Merge branch '2.57.1'

.bowerrc

@@ -0,0 +1,3 @@
+{
+    "directory" : "third_party"
+}

.gitignore

@@ -29,3 +29,9 @@ application/config/_config.php
 /tmp/runtime/URI/*.ser
 /tmp/runtime/CSS/*.ser
 launch.json
+# ignore plugins directory by default except LS plugin
+# if you want to add a new distributed plugin : add the directory here
+/plugins/*
+!/plugins/index.html
+!/plugins/Demo/
+!/plugins/AuditLog/

application/Psr4AutoloaderClass.php

@@ -99,7 +99,7 @@ public function addNamespace($prefix, $base_dir, $prepend = false)
      * Loads the class file for a given class name.
      *
      * @param string $class The fully-qualified class name.
-     * @return mixed The mapped file name on success, or boolean false on
+     * @return string|false The mapped file name on success, or boolean false on
      * failure.
      */
     public function loadClass($class)
@@ -138,7 +138,7 @@ public function loadClass($class)
      * 
      * @param string $prefix The namespace prefix.
      * @param string $relative_class The relative class name.
-     * @return mixed Boolean false if no mapped file can be loaded, or the
+     * @return false|string Boolean false if no mapped file can be loaded, or the
      * name of the mapped file that was loaded.
      */
     protected function loadMappedFile($prefix, $relative_class)

application/config/config-defaults.php

@@ -661,6 +661,7 @@
 // Home page default Settings
 $config['show_logo'] = 'show';
 $config['show_last_survey_and_question'] = 'show';
+$config['show_survey_list_search'] = 'show';
 $config['boxes_by_row'] = '3';
 $config['boxes_offset'] = '3';
 

application/config/internal.php

@@ -105,19 +105,22 @@
         ),
         // These are defaults and are later overwritten in LSYii_Application by a path based on config tempdir/tempurl
         'assetManager' => array(
+            'excludeFiles' => array("config.xml", "assessment.pstpl", "clearall.pstpl",  "completed.pstpl",  "endgroup.pstpl",  "endpage.pstpl",  "groupdescription.pstpl",  "load.pstpl",  "navigator.pstpl",  "printanswers.pstpl",  "print_group.pstpl",  "print_question.pstpl",  "print_survey.pstpl",  "privacy.pstpl",  "question.pstpl",  "register.pstpl",  "save.pstpl",  "startgroup.pstpl",  "startpage.pstpl",  "surveylist.pstpl",  "survey.pstpl",  "welcome.pstpl" ),
             'baseUrl' => '/tmp/assets',
-            'basePath'=> dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'tmp'.DIRECTORY_SEPARATOR.'assets'
+            'basePath'=> dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'tmp'.DIRECTORY_SEPARATOR.'assets',
         ),
 
         'request' => array(
             'class'=>'LSHttpRequest',
+            'enableCsrfValidation'=>true,    // CSRF protection
+            'enableCookieValidation'=>false,   // Enable to activate cookie protection
             'noCsrfValidationRoutes'=>array(
                 'remotecontrol',
                 'plugins/unsecure',
             ),
-
-            'enableCsrfValidation'=>true,    // CSRF protection
-            'enableCookieValidation'=>false   // Enable to activate cookie protection
+            'csrfCookie' => array(
+                'secure' => ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT']== 443))
+            ),
         ),
         'user' => array(
             'class' => 'LSWebUser',
@@ -146,7 +149,7 @@
         'session' => array(
             'cookieParams' => array(
                 'httponly' => true,
-                'secure'=> isset($_SERVER['HTTPS']) && ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443)
+                'secure' => ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT']== 443))
             ),
         ),
         'messages' => array(

application/config/third_party.php

@@ -67,34 +67,6 @@
         )
     ),
 
-    // jQgrid
-    'jqgrid' => array(
-        'basePath' => 'third_party.jqgrid',
-        'js' => array(
-            'js/jquery.jqGrid.min.js',
-            'js/i18n/grid.locale-en.js',
-            'plugins/jquery.searchFilter.js'
-        ),
-        'css' => array(
-            //'css/ui.jqgrid.css'
-        ),
-        'depends' => array(
-            'jquery'
-        )
-
-    ),
-
-    'jqgrid.addons' => array(
-        'basePath' => 'third_party.jqgrid.plugins',
-        'js' => array(
-            'grid.addons.js'
-        ),
-        'depends' => array(
-            'jqgrid'
-        )
-
-    ),
-
     // jquery bindWithDelay
     'jquery-bindWithDelay' => array(
         'basePath' => 'third_party.jquery-bindWithDelay',
@@ -295,6 +267,79 @@
         'js' => array(
             'Uri.js'
         ),
+    ),
+
+    'bootstrap-datetimepicker' => array(
+        'basePath' => 'third_party.bootstrap-datetimepicker',
+        'css' => array(
+            'css/bootstrap-datetimepicker.min.css'
+        ),
+        'js' => array(
+            'js/bootstrap-datetimepicker.min.js'
+        ),
+        'depends' => array(
+            'jquery',
+            'bootstrap',
+            'moment'
+        )
+    ),
+
+    'bootstrap-switch' => array(
+        'basePath' => 'third_party.bootstrap-switch',
+        'css' => array(
+            'css/bootstrap-switch.min.css'
+        ),
+        'js' => array(
+            'js/bootstrap-switch.min.js'
+        ),
+        'depends' => array(
+            'jquery',
+            'bootstrap',
+            'moment'
+        )
+    ),
+
+    'jquery-datatable' => array(
+        'basePath' => 'third_party.jquery-datatable',
+        'css' => array(
+            'datatables.min.css'
+        ),
+        'js' => array(
+            'datatables.js'
+        ),
+        'depends' => array(
+            'jquery',
+            'bootstrap'
+        )
+    ),
+
+    'es6promise' => array(
+        'basePath' => 'third_party.es6promise',
+        'js' => array(
+            'es6-promise.auto.min.js'
+        )
+    ),
+
+    'dom2image' => array(
+        'basePath' => 'third_party.dom-to-image',
+        'js' => array(
+            'dist/dom-to-image.min.js',
+        )
+    ),
+
+    'jspdf' => array(
+        'basePath' => 'third_party.jspdf',
+        'js' => array(
+            'jspdf.min.js',
+            'createpdf_worker.js'
+        ),
+        'depends' => array(
+            'dom2image',
+            'es6promise',
+            'jquery',
+            'bootstrap'
+        )
     )
 
+
 );

application/config/version.php

@@ -12,11 +12,11 @@
  *150413
  */
 
-$config['versionnumber'] = '2.52';
+$config['versionnumber'] = '2.57.1';
 $config['dbversionnumber'] = 260;
 $config['buildnumber'] = '';
 $config['updatable'] = true;
-$config['assetsversionnumber'] = '34';
+$config['assetsversionnumber'] = '45';
 return $config;
 
 ?>

application/controllers/AdminController.php

@@ -30,6 +30,7 @@ protected function _init()
         $this->_sessioncontrol();
 
         $this->user_id = Yii::app()->user->getId();
+
         if (!Yii::app()->getConfig("surveyid")) {Yii::app()->setConfig("surveyid", returnGlobal('sid'));}         //SurveyID
         if (!Yii::app()->getConfig("ugid")) {Yii::app()->setConfig("ugid", returnGlobal('ugid'));}                //Usergroup-ID
         if (!Yii::app()->getConfig("gid")) {Yii::app()->setConfig("gid", returnGlobal('gid'));}                   //GroupID
@@ -88,7 +89,7 @@ public function error($message, $sURL = array())
 
         $this->_getAdminFooter('http://manual.limesurvey.org', gT('LimeSurvey online manual'));
 
-        die;
+        Yii::app()->end();
     }
     /**
     * Load and set session vars
@@ -152,6 +153,14 @@ public function run($action)
 
                 App()->user->setReturnUrl(App()->request->requestUri);
 
+                // If this is an ajax call, don't redirect, but echo login modal instead
+                $isAjax = isset($_GET['ajax']) && $_GET['ajax'];
+                if ($isAjax && Yii::app()->user->getIsGuest()) {
+                    Yii::import('application.helpers.admin.ajax_helper', true);
+                    ls\ajax\AjaxHelper::outputNotLoggedIn();
+                    return;
+                }
+
                 $this->redirect(array('/admin/authentication/sa/login'));
             }
             elseif (!empty($this->user_id)  && $action != "remotecontrol")
@@ -312,7 +321,6 @@ public function _getAdminHeader($meta = false, $return = false)
                 //$filename = str_replace('.css', '-rtl.css', $filename);
             //}
 
-        //echo '<pre>'; var_dump($aData); echo '</pre>';die;
         $sOutput = $this->renderPartial("/admin/super/header", $aData, true);
 
         if ($return)

application/controllers/InstallerController.php

@@ -41,7 +41,7 @@ class InstallerController extends CController {
     *
     * @access public
     * @param string $action
-    * @return bool
+    * @return boolean|null
     */
     public function run($action = 'index')
     {
@@ -709,9 +709,7 @@ private function stepOptionalConfiguration()
                     return;
                 }
             } else {
-                // if passwords don't match, redirect to proper link.
-                Yii::app()->session['optconfig_message'] = sprintf('<b>%s</b>', gT("Passwords don't match."));
-                $this->redirect(array('installer/optional'));
+                unset($aData['confirmation']);
             }
         } elseif(empty(Yii::app()->session['configFileWritten'])) {
             $this->_writeConfigFile();
@@ -736,7 +734,6 @@ public function loadHelper($helper)
     * Loads a library
     *
     * @access public
-    * @param string $helper
     * @return void
     */
     public function loadLibrary($library)
@@ -747,7 +744,6 @@ public function loadLibrary($library)
     /**
     * check requirements
     *
-    * @param array $data return theme variables
     * @return bool requirements met
     */
     private function _check_requirements(&$aData)
@@ -774,6 +770,9 @@ function check_HTML_image($result)
         }
 
 
+        /**
+         * @param string $sDirectory
+         */
         function is_writable_recursive($sDirectory)
         {
             $sFolder = opendir($sDirectory);
@@ -792,8 +791,8 @@ function is_writable_recursive($sDirectory)
         /**
         * check for a specific PHPFunction, return HTML image
         *
-        * @param string $function
-        * @param string $image return
+        * @param string $sFunctionName
+        * @param string $sImage return
         * @return bool result
         */
         function check_PHPFunction($sFunctionName, &$sImage)
@@ -808,9 +807,9 @@ function check_PHPFunction($sFunctionName, &$sImage)
         *
         * @param string $path file or directory to check
         * @param int $type 0:undefined (invalid), 1:file, 2:directory
-        * @param string $data to manipulate
         * @param string $base key for data manipulation
         * @param string $keyError key for error data
+        * @param string $aData
         * @return bool result of check (that it is writeable which implies existance)
         */
         function check_PathWriteable($path, $type, &$aData, $base, $keyError, $bRecursive=false)
@@ -935,13 +934,16 @@ function check_DirectoryWriteable($directory, &$data, $base, $keyError, $bRecurs
         // imap php library check
         check_PHPFunction('imap_open', $aData['bIMAPPresent']);
 
+        // Silently check some default PHP extensions
+        $this->checkDefaultExtensions();
+
         return $bProceed;
     }
 
     /**
     * Installer::_setup_tables()
     * Function that actually modify the database. Read $sqlfile and execute it.
-    * @param string $sqlfile
+    * @param string $sFileName
     * @return  Empty string if everything was okay - otherwise the error messages
     */
     function _setup_tables($sFileName, $aDbConfig = array(), $sDatabasePrefix = '')
@@ -1177,6 +1179,7 @@ function _getRandomString()
     *
     * @param string $sDatabaseType
     * @param string $sDatabasePort
+    * @return string
     */
     function _getDsn($sDatabaseType, $sDatabaseLocation, $sDatabasePort, $sDatabaseName, $sDatabaseUser, $sDatabasePwd)
     {
@@ -1367,4 +1370,28 @@ private function dbTest($aDbConfig = array(), $aData = array())
 
         return true;
     }
+
+    /**
+     * Contains a number of extensions that can be expected
+     * to be installed by default, but maybe not on BSD systems etc.
+     * Check them silently and die if they are missing.
+     * @return void
+     */
+    private function checkDefaultExtensions()
+    {
+        $extensions = array(
+            'simplexml',
+            'filter',
+            'ctype',
+            'session',
+            'hash'
+        );
+
+        foreach ($extensions as $extension) {
+            if (!extension_loaded($extension)) {
+                die('You\'re missing default PHP extension ' . $extension);
+            }
+        }
+
+    }
 }

application/controllers/PluginsController.php

@@ -114,7 +114,7 @@ public function actionConfigure($id)
         if (empty($aSettings))
         {
             // And show a message
-            Yii::app()->user->setFlash('pluginmanager', gT('This plugin has no settings'));
+            Yii::app()->user->setFlash('pluginmanager', gT('This plugin has no settings.'));
             $this->redirect('plugins/index', true);
         }