Fixed issue #6703: No xssfilter in langage settings

Dev: use save() to use models/rules Dev: Add a isUrl parameter for models/rules
LimeSurvey · Oct 18, 2012 · f1c2414 · f1c2414
1 parent 8ae5edd
commit f1c2414
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 39 deletions.
diff --git a/application/controllers/admin/database.php b/application/controllers/admin/database.php
@@ -947,8 +947,10 @@ function index($sa = null)
                     'surveyls_dateformat' => Yii::app()->request->getPost('dateformat_'.$langname),
                     'surveyls_numberformat' => Yii::app()->request->getPost('numberformat_'.$langname)
                     );
+                    $Surveys_languagesettings=Surveys_languagesettings::model()->findByPk(array('surveyls_survey_id'=>$postsid, 'surveyls_language'=>$langname));
+                    $Surveys_languagesettings->attributes=$data;
+                    $Surveys_languagesettings->save(); // save the change to database
 
-                    Surveys_languagesettings::model()->updateByPk(array('surveyls_survey_id'=>$postsid, 'surveyls_language'=>$langname), $data);
                 }
             }
             Yii::app()->session['flashmessage'] = $clang->gT("Survey text elements successfully saved.");

diff --git a/application/core/LSYii_Validators.php b/application/core/LSYii_Validators.php
@@ -19,6 +19,11 @@ class LSYii_Validators extends CValidator {
     * @var boolean
     */
     public $xssfilter=true;
+    /**
+    * Filter attribute for url
+    * @var boolean
+    */
+    public $isUrl=false;
 
     public function __construct()
     {
@@ -31,6 +36,10 @@ protected function validateAttribute($object,$attribute)
         {
             $object->$attribute=$this->xssFilter($object->$attribute);
         }
+        if($this->isUrl)
+        {
+            if ($object->$attribute== 'http://' || $object->$attribute=='https://') {$object->$attribute="";}
+        }
     }
 
     /**

diff --git a/application/models/Surveys_languagesettings.php b/application/models/Surveys_languagesettings.php
@@ -84,25 +84,26 @@ public function rules()
             array('email_admin_responses_subj','lsdefault'),
             array('email_admin_responses','lsdefault'),
 
-            array('surveyls_email_invite_subj','xssfilter'),
-            array('surveyls_email_invite','xssfilter'),
-            array('surveyls_email_remind_subj','xssfilter'),
-            array('surveyls_email_remind','xssfilter'),
-            array('surveyls_email_confirm_subj','xssfilter'),
-            array('surveyls_email_confirm','xssfilter'),
-            array('surveyls_email_register_subj','xssfilter'),
-            array('surveyls_email_register','xssfilter'),
-            array('email_admin_notification_subj','xssfilter'),
-            array('email_admin_notification','xssfilter'),
-            array('email_admin_responses_subj','xssfilter'),
-            array('email_admin_responses','xssfilter'),
+            array('surveyls_email_invite_subj','LSYii_Validators'),
+            array('surveyls_email_invite','LSYii_Validators'),
+            array('surveyls_email_remind_subj','LSYii_Validators'),
+            array('surveyls_email_remind','LSYii_Validators'),
+            array('surveyls_email_confirm_subj','LSYii_Validators'),
+            array('surveyls_email_confirm','LSYii_Validators'),
+            array('surveyls_email_register_subj','LSYii_Validators'),
+            array('surveyls_email_register','LSYii_Validators'),
+            array('email_admin_notification_subj','LSYii_Validators'),
+            array('email_admin_notification','LSYii_Validators'),
+            array('email_admin_responses_subj','LSYii_Validators'),
+            array('email_admin_responses','LSYii_Validators'),
+
+            array('surveyls_title','LSYii_Validators'),
+            array('surveyls_description','LSYii_Validators'),
+            array('surveyls_welcometext','LSYii_Validators'),
+            array('surveyls_endtext','LSYii_Validators'),
+            array('surveyls_url','LSYii_Validators','isUrl'=>true),
+            array('surveyls_urldescription','LSYii_Validators'),
 
-            array('surveyls_title','xssfilter'),
-            array('surveyls_description','xssfilter'),
-            array('surveyls_welcometext','xssfilter'),
-            array('surveyls_endtext','xssfilter'),
-            array('surveyls_urldescription','xssfilter'),
-
             array('surveyls_dateformat', 'numerical', 'integerOnly'=>true, 'min'=>'1', 'max'=>'12', 'allowEmpty'=>true), 
             array('surveyls_numberformat', 'numerical', 'integerOnly'=>true, 'min'=>'0', 'max'=>'1', 'allowEmpty'=>true), 
         );
@@ -142,26 +143,6 @@ public function lsdefault($attribute,$params)
     }
 
 
-    /**
-    * Defines the customs validation rule xssfilter
-    *
-    * @param mixed $attribute
-    * @param mixed $params
-    */
-    public function xssfilter($attribute,$params)
-    {
-        if(Yii::app()->getConfig('filterxsshtml') && Yii::app()->session['USER_RIGHT_SUPERADMIN'] != 1)
-        {
-            $filter = new CHtmlPurifier();
-            $filter->options = array('URI.AllowedSchemes'=>array(
-            'http' => true,
-            'https' => true,
-            ));
-            $this->$attribute = $filter->purify($this->$attribute);
-        }
-    }
-
-
     /**
      * Returns the token's captions
      *