diff --git a/application/config/lsconfig.php b/application/config/lsconfig.php
index e5acbacd12b..46ea1358db6 100644
--- a/application/config/lsconfig.php
+++ b/application/config/lsconfig.php
@@ -528,7 +528,7 @@
$config['publicdir'] = $config['rootdir']; // The directory path of the public scripts
-$config['homedir'] = $config['rootdir'].DIRECTORY_SEPARATOR."admin"; // The directory path of the admin scripts
+$config['homedir'] = $config['rootdir']; // The directory path of the admin scripts
$config['tempdir'] = $config['rootdir'].DIRECTORY_SEPARATOR."tmp"; // The directory path where LimeSurvey can store temporary files
$config['imagedir'] = $config['rootdir'].DIRECTORY_SEPARATOR."images"; // The directory path of the image directory
$config['uploaddir'] = $config['rootdir'].DIRECTORY_SEPARATOR."upload";
diff --git a/application/controllers/admin/database.php b/application/controllers/admin/database.php
index c6f73efdc4f..b99409def7c 100644
--- a/application/controllers/admin/database.php
+++ b/application/controllers/admin/database.php
@@ -22,18 +22,12 @@
* @version $Id: database.php 11349 2011-11-09 21:49:00Z tpartner $
* @access public
*/
-class Database extends Admin_Controller {
-
-
- /**
- * Database::__construct()
- * Constructor
- * @return
- */
- function __construct()
- {
- parent::__construct();
- }
+class database extends Survey_Common_Action
+{
+ public function run($sa = null)
+ {
+ $this->route('index', array('sa'));
+ }
/**
* Database::index()
@@ -43,20 +37,19 @@ function __construct()
*/
function index($action=null)
{
-
- $clang = $this->limesurvey_lang;
+ $clang = $this->controller->lang;
$postsid=returnglobal('sid');
$postgid=returnglobal('gid');
$postqid=returnglobal('qid');
$postqaid=returnglobal('qaid');
$databaseoutput = '';
- $surveyid = $this->input->post("sid");
- $gid = $this->input->post("gid");
- $qid = $this->input->post("qid");
+ $surveyid = returnglobal('sid');
+ $gid = returnglobal('gid');
+ $qid = returnglobal('qid');
// if $action is not passed, check post data.
if (!$action)
{
- $action = $this->input->post("action");
+ $action = $_POST['action'];
}
if ($action == "updatedefaultvalues" && bHasSurveyPermission($surveyid, 'surveycontent','update'))
@@ -381,7 +374,6 @@ function index($action=null)
if ($action == "insertquestion" && bHasSurveyPermission($surveyid, 'surveycontent','create'))
{
- $_POST = $this->input->post();
$baselang = GetBaseLanguageFromSurveyID($surveyid);
if (strlen($_POST['title']) < 1)
{
@@ -391,8 +383,6 @@ function index($action=null)
}
else
{
- $this->load->helper('database');
-
if (!isset($_POST['lid']) || $_POST['lid'] == '') {$_POST['lid']="0";}
if (!isset($_POST['lid1']) || $_POST['lid1'] == '') {$_POST['lid1']="0";}
if(!empty($_POST['questionposition']) || $_POST['questionposition'] == '0')
@@ -400,53 +390,54 @@ function index($action=null)
//Bug Fix: remove +1 -> $question_order=(sanitize_int($_POST['questionposition'])+1);
$question_order=(sanitize_int($_POST['questionposition']));
//Need to renumber all questions on or after this
- $cdquery = "UPDATE ".$this->db->dbprefix."questions SET question_order=question_order+1 WHERE gid=".$gid." AND question_order >= ".$question_order;
- $cdresult=db_execute_assoc($cdquery); // or safe_die($connect->ErrorMsg()); // Checked)
+ $cdquery = "UPDATE {{questions}} SET question_order=question_order+1 WHERE gid=".$gid." AND question_order >= ".$question_order;
+ $cdresult=Yii::app()->db->createCommand($cdquery)->execute(); // or safe_die($connect->ErrorMsg()); // Checked)
} else {
$question_order=(getMaxquestionorder($gid,$surveyid));
$question_order++;
}
- if ($this->config->item('filterxsshtml'))
- {
- $_POST['title']=$this->security->xss_clean($_POST['title']);
- $_POST['question_'.$baselang]=$this->security->xss_clean($_POST['question_'.$baselang]);
- $_POST['help_'.$baselang]=$this->security->xss_clean($_POST['help_'.$baselang]);
- }
- else
- {
- $_POST['title'] = html_entity_decode($_POST['title'], ENT_QUOTES, "UTF-8");
- $_POST['question_'.$baselang] = html_entity_decode($_POST['question_'.$baselang], ENT_QUOTES, "UTF-8");
- $_POST['help_'.$baselang] = html_entity_decode($_POST['help_'.$baselang], ENT_QUOTES, "UTF-8");
- }
+ $_POST['title'] = html_entity_decode($_POST['title'], ENT_QUOTES, "UTF-8");
+ $_POST['question_'.$baselang] = html_entity_decode($_POST['question_'.$baselang], ENT_QUOTES, "UTF-8");
+ $_POST['help_'.$baselang] = html_entity_decode($_POST['help_'.$baselang], ENT_QUOTES, "UTF-8");
- // Fix bug with FCKEditor saving strange BR types
- $_POST['title']=fix_FCKeditor_text($_POST['title']);
- $_POST['question_'.$baselang]=fix_FCKeditor_text($_POST['question_'.$baselang]);
- $_POST['help_'.$baselang]=fix_FCKeditor_text($_POST['help_'.$baselang]);
+ $purifier = new CHtmlPurifier();
+ // Fix bug with FCKEditor saving strange BR types
+ if (Yii::app()->getConfig('filterxsshtml'))
+ {
+ $_POST['title']=$purifier->purify($_POST['title']);
+ $_POST['question_'.$baselang]=$purifier->purify($_POST['question_'.$baselang]);
+ $_POST['help_'.$baselang]=$purifier->purify($_POST['help_'.$baselang]);
+ }
+ else
+ {
+ $_POST['title']=fix_FCKeditor_text($_POST['title']);
+ $_POST['question_'.$baselang]=fix_FCKeditor_text($_POST['question_'.$baselang]);
+ $_POST['help_'.$baselang]=fix_FCKeditor_text($_POST['help_'.$baselang]);
+ }
//$_POST = array_map('db_quote', $_POST);
$data = array();
$data = array(
- 'sid' => $surveyid,
- 'gid' => $gid,
- 'type' => $_POST['type'],
- 'title' => $_POST['title'],
- 'question' => $_POST['question_'.$baselang],
- 'preg' => $_POST['preg'],
- 'help' => $_POST['help_'.$baselang],
- 'other' => $_POST['other'],
- 'mandatory' => $_POST['mandatory'],
- 'question_order' => $question_order,
- 'language' => $baselang
-
-
-
+ 'sid' => $surveyid,
+ 'gid' => $gid,
+ 'type' => $_POST['type'],
+ 'title' => $_POST['title'],
+ 'question' => $_POST['question_'.$baselang],
+ 'preg' => $_POST['preg'],
+ 'help' => $_POST['help_'.$baselang],
+ 'other' => $_POST['other'],
+ 'mandatory' => $_POST['mandatory'],
+ 'question_order' => $question_order,
+ 'language' => $baselang
);
- $this->load->model("questions_model");
- $result = $this->questions_model->insertRecords($data);
+ $question = new Questions;
+ foreach ($data as $k => $v)
+ $question->$k = $v;
+ $result = $question->save();
+
/**
$query = "INSERT INTO ".db_table_name('questions')." (sid, gid, type, title, question, preg, help, other, mandatory, question_order, language)"
." VALUES ('{$postsid}', '{$postgid}', '{$_POST['type']}', '{$_POST['title']}',"
@@ -454,7 +445,7 @@ function index($action=null)
*/
//$result = $connect->Execute($query); // Checked
// Get the last inserted questionid for other languages
- $qid=$this->db->insert_id(); //$connect->Insert_ID(db_table_name_nq('questions'),"qid");
+ $qid=Yii::app()->db->getLastInsertID(); //$connect->Insert_ID(db_table_name_nq('questions'),"qid");
// Add other languages
if ($result)
@@ -464,28 +455,25 @@ function index($action=null)
{
if ($alang != "")
{
- db_switchIDInsert('questions',true);
-
$data = array(
- 'qid' => $qid,
- 'sid' => $surveyid,
- 'gid' => $gid,
- 'type' => $_POST['type'],
- 'title' => $_POST['title'],
- 'question' => $_POST['question_'.$alang],
- 'preg' => $_POST['preg'],
- 'help' => $_POST['help_'.$alang],
- 'other' => $_POST['other'],
- 'mandatory' => $_POST['mandatory'],
- 'question_order' => $question_order,
- 'language' => $alang
-
-
-
+ 'qid' => $qid,
+ 'sid' => $surveyid,
+ 'gid' => $gid,
+ 'type' => $_POST['type'],
+ 'title' => $_POST['title'],
+ 'question' => $_POST['question_'.$alang],
+ 'preg' => $_POST['preg'],
+ 'help' => $_POST['help_'.$alang],
+ 'other' => $_POST['other'],
+ 'mandatory' => $_POST['mandatory'],
+ 'question_order' => $question_order,
+ 'language' => $alang
);
+ $ques = new Questions;
+ foreach ($data as $k => $v)
+ $ques->$k = $v;
+ $result2 = $ques->save();
- $this->load->model("questions_model");
- $result2 = $this->questions_model->insertRecords($data);
/**
$query = "INSERT INTO ".db_table_name('questions')." (qid, sid, gid, type, title, question, preg, help, other, mandatory, question_order, language)"
." VALUES ('$qid','{$postsid}', '{$postgid}', '{$_POST['type']}', '{$_POST['title']}',"
@@ -496,7 +484,6 @@ function index($action=null)
$databaseoutput .= "\n";
}
- db_switchIDInsert('questions',false);
}
}
}
@@ -516,15 +503,15 @@ function index($action=null)
{
$data = array();
$data = array(
- 'qid' => $qid,
- 'value' => $_POST[$validAttribute['name']],
- 'attribute' => $validAttribute['name']
-
+ 'qid' => $qid,
+ 'value' => $_POST[$validAttribute['name']],
+ 'attribute' => $validAttribute['name']
);
-
- $this->load->model("question_attributes_model");
- $result = $this->question_attributes_model->insertRecords($data);
+ $attr = new Question_attributes;
+ foreach ($data as $k => $v)
+ $attr->$k = $v;
+ $result = $attr->save();
/**$query = "INSERT into ".db_table_name('question_attributes')."
(qid, value, attribute) values ($qid,'".db_quote($_POST[$validAttribute['name']])."','{$validAttribute['name']}')";
$result = $connect->Execute($query) or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked */
@@ -533,7 +520,7 @@ function index($action=null)
}
fixsortorderQuestions($gid, $surveyid);
- $this->session->set_userdata('flashmessage', $clang->gT("Question was successfully added."));
+ Yii::app()->session['flashmessage'] = $clang->gT("Question was successfully added.");
//include("surveytable_functions.php");
//surveyFixColumns($surveyid);
@@ -545,25 +532,22 @@ function index($action=null)
}
else
{
- redirect(site_url('admin/survey/view/'.$surveyid.'/'.$gid.'/'.$qid));
+ $this->controller->redirect($this->controller->createUrl('admin/survey/sa/view/surveyid/'.$surveyid.'/gid/'.$gid.'/qid/'.$qid));
}
}
if ($action == "updatequestion" && bHasSurveyPermission($surveyid, 'surveycontent','update'))
{
- $_POST = $this->input->post();
- $this->load->helper('database');
-
-
- $cqquery = "SELECT type, gid FROM ".$this->db->dbprefix."questions WHERE qid={$qid}";
- $cqresult=db_execute_assoc($cqquery); // or safe_die ("Couldn't get question type to check for change
".$cqquery."
".$connect->ErrorMsg()); // Checked
- $cqr=$cqresult->row_array();
+ Yii::app()->loadHelper('expressions/em_manager');
+ $cqquery = "SELECT type, gid FROM {{questions}} WHERE qid={$qid}";
+ $cqresult=Yii::app()->db->createCommand($cqquery)->query(); // or safe_die ("Couldn't get question type to check for change
".$cqquery."
".$connect->ErrorMsg()); // Checked
+ $cqr=$cqresult->read();
$oldtype=$cqr['type'];
$oldgid=$cqr['gid'];
// Remove invalid question attributes on saving
$qattributes=questionAttributes();
- $attsql="delete from ".$this->db->dbprefix."question_attributes where qid='{$qid}' and ";
+ $attsql="delete from {{question_attributes}} where qid='{$qid}' and ";
if (isset($qattributes[$_POST['type']])){
$validAttributes=$qattributes[$_POST['type']];
foreach ($validAttributes as $validAttribute)
@@ -573,7 +557,7 @@ function index($action=null)
}
}
$attsql.='1=1';
- db_execute_assoc($attsql); // or safe_die ("Couldn't delete obsolete question attributes
".$attsql."
".$connect->ErrorMsg()); // Checked
+ Yii::app()->db->createCommand($attsql)->execute(); // or safe_die ("Couldn't delete obsolete question attributes
".$attsql."
".$connect->ErrorMsg()); // Checked
$aLanguages=array_merge(array(GetBaseLanguageFromSurveyID($surveyid)),GetAdditionalLanguagesFromSurveyID($surveyid));
@@ -593,21 +577,21 @@ function index($action=null)
{
if (isset($_POST[$validAttribute['name'].'_'.$sLanguage]))
{
- $value=$this->db->escape($_POST[$validAttribute['name'].'_'.$sLanguage]);
- $query = "select qaid from ".$this->db->dbprefix."question_attributes
+ $value=sanatize_paranoid_string($_POST[$validAttribute['name'].'_'.$sLanguage]);
+ $query = "select qaid from {{question_attributes}}
WHERE attribute='".$validAttribute['name']."' AND qid={$qid} AND language='{$sLanguage}'";
- $result = db_execute_assoc($query); // or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked
- if ($result->num_rows()>0)
+ $result = Yii::app()->db->createCommand($query)->query(); // or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked
+ if ($result->getRowCount()>0)
{
- $query = "UPDATE ".$this->db->dbprefix."question_attributes
+ $query = "UPDATE {{question_attributes}}
SET value=".$value." WHERE attribute='".$validAttribute['name']."' AND qid={$qid} AND language='{$sLanguage}'";
- $result = db_execute_assoc($query) ; // or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked
+ $result = Yii::app()->db->createCommand($query)->execute() ; // or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked
}
else
{
- $query = "INSERT into ".$this->db->dbprefix."question_attributes
+ $query = "INSERT into {{question_attributes}}
(qid, value, attribute, language) values ({$qid},{$value},'{$validAttribute['name']}','{$sLanguage}')";
- $result = db_execute_assoc($query); // or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked
+ $result = Yii::app()->db->createCommand($query)->execute(); // or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked
}
}
}
@@ -616,21 +600,21 @@ function index($action=null)
{
if (isset($_POST[$validAttribute['name']]))
{
- $query = "select qaid from ".$this->db->dbprefix."question_attributes
+ $query = "select qaid from {{question_attributes}}
WHERE attribute='".$validAttribute['name']."' AND qid=".$qid;
- $result = db_execute_assoc($query); // or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked
- $value = $this->db->escape($_POST[$validAttribute['name']]);
- if ($result->num_rows()>0)
+ $result = Yii::app()->db->createCommand($query)->query(); // or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked
+ $value = sanitize_string_paranoid($_POST[$validAttribute['name']]);
+ if ($result->getRowCount()>0)
{
- $query = "UPDATE ".$this->db->dbprefix."question_attributes
+ $query = "UPDATE {{question_attributes}}
SET value=".$value.",language=NULL WHERE attribute='".$validAttribute['name']."' AND qid=".$qid;
- $result = db_execute_assoc($query) ; // or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked
+ $result = Yii::app()->db->createCommand($query)->execute() ; // or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked
}
else
{
- $query = "INSERT into ".$this->db->dbprefix."question_attributes
+ $query = "INSERT into {{question_attributes}}
(qid, value, attribute) values ($qid,$value,'{$validAttribute['name']}')";
- $result = db_execute_assoc($query); // or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked
+ $result = Yii::app()->db->createCommand($query)->execute(); // or safe_die("Error updating attribute value
".$query."
".$connect->ErrorMsg()); // Checked
}
}
}
@@ -694,29 +678,26 @@ function index($action=null)
$questlangs = GetAdditionalLanguagesFromSurveyID($surveyid);
$baselang = GetBaseLanguageFromSurveyID($surveyid);
array_push($questlangs,$baselang);
- if ($this->config->item('filterxsshtml'))
- {
- $_POST['title']=$this->security->xss_clean($_POST['title']);
- }
- else
- {
- $_POST['title'] = html_entity_decode($_POST['title'], ENT_QUOTES, "UTF-8");
- }
+ $p = new CHtmlPurifier();
+ if (Yii::app()->getConfig('filterxsshtml'))
+ $_POST['title'] = $p->purify($_POST['title']);
+ else
+ $_POST['title'] = html_entity_decode($_POST['title'], ENT_QUOTES, "UTF-8");
+
// Fix bug with FCKEditor saving strange BR types
$_POST['title']=fix_FCKeditor_text($_POST['title']);
- $this->load->model('questions_model');
foreach ($questlangs as $qlang)
{
- if ($this->config->item('filterxsshtml'))
- {
- $_POST['question_'.$qlang]=$this->security->xss_clean($_POST['question_'.$qlang]);
- $_POST['help_'.$qlang]=$this->security->xss_clean($_POST['help_'.$qlang]);
- }
- else
- {
- $_POST['question_'.$qlang] = html_entity_decode($_POST['question_'.$qlang], ENT_QUOTES, "UTF-8");
- $_POST['help_'.$qlang] = html_entity_decode($_POST['help_'.$qlang], ENT_QUOTES, "UTF-8");
- }
+ if (Yii::app()->getConfig('filterxsshtml'))
+ {
+ $_POST['question_'.$qlang] = $p->purify($_POST['question_'.$qlang]);
+ $_POST['help_'.$qlang] = $p->purify($_POST['help_'.$qlang]);
+ }
+ else
+ {
+ $_POST['question_'.$qlang] = html_entity_decode($_POST['question_'.$qlang], ENT_QUOTES, "UTF-8");
+ $_POST['help_'.$qlang] = html_entity_decode($_POST['help_'.$qlang], ENT_QUOTES, "UTF-8");
+ }
// Fix bug with FCKEditor saving strange BR types
$_POST['question_'.$qlang]=fix_FCKeditor_text($_POST['question_'.$qlang]);
@@ -726,15 +707,15 @@ function index($action=null)
{ // ToDo: Sanitize the POST variables !
$udata = array(
- 'type' => $_POST['type'],
- 'title' => $_POST['title'],
- 'question' => $_POST['question_'.$qlang],
- 'preg' => $_POST['preg'],
- 'help' => $_POST['help_'.$qlang],
- 'gid' => $gid,
- 'other' => $_POST['other'],
- 'mandatory' => $_POST['mandatory'],
- 'relevance' => $_POST['relevance'],
+ 'type' => $_POST['type'],
+ 'title' => $_POST['title'],
+ 'question' => $_POST['question_'.$qlang],
+ 'preg' => $_POST['preg'],
+ 'help' => $_POST['help_'.$qlang],
+ 'gid' => $gid,
+ 'other' => $_POST['other'],
+ 'mandatory' => $_POST['mandatory'],
+ 'relevance' => $_POST['relevance'],
);
if ($oldgid!=$gid)
@@ -759,7 +740,11 @@ function index($action=null)
}
}
$condn = array('sid' => $surveyid, 'qid' => $qid, 'language' => $qlang);
- $uqresult = $this->questions_model->update($udata,$condn); //($uqquery); // or safe_die ("Error Update Question: ".$uqquery."
".$connect->ErrorMsg()); // Checked)
+ $question = Questions::model()->findByAttributes($condn);
+ foreach ($udata as $k => $v)
+ $question->$k = $v;
+
+ $uqresult = $question->save();//($uqquery); // or safe_die ("Error Update Question: ".$uqquery."
".$connect->ErrorMsg()); // Checked)
if (!$uqresult)
{
$databaseoutput .= "\n";
@@ -771,8 +756,8 @@ function index($action=null)
// Update the group ID on subquestions, too
if ($oldgid!=$gid)
{
- $sQuery="UPDATE ".$this->db->dbprefix."questions set gid={$gid} where gid={$oldgid} and parent_qid>0";
- $oResult = db_execute_assoc($sQuery); // or safe_die ("Error updating question group ID: ".$uqquery."
".$connect->ErrorMsg()); // Checked
+ $sQuery="UPDATE {{questions}} set gid={$gid} where gid={$oldgid} and parent_qid>0";
+ $oResult = Yii::app()->db->createCommand($sQuery)->execute(); // or safe_die ("Error updating question group ID: ".$uqquery."
".$connect->ErrorMsg()); // Checked
// if the group has changed then fix the sortorder of old and new group
fixsortorderQuestions($oldgid, $surveyid);
fixsortorderQuestions($gid, $surveyid);
@@ -782,18 +767,16 @@ function index($action=null)
}
if ($oldtype != $_POST['type'])
{
- $sQuery="UPDATE ".$this->db->dbprefix."questions set type=".$this->db->escape($_POST['type'])." where parent_qid={$qid}";
- $oResult = db_execute_assoc($sQuery); // or safe_die ("Error updating question group ID: ".$uqquery."
".$connect->ErrorMsg()); // Checked
+ $sQuery="UPDATE {{questions}} set type=".sanitize_paranoid_string($_POST['type'])." where parent_qid={$qid}";
+ $oResult = Yii::app()->db->createCommand($sQuery)->execute(); // or safe_die ("Error updating question group ID: ".$uqquery."
".$connect->ErrorMsg()); // Checked
}
- $query = "DELETE FROM ".$this->db->dbprefix."answers WHERE qid= {$qid} and scale_id>={$iAnswerScales}";
- $result = db_execute_assoc($query); // or safe_die("Error: ".$connect->ErrorMsg()); // Checked
+ $query = "DELETE FROM {{answers}} WHERE qid= {$qid} and scale_id>={$iAnswerScales}";
+ $result = Yii::app()->db->createCommand($query)->execute(); // or safe_die("Error: ".$connect->ErrorMsg()); // Checked
// Remove old subquestion scales
- $query = "DELETE FROM ".$this->db->dbprefix."questions WHERE parent_qid={$qid} and scale_id>={$iSubquestionScales}";
- $result = db_execute_assoc($query) ; //or safe_die("Error: ".$connect->ErrorMsg()); // Checked
- $this->session->set_userdata('flashmessage',$clang->gT("Question was successfully saved."));
-
+ $query = "DELETE FROM {{questions}} WHERE parent_qid={$qid} and scale_id>={$iSubquestionScales}";
+ $result = Yii::app()->db->createCommand($query)->execute() ; //or safe_die("Error: ".$connect->ErrorMsg()); // Checked
}
else
@@ -842,7 +825,7 @@ function index($action=null)
}
else
{
- redirect(site_url('admin/survey/view/'.$surveyid.'/'.$gid.'/'.$qid));
+ $this->controller->redirect($this->controller->createUrl('admin/survey/view/surveyid/'.$surveyid.'/gid/'.$gid.'/qid/'.$qid));
}
}
diff --git a/application/controllers/admin/export.php b/application/controllers/admin/export.php
index c3e1998d30b..fb68167c15e 100644
--- a/application/controllers/admin/export.php
+++ b/application/controllers/admin/export.php
@@ -48,6 +48,8 @@ public function run($sa)
$this->route('showquexmlsurvey', array('surveyid', 'lang'));
elseif ($sa == 'exportspss')
$this->route('exportspss', array('sid', 'lang'));
+ elseif ($sa == 'dumplabel')
+ $this->route('dumplabel', array('lid'));
elseif ($sa == 'exportr')
$this->route('exportr', array('sid', 'subaction'));
}
@@ -1264,13 +1266,12 @@ function dumplabel($lid=null)
$xml->startDocument('1.0', 'UTF-8');
$xml->startElement('document');
$xml->writeElement('LimeSurveyDocType','Label set');
- $xml->writeElement('DBVersion',$this->config->item("dbversionnumber"));
+ $xml->writeElement('DBVersion',getGlobalSetting("DBVersion"));
// Label sets table
- $dbprefix = $this->db->dbprefix;
- $lsquery = "SELECT * FROM {$dbprefix}labelsets WHERE lid=".implode(' or lid=',$lids);
+ $lsquery = "SELECT * FROM {{labelsets}} WHERE lid=".implode(' or lid=',$lids);
BuildXMLFromQuery($xml,$lsquery,'labelsets');
// Labels
- $lquery = "SELECT lid, code, title, sortorder, language, assessment_value FROM {$dbprefix}labels WHERE lid=".implode(' or lid=',$lids);
+ $lquery = "SELECT lid, code, title, sortorder, language, assessment_value FROM {{labels}} WHERE lid=".implode(' or lid=',$lids);
BuildXMLFromQuery($xml,$lquery,'labels');
$xml->endElement(); // close columns
$xml->endDocument();
diff --git a/application/controllers/admin/question.php b/application/controllers/admin/question.php
index ea2b74c8957..b51f8a04635 100644
--- a/application/controllers/admin/question.php
+++ b/application/controllers/admin/question.php
@@ -22,17 +22,22 @@
* @version $Id: question.php 11260 2011-10-25 18:34:55Z tmswhite $
* @access public
*/
- class question extends Survey_Common_Controller {
+ class question extends Survey_Common_Action
+ {
/**
- * question::__construct()
- * Constructor
- * @return
+ * Routes to the correct sub-action
+ *
+ * @access public
+ * @return void
*/
- function __construct()
- {
- parent::__construct();
- }
+ public function run($sa)
+ {
+ if ($sa == 'addquestion' || $sa == 'index' || $sa == 'editquestion')
+ $this->route('index', array('sa', 'surveyid', 'gid', 'qid'));
+ elseif ($sa == 'import')
+ $this->route('import', array());
+ }
/**
* question::import()
@@ -41,20 +46,20 @@ function __construct()
*/
function import()
{
- $action = $this->input->post('action');
- $surveyid = $this->input->post('sid');
- $gid = $this->input->post('gid');
- $clang = $this->limesurvey_lang;
+ $action = returnglobal('action');
+ $surveyid = returnglobal('sid');
+ $gid = returnglobal('gid');
+ $clang = $this->controller->lang;
- $css_admin_includes[] = $this->config->item('styleurl')."admin/default/superfish.css";
- $this->config->set_item("css_admin_includes", $css_admin_includes);
+ $css_admin_includes[] = Yii::app()->getConfig('styleurl')."/admin/default/superfish.css";
+ Yii::app()->setConfig("css_admin_includes", $css_admin_includes);
- self::_getAdminHeader();
- self::_showadminmenu($surveyid);
- self::_surveybar($surveyid,$gid);
- self::_surveysummary($surveyid,"viewquestion");
- self::_questiongroupbar($surveyid,$gid,NULL,"viewgroup");
+ $this->controller->_getAdminHeader();
+ $this->controller->_showadminmenu($surveyid);
+ $this->_surveybar($surveyid,$gid);
+ $this->_surveysummary($surveyid,"viewquestion");
+ $this->_questiongroupbar($surveyid,$gid,NULL,"viewgroup");
if ($action == 'importquestion')
{
@@ -62,7 +67,7 @@ function import()
$importquestion = "
\n";
- while ($emrow = $emresult->FetchRow())
+ while ($emrow = $emresult-read())
{
unset($fieldsarray);
$to=array();
@@ -1323,15 +1345,15 @@ function remind($surveyid)
{
$tokenoutput .= $emrow['tid'] ." ".ReplaceFields($clang->gT("Email to {FIRSTNAME} {LASTNAME} ({EMAIL}) skipped: Token is not valid anymore.")." ", $fieldsarray); } - elseif (SendEmailMessage($sendmessage, $msgsubject, $to, $from, $sitename,$ishtml,getBounceEmail($surveyid),null,$customheaders)) + elseif (SendEmailMessage($sendmessage, $msgsubject, $to, $from, Yii::app()->getConfig('sitename'),$ishtml,getBounceEmail($surveyid),null,$customheaders)) { // Put date into remindersent $today = date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i", $timeadjust); - $udequery = "UPDATE ".db_table_name("tokens_{$surveyid}")."\n" + $udequery = "UPDATE {{tokens_$surveyid}}\n" ."SET remindersent='$today',remindercount = remindercount+1 WHERE tid={$emrow['tid']}"; // - $uderesult = $connect->Execute($udequery) or safe_die ("Could not update tokens $udequery ".$connect->ErrorMsg()); + $uderesult = Yii::app()->db->createCommand($udequery)->execute(); //orig: $tokenoutput .= "({$emrow['tid']})[".$clang->gT("Reminder sent to:")." {$emrow['firstname']} {$emrow['lastname']}] \n"; $tokenoutput .= "({$emrow['tid']}) [".$clang->gT("Reminder sent to:")." {$emrow['firstname']} {$emrow['lastname']} ($to)] \n"; } @@ -1402,8 +1424,11 @@ function remind($surveyid) ." \n"; } //$tokenoutput .= "\n"; - echo $tokenoutput; - } + $this->controller->_getAdminHeader(); + $this->controller->render('/admin/token/tokenbar', $data); + echo $tokenoutput; + $this->controller->_getAdminFooter("http://docs.limesurvey.org", $this->controller->lang->gT("LimeSurvey online manual")); + } } /** @@ -1411,33 +1436,704 @@ function remind($surveyid) */ function exportdialog($surveyid) { + $clang = $this->controller->lang; $surveyid = sanitize_int($surveyid); if (bHasSurveyPermission($surveyid, 'tokens','export') )//EXPORT FEATURE SUBMITTED BY PIETERJAN HEYSE { - $this->load->helper("database"); - if ($this->input->post('submit')) + if (!empty($_POST['submit'])) { - $this->load->helper("export"); + Yii::app()->loadHelper("export"); tokens_export($surveyid); } - $langquery = "SELECT language FROM ".$this->db->dbprefix("tokens_$surveyid")." group by language"; - $langresult = db_execute_assoc($langquery); - $data['resultr'] = $langresult->row_array(); + $langquery = "SELECT language FROM {{tokens_$surveyid}} group by language"; + $langresult = Yii::app()->db->createCommand($langquery)->query(); + $data['resultr'] = $langresult->read(); - $data['clang']=$this->limesurvey_lang; + $data['clang']=$this->controller->lang; $thissurvey=getSurveyInfo($surveyid); $data['thissurvey']=$thissurvey; - $data['imageurl'] = $this->config->item('imageurl'); + $data['imageurl'] = Yii::app()->getConfig('imageurl'); $data['surveyid']=$surveyid; - self::_getAdminHeader(); - $this->load->view("admin/token/tokenbar",$data); - $this->load->view("admin/token/exportdialog",$data); - self::_getAdminFooter("http://docs.limesurvey.org", $this->limesurvey_lang->gT("LimeSurvey online manual")); + $this->controller->_getAdminHeader(); + $this->controller->render("/admin/token/tokenbar",$data); + $this->controller->render("/admin/token/exportdialog",$data); + $this->controller->_getAdminFooter("http://docs.limesurvey.org", $clang->gT("LimeSurvey online manual")); } } + /** + * Performs a ldap import + * + * @access public + * @param int $surveyid + * @return void + */ + public function importldap($surveyid) + { + $surveyid = (int) $surveyid; + $clang = $this->controller->lang; + + Yii::app()->loadConfig('ldap'); + Yii::app()->loadHelper('ldap'); + + $tokenoutput = ''; + if (!bHasSurveyPermission($surveyid, 'tokens', 'create')) + show_error('access denied'); + + if (empty($_POST['submit'])) + { + $tokenoutput .= "\t \n"; + $tokenoutput .= self::formldap(null, $surveyid); + $tokenoutput .= " \n"; + } + else + { + $ldap_queries = Yii::app()->getConfig('ldap_queries'); + $ldap_server = Yii::app()->getConfig('ldap_server'); + + $duplicatelist=array(); + $invalidemaillist=array(); + $tokenoutput .= "\t "
+ .$clang->gT("Uploading LDAP Query")." | \n";
+ $ldapq=$_POST['ldapQueries']; // the ldap query id
+
+ $ldap_server_id=$ldap_queries[$ldapq]['ldapServerId'];
+ $ldapserver=$ldap_server[$ldap_server_id]['server'];
+ $ldapport=$ldap_server[$ldap_server_id]['port'];
+ if (isset($ldap_server[$ldap_server_id]['encoding']) &&
+ $ldap_server[$ldap_server_id]['encoding'] != 'utf-8' &&
+ $ldap_server[$ldap_server_id]['encoding'] != 'UTF-8')
+ {
+ $ldapencoding=$ldap_server[$ldap_server_id]['encoding'];
+ }
+ else
+ {
+ $ldapencoding='';
+ }
+
+ // define $attrlist: list of attributes to read from users' entries
+ $attrparams = array('firstname_attr','lastname_attr',
+ 'email_attr','token_attr', 'language');
+
+ $aTokenAttr=GetAttributeFieldNames($surveyid);
+ foreach ($aTokenAttr as $thisattrfieldname)
+ {
+ $attridx=substr($thisattrfieldname,10); // the 'attribute_' prefix is 10 chars long
+ $attrparams[] = "attr".$attridx;
+ }
+
+ foreach ($attrparams as $id => $attr) {
+ if (array_key_exists($attr,$ldap_queries[$ldapq]) &&
+ $ldap_queries[$ldapq][$attr] != '') {
+ $attrlist[]=$ldap_queries[$ldapq][$attr];
+ }
+ }
+
+ // Open connection to server
+ $ds = ldap_getCnx($ldap_server_id);
+
+ if ($ds) {
+ // bind to server
+ $resbind=ldap_bindCnx($ds, $ldap_server_id);
+
+ if ($resbind) {
+ $ResArray=array();
+ $resultnum=ldap_doTokenSearch($ds, $ldapq, $ResArray, $surveyid);
+ $xz = 0; // imported token count
+ $xv = 0; // meet minim requirement count
+ $xy = 0; // check for duplicates
+ $duplicatecount = 0; // duplicate tokens skipped count
+ $invalidemailcount = 0;
+
+ if ($resultnum >= 1) {
+ foreach ($ResArray as $responseGroupId => $responseGroup) {
+ for($j = 0;$j < $responseGroup['count']; $j++) {
+ // first let's initialize everything to ''
+ $myfirstname='';
+ $mylastname='';
+ $myemail='';
+ $mylanguage='';
+ $mytoken='';
+ $myattrArray=array();
+
+ // The first 3 attrs MUST exist in the ldap answer
+ // ==> send PHP notice msg to apache logs otherwise
+ $meetminirequirements=true;
+ if (isset($responseGroup[$j][$ldap_queries[$ldapq]['firstname_attr']]) &&
+ isset($responseGroup[$j][$ldap_queries[$ldapq]['lastname_attr']])
+ )
+ {
+ // minimum requirement for ldap
+ // * at least a firstanme
+ // * at least a lastname
+ // * if filterblankemail is set (default): at least an email address
+ $myfirstname = ldap_readattr($responseGroup[$j][$ldap_queries[$ldapq]['firstname_attr']]);
+ $mylastname = ldap_readattr($responseGroup[$j][$ldap_queries[$ldapq]['lastname_attr']]);
+ if (isset($responseGroup[$j][$ldap_queries[$ldapq]['email_attr']]))
+ {
+ $myemail = ldap_readattr($responseGroup[$j][$ldap_queries[$ldapq]['email_attr']]);
+ $myemail= sanitize_email($myemail);
+ ++$xv;
+ }
+ elseif ($filterblankemail !==true)
+ {
+ $myemail = '';
+ ++$xv;
+ }
+ else
+ {
+ $meetminirequirements=false;
+ }
+ }
+ else
+ {
+ $meetminirequirements=false;
+ }
+
+ // The following attrs are optionnal
+ if ( isset($responseGroup[$j][$ldap_queries[$ldapq]['token_attr']]) ) $mytoken = ldap_readattr($responseGroup[$j][$ldap_queries[$ldapq]['token_attr']]);
+
+ foreach ($aTokenAttr as $thisattrfieldname)
+ {
+ $attridx=substr($thisattrfieldname,10); // the 'attribute_' prefix is 10 chars long
+ if ( isset($ldap_queries[$ldapq]['attr'.$attridx]) &&
+ isset($responseGroup[$j][$ldap_queries[$ldapq]['attr'.$attridx]]) ) $myattrArray[$attridx] = ldap_readattr($responseGroup[$j][$ldap_queries[$ldapq]['attr'.$attridx]]);
+ }
+
+ if ( isset($responseGroup[$j][$ldap_queries[$ldapq]['language']]) ) $mylanguage = ldap_readattr($responseGroup[$j][$ldap_queries[$ldapq]['language']]);
+
+ // In case Ldap Server encoding isn't UTF-8, let's translate
+ // the strings to UTF-8
+ if ($ldapencoding != '')
+ {
+ $myfirstname = @mb_convert_encoding($myfirstname,"UTF-8",$ldapencoding);
+ $mylastname = @mb_convert_encoding($mylastname,"UTF-8",$ldapencoding);
+ foreach ($aTokenAttr as $thisattrfieldname)
+ {
+ $attridx=substr($thisattrfieldname,10); // the 'attribute_' prefix is 10 chars long
+ @mb_convert_encoding($myattrArray[$attridx],"UTF-8",$ldapencoding);
+ }
+
+ }
+
+ // Now check for duplicates or bad formatted email addresses
+ $dupfound=false;
+ $invalidemail=false;
+ if ($filterduplicatetoken)
+ {
+ $dupquery = "SELECT firstname, lastname from {{tokens_$surveyid}} where email=".db_quoteall($myemail)." and firstname=".db_quoteall($myfirstname)." and lastname=".db_quoteall($mylastname);
+ $dupresult = Yii::app()->db->createCommand($dupquery)->query();
+ if ( $dupresult->getRowCount() > 0)
+ {
+ $dupfound = true;
+ $duplicatelist[]=$myfirstname." ".$mylastname." (".$myemail.")";
+ $xy++;
+
+ }
+ }
+ if ($filterblankemail && $myemail=='')
+ {
+ $invalidemail=true;
+ $invalidemaillist[]=$myfirstname." ".$mylastname." ( )";
+ }
+ elseif ($myemail!='' && !validate_email($myemail))
+ {
+ $invalidemail=true;
+ $invalidemaillist[]=$myfirstname." ".$mylastname." (".$myemail.")";
+ }
+
+ if ($invalidemail)
+ {
+ ++$invalidemailcount;
+ }
+ elseif ($dupfound)
+ {
+ ++$duplicatecount;
+ }
+ elseif ($meetminirequirements===true)
+ {
+ // No issue, let's import
+ $iq = "INSERT INTO {{tokens_$surveyid}} \n"
+ . "(firstname, lastname, email, emailstatus, token, language";
+
+ foreach ($aTokenAttr as $thisattrfieldname)
+ {
+ $attridx=substr($thisattrfieldname,10); // the 'attribute_' prefix is 10 chars long
+ if (!empty($myattrArray[$attridx])) {$iq .= ", $thisattrfieldname";}
+ }
+ $iq .=") \n"
+ . "VALUES (".db_quoteall($myfirstname).", ".db_quoteall($mylastname).", ".db_quoteall($myemail).", 'OK', ".db_quoteall($mytoken).", ".db_quoteall($mylanguage)."";
+
+ foreach ($aTokenAttr as $thisattrfieldname)
+ {
+ $attridx=substr($thisattrfieldname,10); // the 'attribute_' prefix is 10 chars long
+ if (!empty($myattrArray[$attridx])) {$iq .= ", ".db_quoteall($myattrArray[$attridx]).""; }// dbquote_all encloses str with quotes
+ }
+ $iq .= ")";
+ $ir = Yii::app()->db->createCommand($iq)->execute();
+ if (!$ir) $duplicatecount++;
+ $xz++;
+ // or safe_die ("Couldn't insert line | \n$buffer \n".htmlspecialchars($connect->ErrorMsg())." $iq\n"); + } + } // End for each entry + } // End foreach responseGroup + } // End of if resnum >= 1 + + if ($xz != 0) + { + $tokenoutput .= "".$clang->gT("Success")." \n"; + } + else + { + $tokenoutput .= "".$clang->gT("Failed")." \n"; + } + $message = "$resultnum ".$clang->gT("Results from LDAP Query").". \n"; + $message .= "$xv ".$clang->gT("Records met minumum requirements").". \n"; + $message .= "$xz ".$clang->gT("Records imported").". \n"; + $message .= "$xy ".$clang->gT("Duplicate records removed"); + $message .= " [".$clang->gT("List")."]"; + $message .= " "; + $message .= " \n"; + $message .= sprintf($clang->gT("%s records with invalid email address removed"),$invalidemailcount); + $message .= " [".$clang->gT("List")."]"; + $message .= " "; + $message .= " \n"; + $tokenoutput .= "$message \n"; + } + else { + $errormessage="".$clang->gT("Error").": ".$clang->gT("Can't bind to the LDAP directory")."\n"; + $tokenoutput .= self::formldap($errormessage, $surveyid); + } + @ldap_close($ds); + } + else { + $errormessage="".$clang->gT("Error").": ".$clang->gT("Can't connect to the LDAP directory")."\n"; + $tokenoutput .= self::formldap($errormessage, $surveyid); + } + } + + $this->controller->_getAdminHeader(); + $this->controller->render('/admin/token/tokenbar', array('thissurvey' => getSurveyInfo($surveyid), 'imageurl' => Yii::app()->getConfig('imageurl'), 'clang' => $clang, 'surveyid' => $surveyid)); + echo $tokenoutput; + $this->controller->_getAdminFooter("http://docs.limesurvey.org", $clang->gT("LimeSurvey online manual")); + } + + /** + * Ldap submission form + */ + function formldap($error=null, $surveyid) + { + $ldap_queries = Yii::app()->getConfig('ldap_queries'); + $clang = $this->controller->lang; + + $tokenoutput = ''; + if ($error) {$tokenoutput .= $error . " \n";} + + if (!function_exists('ldap_connect')) + { + $tokenoutput .= ' ';
+ $tokenoutput .= $clang->gT('Sorry, but the LDAP module is missing in your PHP configuration.');
+ $tokenoutput .= ' " . $clang->gT("Security Question") . ": | " . $clang->gT("Security Question") . ": | | |||||||||||
" . $clang->gT("Security Question") . ": | |||||||||||||||
" . $clang->gT("Security Question") . ": | |||||||||||||||