Dev: Merge branch '2.1' into Plugin

Conflicts:
	application/controllers/admin/tokens.php
	application/controllers/survey/index.php
	application/helpers/frontend_helper.php
	application/helpers/update/updatedb_helper.php
	application/views/admin/survey/Question/subQuestion_view.php
	application/views/admin/usergroup/viewUserGroup_view.php

application/config/config-defaults.php

@@ -326,7 +326,7 @@
 * If set, this function will overwrite the auth_webserver_autocreate_profile defined above by its return value
 *
 *  You can use any external DB in order to fill the profile for the user_name passed as the first parameter
-*  A dummy example for the 'hook_get_autouserprofile' function is given below:
+*  A dummy example for the 'hook_get_auth_autouserprofile' function is given below:
 */
 /*
 function hook_get_auth_webserver_profile($user_name)

application/config/routes.php

@@ -17,6 +17,7 @@
 $route['<_sid:\d+>/lang-<_lang:\w+[-\w]+>/tk-<_token:\w+>'] = "survey/index/sid/<_sid>/lang/<_lang>/token/<_token>"; //This one must be first
 $route['<_sid:\d+>/lang-<_lang:\w+[-\w]+>'] = "survey/index/sid/<_sid>/lang/<_lang>";
 $route['<_sid:\d+>/tk-<_token:\w+>'] = "survey/index/sid/<_sid>/token/<_token>";
+$route['<_sid:\d+>'] = "survey/index/sid/<_sid>";
 
 //Admin Routes
 $route['admin/index'] = "admin";

application/config/version.php

@@ -13,7 +13,7 @@
  */
 
 $config['versionnumber'] = "2.10a";
-$config['dbversionnumber'] = 168;
+$config['dbversionnumber'] = 169;
 $config['buildnumber'] = '';
 $config['updatable'] = true;
 

application/controllers/AdminController.php

@@ -126,7 +126,7 @@ protected function _sessioncontrol()
         Yii::app()->setLang($this->lang);
 
         if (!empty($this->user_id))
-            $this->_GetSessionUserRights($this->user_id);
+            $this->_setSessionUserRights($this->user_id);
     }
 
     /**
@@ -222,46 +222,30 @@ public function getActionClasses()
     * Set Session User Rights
     *
     * @access public
-    * @param integer $iLoginID
-    * @return void
+    * @return boolean
     */
-    public function _GetSessionUserRights($iLoginID)
+    public function _setSessionUserRights()
     {
+        $iLoginID=Yii::app()->user->getId();
+        if(!$iLoginID)
+            return false;
         $oUser = User::model()->findByPk($iLoginID);
-
-        if (!empty($oUser))
+        if(!$oUser)
+            return false;
+        $userrights=array();
+        foreach(User::$UserRights as $right)
         {
-            Yii::app()->session['USER_RIGHT_SUPERADMIN']        = $oUser->superadmin;
-            Yii::app()->session['USER_RIGHT_CREATE_SURVEY']     = ($oUser->create_survey || $oUser->superadmin);
-            Yii::app()->session['USER_RIGHT_PARTICIPANT_PANEL'] = ($oUser->participant_panel || $oUser->superadmin);
-            Yii::app()->session['USER_RIGHT_CONFIGURATOR']      = ($oUser->configurator || $oUser->superadmin);
-            Yii::app()->session['USER_RIGHT_CREATE_USER']       = ($oUser->create_user || $oUser->superadmin);
-            Yii::app()->session['USER_RIGHT_DELETE_USER']       = ($oUser->delete_user || $oUser->superadmin);
-            Yii::app()->session['USER_RIGHT_MANAGE_TEMPLATE']   = ($oUser->manage_template || $oUser->superadmin);
-            Yii::app()->session['USER_RIGHT_MANAGE_LABEL']      = ($oUser->manage_label || $oUser->superadmin);
+            $userrights[$right]=($oUser->$right || $oUser->superadmin);
         }
-
-        // SuperAdmins
-        // * original superadmin with uid=1 unless manually changed and defined
-        //   in config-defaults.php
-        // * or any user having USER_RIGHT_SUPERADMIN right
-
-        // Let's check if I am the Initial SuperAdmin
-
-        $oUser = User::model()->findByAttributes(array('parent_id' => 0));
-
-        if (!is_null($oUser) && $oUser->uid == $iLoginID)
-            $initialSuperadmin=true;
-        else
-            $initialSuperadmin=false;
-
-        if ($initialSuperadmin === true)
+        $userrights['initialsuperadmin']=(!$oUser->parent_id);
+        // initialsuperadminare a superadmin
+        // initialsuperadmin can have less right than superadmin in session only: like old situation
+        $userrights['superadmin']=($userrights['superadmin'] || $userrights['initialsuperadmin']);
+        foreach($userrights as $right=>$value)
         {
-            Yii::app()->session['USER_RIGHT_SUPERADMIN'] = 1;
-            Yii::app()->session['USER_RIGHT_INITIALSUPERADMIN'] = 1;
+            Yii::app()->session['USER_RIGHT_'.strtoupper($right)]=($value)? 1:0;
         }
-        else
-            Yii::app()->session['USER_RIGHT_INITIALSUPERADMIN'] = 0;
+        return true;
     }
 
     /**

application/controllers/InstallerController.php

@@ -176,6 +176,7 @@ private function stepLicense()
         {
             $this->redirect($this->createUrl('installer/precheck'));
         }
+        Yii::app()->session['saveCheck'] = 'save';  // Checked in next step
 
         $this->render('/installer/license_view',$aData);
     }
@@ -838,6 +839,17 @@ function check_DirectoryWriteable($sDirectory, &$aData, $sBase, $sKeyError, $bRe
         //upload directory check
         if (!check_DirectoryWriteable(Yii::app()->getConfig('uploaddir').'/', $aData, 'uploaddir', 'uerror',true) )
             $bProceed = false;
+
+        // Session writable check
+        $session = Yii::app()->session; /* @var $session CHttpSession */
+        $sessionWritable = ($session->get('saveCheck', null)==='save');
+        $data['sessionWritable'] = $sessionWritable;
+        $data['sessionWritableImg'] = check_HTML_image($sessionWritable);
+        if (!$sessionWritable){  
+            // For recheck, try to set the value again
+            $session['saveCheck'] = 'save';
+            $bProceed = false;
+        }
 
         // ** optional settings check **
 

application/controllers/RegisterController.php

@@ -184,23 +184,26 @@ function actionIndex($surveyid = null)
 
         $sFrom = "{$thissurvey['adminname']} <{$thissurvey['adminemail']}>";
 
+        $surveylink = $this->createAbsoluteUrl("/survey/index/sid/{$surveyid}",array('lang'=>$baselang,'token'=>$newtoken));
+        $optoutlink = $this->createAbsoluteUrl("/optout/tokens/surveyid/{$surveyid}",array('langcode'=>'fr','token'=>'newtoken'));
+        $optinlink = $this->createAbsoluteUrl("/optin/tokens/surveyid/{$surveyid}",array('langcode'=>'fr','token'=>'newtoken'));
         if (getEmailFormat($surveyid) == 'html')
         {
             $bUseHTMLEmail = true;
-            $surveylink = $this->createAbsoluteUrl($surveyid.'/lang-'.$sLanguage.'/tk-'.$sNewToken);
-            $optoutlink = $this->createAbsoluteUrl('optout/local/'.$surveyid.'/'.$sLanguage.'/'.$sNewToken);
-            $optinlink = $this->createAbsoluteUrl('optin/local/'.$surveyid.'/'.$sLanguage.'/'.$sNewToken);
             $aReplacementFields["{SURVEYURL}"]="<a href='$surveylink'>".$surveylink."</a>";
             $aReplacementFields["{OPTOUTURL}"]="<a href='$optoutlink'>".$optoutlink."</a>";
             $aReplacementFields["{OPTINURL}"]="<a href='$optinlink'>".$optinlink."</a>";
         }
         else
         {
             $bUseHTMLEmail = false;
-            $aReplacementFields["{SURVEYURL}"]= $this->createAbsoluteUrl(''.$surveyid.'/lang-'.$sLanguage.'/tk-'.$sNewToken);
-            $aReplacementFields["{OPTOUTURL}"]= $this->createAbsoluteUrl('optout/local/'.$surveyid.'/'.$sLanguage.'/'.$sNewToken);
-            $aReplacementFields["{OPTINURL}"]= $this->createAbsoluteUrl('optin/local/'.$surveyid.'/'.$sLanguage.'/'.$sNewToken);
+            $aReplacementFields["{SURVEYURL}"]= $surveylink;
+            $aReplacementFields["{OPTOUTURL}"]= $optoutlink;
+            $aReplacementFields["{OPTINURL}"]= $optinlink;
         }
+        $sMessage = str_replace("@@SURVEYURL@@", $surveylink, $sMessage);
+        $sMessage = str_replace("@@OPTOUTURL@@", $optoutlink, $sMessage);
+        $sMessage = str_replace("@@OPTINURL@@", $optinlink, $sMessage);
 
         $sMessage=ReplaceFields($sMessage, $aReplacementFields);
         $sSubject=ReplaceFields($sSubject, $aReplacementFields);
@@ -215,14 +218,12 @@ function actionIndex($surveyid = null)
 
             if($thissurvey['directregister']=="Y")
             {
-                $registerurl=Yii::app()->getController()->createUrl("/{$surveyid}/lang-{$sLanguage}/tk-{$sNewToken}");
-                $sHTML .= sprintf($clang->gT("An email has been sent to the address you provided with access details for this survey. <a href='%s'>You can enter to this survey now</a>.",'unescaped'),$registerurl);
+                $sHTML .= sprintf($clang->gT("An email has been sent to the address you provided with access details for this survey. <a href='%s'>You can enter to this survey now</a>.",'unescaped'),$surveylink);
                 $sHTML .= "<br /><br />\n".$clang->gT("Survey administrator")." {ADMINNAME} ({ADMINEMAIL})";
             }
             elseif($thissurvey['directregister']=="A")
             {
-                $registerurl=Yii::app()->getController()->createUrl("/{$surveyid}/lang-{$sLanguage}/tk-{$sNewToken}");
-                Yii::app()->request->redirect($registerurl);
+                Yii::app()->request->redirect($surveylink);
             }
             else
             {

application/controllers/admin/authentication.php

@@ -46,7 +46,7 @@ public function index()
                 {
                     Failed_login_attempts::model()->deleteAttempts();
 
-                    $this->getController()->_GetSessionUserRights(Yii::app()->session['loginID']);
+                    $this->getController()->_setSessionUserRights();
                     Yii::app()->session['just_logged_in'] = true;
                     Yii::app()->session['loginsummary'] = $this->_getSummary();
                     $this->_doRedirect();

application/controllers/admin/checkintegrity.php

@@ -54,7 +54,7 @@ public function fixredundancy()
                     if(in_array($aTokenTable['table'],$oldsmultidelete))
                     {
                         Yii::app()->db->createCommand()->dropTable($aTokenTable['table']);
-                        $aData['messages'][] = $clang->gT('Deleting token table:') . ' ' . $aTokenTable['table'];
+                        $aData['messages'][] = sprintf($clang->gT('Deleting token table: %s'),$aTokenTable['table']);
                     }
                 }
             }
@@ -65,11 +65,14 @@ public function fixredundancy()
                     if(in_array($aSurveyTable['table'],$oldsmultidelete))
                     {
                         Yii::app()->db->createCommand()->dropTable($aSurveyTable['table']);
-                        $aData['messages'][] = $clang->gT('Deleting survey table:') . ' ' . $aSurveyTable['table'];
+                        $aData['messages'][] = sprintf($clang->gT('Deleting survey table: %s'),$aSurveyTable['table']);
                     }
                 }
             }
-
+            if(count($aData['messages'])==0)
+            {
+                $aData['messages'][] = $clang->gT('No old survey or token table selected.');
+            }
             $this->_renderWrappedTemplate('checkintegrity', 'fix_view', $aData);
         }
     }

application/controllers/admin/database.php

@@ -1035,8 +1035,8 @@ function index($sa = null)
             {
                 if ($langname)
                 {
-                    $usresult = Surveys_languagesettings::model()->findAllByPk(array('surveyls_survey_id'=>$surveyid, 'surveyls_language'=>$langname));
-                    if (count($usresult)==0)
+                    $iRowCount = Surveys_languagesettings::model()->count(array('surveyls_survey_id=:surveyid AND surveyls_language=:langname', array(':surveyid'=>$surveyid,':langname'=>$langname));
+                    if ($iRowCount)
                     {
 
                         $languagedetails=getLanguageDetails($langname);
@@ -1050,7 +1050,7 @@ function index($sa = null)
                         $setting= new Surveys_languagesettings;
                         foreach ($insertdata as $k => $v)
                             $setting->$k = $v;
-                        $setting->save();
+                        $usresult=$setting->save();
                     }
                 }
             }

application/controllers/admin/dataentry.php

@@ -1390,7 +1390,7 @@ private function _prepFieldValues($fieldnames, $field, $fieldcount, $donotimport
         // Make this safe for DB (*after* we undo first excel's
         // and then our escaping).
         $fieldvalues = array_map( 'dbQuoteAll', $fieldvalues );
-        $fieldvalues = str_replace( dbQuoteAll('{question_not_shown}'), 'NULL', $fieldvalues );
+        $fieldvalues = str_replace( dbQuoteAll('{question_not_shown}'), null, $fieldvalues );
 
         return $fieldvalues;
     }

application/controllers/admin/export.php

@@ -142,7 +142,7 @@ public function exportresults()
 
         if ( ! hasSurveyPermission($iSurveyID, 'responses', 'export') )
         {
-            exit;
+            $this->getController()->error('Access denied!');
         }
 
         Yii::app()->loadHelper("admin/exportresults");

application/controllers/admin/expressions.php

@@ -15,7 +15,25 @@
 class Expressions extends Survey_Common_Action {
 	function index()
 	{
-        header("Content-type: text/html; charset=UTF-8"); // needed for correct UTF-8 encoding
+        $needpermission=false;
+	    if (isset($_GET['sa']) && $_GET['sa']=='survey_logic_file' && !empty($_REQUEST['sid']))
+	    {
+	        $surveyid=(int)$_REQUEST['sid'];
+	        $needpermission=true;
+	    }
+        if($needpermission && !hasSurveyPermission($surveyid,'surveycontent','read'))
+        {
+            $clang = $this->getController()->lang;
+            $aData['surveyid'] = (int)$_REQUEST['sid'];
+            $this->getController()->_css_admin_includes(Yii::app()->getConfig('adminstyleurl')."superfish.css");
+            $message['title']= $clang->gT('Access denied!');
+            $message['message']= $clang->gT('You do not have sufficient rights to access this page.');
+            $message['class']= "error";
+            $this->_renderWrappedTemplate('survey', array("message"=>$message), $aData);
+        }
+        else
+        {
+            header("Content-type: text/html; charset=UTF-8"); // needed for correct UTF-8 encoding
     ?>
 <!DOCTYPE html>
 <html>
@@ -37,6 +55,7 @@ function index()
     </body>
 </html>
     <?php
+        }
     }
 
     protected function test($which)