Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/master' into global_participants
Browse files Browse the repository at this point in the history
  • Loading branch information
@olleharstedt
olleharstedt committed Sep 21, 2016
2 parents f71b86f + 4271709 commit d3cdefb
Show file tree
Hide file tree
Showing 7 changed files with 36 additions and 11 deletions.
10 changes: 7 additions & 3 deletions application/core/LSUserIdentity.php
View file
Expand Up @@ -127,8 +127,12 @@ protected function postLogin()

// Check for default password
if ($this->password === 'password') {
App()->user->setFlash('warning', gT('Warning: You are still using the default password (\'password\'). Please change your password and re-login again.'));
//App()->user->setFlash('pwdnotify', gT('Warning: You are still using the default password (\'password\'). Please change your password and re-login again.'));
Yii::app()->setFlashMessage(gT("Warning: You are still using the default password ('password'). Please change your password and re-login again."),'warning');
}

if ((int)App()->request->getPost('width', '1280') < 1280)
{
Yii::app()->setFlashMessage(gT("Your browser screen size is too small to use the administration properly. The minimum size required is 1280*1024 px."),'error');
}

// Do session setup
Expand All @@ -142,7 +146,7 @@ protected function postLogin()
Yii::app()->session['session_hash'] = hash('sha256',getGlobalSetting('SessionName').$user->users_name.$user->uid);

// Perform language settings
if (App()->request->getPost('loginlang','default') != 'default')
if (App()->request->getPost('loginlang', 'default') != 'default')
{
$user->lang = sanitize_languagecode(App()->request->getPost('loginlang'));
$user->save();
Expand Down
17 changes: 17 additions & 0 deletions application/helpers/common_helper.php
View file
Expand Up @@ -2608,6 +2608,23 @@ function dbQuoteAll($value)
return Yii::app()->db->quoteValue($value);
}


/**
* This function strips UTF-8 control characters from strings, except tabs, CR and LF
* - it is intended to be used before any response data is saved to the response table
*
* @param mixed $sValue A string to be sanitized
* @return A sanitized string, otherwise the unmodified original variable
*/
function stripCtrlChars($sValue)
{
if (is_string($sValue))
{
$sValue=preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x80-\x9F]/u', '', $sValue);
}
return $sValue;
}

// make a string safe to include in a JavaScript String parameter.
function javascriptEscape($str, $strip_tags=false, $htmldecode=false) {
$new_str ='';
Expand Down
4 changes: 2 additions & 2 deletions application/helpers/expressions/em_manager_helper.php
View file
Expand Up @@ -5332,7 +5332,7 @@ private function _UpdateValuesInDatabase($updatedValues, $finished=false)
{
$sdata['refurl'] = getenv("HTTP_REFERER");
}
}
}

$sdata = array_filter($sdata);
SurveyDynamic::sid($this->sid);
Expand Down Expand Up @@ -5432,7 +5432,7 @@ private function _UpdateValuesInDatabase($updatedValues, $finished=false)
}
else
{
$setter[] = dbQuoteID($key) . "=" . dbQuoteAll($val);
$setter[] = dbQuoteID($key) . "=" . dbQuoteAll(stripCtrlChars($val));
}
}
$query .= implode(', ', $setter);
Expand Down
3 changes: 2 additions & 1 deletion application/models/SurveyDynamic.php
View file
Expand Up @@ -647,6 +647,7 @@ protected function joinWithToken(CDbCriteria $criteria, CSort $sort)

/**
* Loop through columns and add filter if any value is given for this column
* Used in responses grid
* @param CdbCriteria $criteria
* @return void
*/
Expand Down Expand Up @@ -683,7 +684,7 @@ protected function filterColumns(CDbCriteria $criteria)
}
else
{
$criteria->compare( Yii::app()->db->quoteColumnName($c1), $this->$c1, false);
$criteria->compare( Yii::app()->db->quoteColumnName($c1), $this->$c1, true);
}
}
}
Expand Down
1 change: 1 addition & 0 deletions application/third_party/xlsx_writer/xlsxwriter.class.php
View file
Expand Up @@ -582,6 +582,7 @@ public static function sanitize_filename($filename) //http://msdn.microsoft.com/
//------------------------------------------------------------------
public static function xmlspecialchars($val)
{
$val=preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x80-\x9F]/u', '', $val);
return str_replace("'", "&#39;", htmlspecialchars($val));
}
//------------------------------------------------------------------
Expand Down
6 changes: 5 additions & 1 deletion application/views/admin/authentication/login.php
View file
Expand Up @@ -116,6 +116,7 @@
<div class="row login-submit login-content">
<div class="col-lg-12">
<p><input type='hidden' name='action' value='login' />
<input type='hidden' id='width' name='width' value='' />
<button type="submit" class="btn btn-default" name='login_submit' value='login'><?php eT('Log in');?></button><br />
<br/>
<?php
Expand All @@ -138,5 +139,8 @@

<!-- Set focus on user input -->
<script type='text/javascript'>
document.getElementById('user').focus();
$( document ).ready(function() {
$('#user').focus();
$("#width").val($(window).width());
});
</script>
6 changes: 2 additions & 4 deletions application/views/admin/super/admin_notifications.php
View file
Expand Up @@ -67,13 +67,11 @@ class='admin-notification-link'
</ul>
</li>
<li id='notification-divider' class="divider"></li>

<li id='notification-clear-all'>
<a
href='#'
data-toggle='modal'
data-target='#confirmation-modal'
data-onclick='(function() { LS.deleteAllNotifications("<?php echo $clearAllNotificationsUrl ?>", "<?php echo $updateUrl; ?>"); })'
onclick='(function() { LS.deleteAllNotifications("<?php echo $clearAllNotificationsUrl ?>", "<?php echo $updateUrl; ?>"); })()'
>
<span class='fa fa-trash text-warning'></span>&nbsp;
<?php eT('Delete all notifications'); ?>
Expand Down

0 comments on commit d3cdefb

Please sign in to comment.