From cd88e57618ca494c9f7d053a6786f887b3272e2a Mon Sep 17 00:00:00 2001
From: Denis Chenu <courriel@shnoulle.net>
Date: Fri, 14 Jun 2013 19:31:36 +0200
Subject: [PATCH] Revert "Fixed issue : Potential SQL security with array in
 param" This reverts commit 39f8bfb4d9ef3d7a02829e9a71b742ced37979f1.

---
 application/helpers/common_helper.php | 15 ++++++++-------
 application/models/Survey.php         |  4 ----
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/application/helpers/common_helper.php b/application/helpers/common_helper.php
index 20f2a844b2e..485735b50c1 100644
--- a/application/helpers/common_helper.php
+++ b/application/helpers/common_helper.php
@@ -1601,16 +1601,17 @@ function fixMovedQuestionConditions($qid,$oldgid,$newgid) //Function rewrites th
 */
 function returnGlobal($stringname)
 {
-    $urlParam=Yii::app()->request->getParam($stringname);
-    if(!$urlParam && $aCookies=Yii::app()->request->getCookies()) // Get gookies (what for ? But used before)
+    if ($stringname=='sid') // don't read SID from a Cookie
     {
-        if(isset($aCookies[$stringname]))
-        {
-            $urlParam = $aCookies[$stringname];
-        }
+        if (isset($_GET[$stringname])) $urlParam = $_GET[$stringname];
+        if (isset($_POST[$stringname])) $urlParam = $_POST[$stringname];
+    }
+    elseif (isset($_REQUEST[$stringname]))
+    {
+        $urlParam = $_REQUEST[$stringname];
     }
 
-    if ($urlParam && is_string($urlParam))
+    if (isset($urlParam))
     {
         if ($stringname == 'sid' || $stringname == "gid" || $stringname == "oldqid" ||
         $stringname == "qid" || $stringname == "tid" ||
diff --git a/application/models/Survey.php b/application/models/Survey.php
index 48d853bd199..f678f8ba086 100644
--- a/application/models/Survey.php
+++ b/application/models/Survey.php
@@ -342,10 +342,6 @@ public function deleteSurvey($iSurveyID, $recursive=true)
     }
     
     public function findByPk($pk, $condition = '', $params = array()) {
-        if(!is_int($pk))
-        {
-            return false;
-        }
         if (empty($condition) && empty($params)) {
             if (array_key_exists($pk, $this->findByPkCache)) {
                 return $this->findByPkCache[$pk];