Dev: hardened the surveymenu settings against misuse

LimeSurvey · Jul 19, 2017 · d6ce138 · d6ce138
1 parent b9fe83c
commit d6ce138
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/application/models/Surveymenu.php b/application/models/Surveymenu.php
@@ -300,8 +300,11 @@ public function search()
 		$criteria=new CDbCriteria;
 
 		//Don't show main menu when not superadmin
-		if(!Permission::model()->hasGlobalPermission('superadmin','read'))
+		if(Yii::app()->getConfig('demoMode') || !Permission::model()->hasGlobalPermission('superadmin','read'))
+		{
 			$criteria->compare('id','<> 1');
+			$criteria->compare('id','<> 2');
+		}
 
 		$criteria->compare('id',$this->id);
 		$criteria->compare('parent_id',$this->parent_id);

diff --git a/application/models/SurveymenuEntries.php b/application/models/SurveymenuEntries.php
@@ -287,8 +287,11 @@ public function search()
 		$criteria=new CDbCriteria;
 
 		//Don't show main menu when not superadmin
-		if(!Permission::model()->hasGlobalPermission('superadmin','read'))
+		if(Yii::app()->getConfig('demoMode') || !Permission::model()->hasGlobalPermission('superadmin','read'))
+		{
 			$criteria->compare('menu_id','<> 1');
+			$criteria->compare('menu_id','<> 2');
+		}
 
 		$criteria->compare('id',$this->id);
 		$criteria->compare('menu_id',$this->menu_id);