_'.$sLanguage.'_'.$iSortOrderID.'_'.$iScaleID);

// Fix bug with FCKEditor saving strange BR types
$sAnswerText=fixCKeditorText($sAnswerText);
$sAnswerText=$oFixCKeditor->fixCKeditor($sAnswerText);

This comment has been minimized.

Sign in to view

Copy link
@Shnoulle

Shnoulle Mar 21, 2014

Author Collaborator

I think we can move it to model and remove the fixCkEditorText used in common_helper. But : not used when importing or when use remote_control.
With RC : you can add a question texte with only a [space], not with admin edition.

If OK: do it monday (questiongroup and surveyadmin controllers use fixCkEditorText

This comment has been minimized.

Sign in to view

Copy link
@Shnoulle

Shnoulle Mar 22, 2014

Author Collaborator

Thniking : ckEditor is here : https://github.com/LimeSurvey/LimeSurvey/tree/master/application/views/admin/htmleditor (I think).
fixCkeditor must be in the same place, and think it can be done in jacascrit (before submit).

Ok for this ? (2.06 only)
// Now we insert the answers
$iInsertCount=Answer::model()->insertRecords(array('code'=>$sCode,
'answer'=>$sAnswerText,
Expand Down Expand Up @@ -357,12 +361,11 @@ function index($sa = null)
$iQuestionOrder=(getMaxQuestionOrder($iQuestionGroupID,$iSurveyID));
$iQuestionOrder++;
}
// &eacute; to é and &amp; to & : really needed ? Why not for answers ? (140307)
$sQuestionText=html_entity_decode(Yii::app()->request->getPost('question_'.$sBaseLanguage), ENT_QUOTES, "UTF-8");
$sQuestionHelp=html_entity_decode(Yii::app()->request->getPost('help_'.$sBaseLanguage), ENT_QUOTES, "UTF-8");
$sQuestionText=Yii::app()->request->getPost('question_'.$sBaseLanguage,'');
$sQuestionHelp=Yii::app()->request->getPost('help_'.$sBaseLanguage,'');
// Fix bug with FCKEditor saving strange BR types : in rules ?
$sQuestionText=fixCKeditorText($sQuestionText);
$sQuestionHelp=fixCKeditorText($sQuestionHelp);
$sQuestionText=$oFixCKeditor->fixCKeditor($sQuestionText);
$sQuestionHelp=$oFixCKeditor->fixCKeditor($sQuestionHelp);

$iQuestionID=0;
$oQuestion= new Question;
Expand Down Expand Up @@ -734,11 +737,11 @@ function index($sa = null)
if (isset($qlang) && $qlang != "")
{
// &eacute; to é and &amp; to & : really needed ? Why not for answers ? (130307)
$sQuestionText=html_entity_decode(Yii::app()->request->getPost('question_'.$qlang), ENT_QUOTES, "UTF-8");
$sQuestionHelp=html_entity_decode(Yii::app()->request->getPost('help_'.$qlang), ENT_QUOTES, "UTF-8");
$sQuestionText=Yii::app()->request->getPost('question_'.$qlang,'');
$sQuestionHelp=Yii::app()->request->getPost('help_'.$qlang,'');
// Fix bug with FCKEditor saving strange BR types : in rules ?
$sQuestionText=fixCKeditorText($sQuestionText);
$sQuestionHelp=fixCKeditorText($sQuestionHelp);
$sQuestionText=$oFixCKeditor->fixCKeditor($sQuestionText);
$sQuestionHelp=$oFixCKeditor->fixCKeditor($sQuestionHelp);
$udata = array(
'type' => Yii::app()->request->getPost('type'),
'title' => Yii::app()->request->getPost('title'),
Expand Down Expand Up @@ -904,10 +907,10 @@ function index($sa = null)
$welcome = Yii::app()->request->getPost('welcome_'.$langname);
$endtext = Yii::app()->request->getPost('endtext_'.$langname);

$short_title=fixCKeditorText($short_title);
$description=fixCKeditorText($description);
$welcome=fixCKeditorText($welcome);
$endtext=fixCKeditorText($endtext);
$short_title=$oFixCKeditor->fixCKeditor($short_title);
$description=$oFixCKeditor->fixCKeditor($description);
$welcome=$oFixCKeditor->fixCKeditor($welcome);
$endtext=$oFixCKeditor->fixCKeditor($endtext);

$data = array(
'surveyls_title' => $short_title,
Expand Down
39 changes: 36 additions & 3 deletions application/core/LSYii_Validators.php
View file
Expand Up @@ -14,6 +14,11 @@

class LSYii_Validators extends CValidator {

/**
* Filter attribute for fixCKeditor
* @var boolean
*/
public $fixCKeditor=false;
/**
* Filter attribute for XSS
* @var boolean
Expand Down Expand Up @@ -60,11 +65,39 @@ protected function validateAttribute($object,$attribute)
$object->$attribute=$this->multiLanguageFilter($object->$attribute);
}
}

/**
* Defines the customs validation rule xssfilter
* Remove some empty characters put by CK editor
* Did we need to do if user don't use inline HTML editor ?
*
* @param mixed $value
* @param string $value
*/
public function fixCKeditor($value)
{
// Actually don't use it in model : model apply too when import : needed or not ?
$value = str_replace('<br type="_moz" />','',$value);
if ($value == "<br />" || $value == " " || $value == "&nbsp;")
{
$value = "";
}
if (preg_match("/^[\s]+$/",$value))
{
$value='';
}
if ($value == "\n")
{
$value = "";
}
if (trim($value) == "&nbsp;" || trim($value)=='')
{ // chrome adds a single &nbsp; element to empty fckeditor fields
$value = "";
}
return $value;
}
/**
* Remove any script or dangerous HTML
*
* @param string $value
*/
public function xssFilter($value)
{
Expand Down

0 comments on commit c4e45cc

Please sign in to comment.