From deacd668538a626e5267500f5c23ae27fc06fd01 Mon Sep 17 00:00:00 2001
From: Carsten Schmitz <c_schmitz@users.sourceforge.net>
Date: Tue, 20 May 2014 12:52:07 +0200
Subject: [PATCH] Fixed issue #9042: CSS vulnerability in 'Resume later' save
 screen

---
 application/libraries/Save.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/application/libraries/Save.php b/application/libraries/Save.php
index 9ef45072a81..f171d775141 100644
--- a/application/libraries/Save.php
+++ b/application/libraries/Save.php
@@ -83,7 +83,7 @@ function showsaveform()
         //END
         echo "<input type='hidden' name='sid' value='$surveyid' />\n";
         echo "<input type='hidden' name='thisstep' value='$thisstep' />\n";
-        echo "<input type='hidden' name='token' value='$clienttoken' />\n";
+        echo CHtml::hiddenField('token',$clienttoken)."\n";
         echo "<input type='hidden' name='saveprompt' value='Y' />\n";
         echo "</form>";
 
@@ -201,7 +201,7 @@ function savedcontrol()
                 $message .= $clang->gT("Password").": ".$_POST['savepass']."\n\n";
                 $message .= $clang->gT("Reload your survey by clicking on the following link (or pasting it into your browser):")."\n";
                 $message .= Yii::app()->getController()->createAbsoluteUrl("/survey/index/sid/{$surveyid}/loadall/reload/scid/{$scid}/loadname/".rawurlencode ($_POST['savename'])."/loadpass/".rawurlencode ($_POST['savepass'])."/lang/".rawurlencode ($clang->langcode));
-                if ($clienttoken) $message .= "/token/{$clienttoken}";
+                if ($clienttoken) $message .= "/token/".rawurlencode($clienttoken);
 
                 $from="{$thissurvey['adminname']} <{$thissurvey['adminemail']}>";
                 if (SendEmailMessage($message, $subject, $_POST['saveemail'], $from, $sitename, false, getBounceEmail($surveyid)))