Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge branch 'master' into cint
  • Loading branch information
olleharstedt committed Jul 22, 2016
2 parents cc2a862 + f2ba622 commit fa708b7
Show file tree
Hide file tree
Showing 15 changed files with 631 additions and 557 deletions.
12 changes: 8 additions & 4 deletions application/controllers/admin/export.php
Expand Up @@ -1343,10 +1343,14 @@ private function _addHeaders($filename, $content_type, $expires, $pragma = "publ
}

private function _xmlToJson($fileContents) {
$fileContents = str_replace(array("\n", "\r", "\t"), '', $fileContents);
$fileContents = trim(str_replace('"', "'", $fileContents));
$simpleXml = simplexml_load_string($fileContents,'SimpleXMLElement', LIBXML_NOCDATA);
$json = json_encode($simpleXml);
$bOldEntityLoaderState = libxml_disable_entity_loader(true); // @see: http://phpsecurity.readthedocs.io/en/latest/Injection-Attacks.html#xml-external-entity-injection

$fileContents = str_replace(array("\n", "\r", "\t"), '', $fileContents);
$fileContents = trim(str_replace('"', "'", $fileContents));
$simpleXml = simplexml_load_string($fileContents,'SimpleXMLElement', LIBXML_NOCDATA);
$json = json_encode($simpleXml);

libxml_disable_entity_loader($bOldEntityLoaderState); // Put back entity loader to its original state, to avoid contagion to other applications on the server
return $json;
}

Expand Down
9 changes: 8 additions & 1 deletion application/controllers/admin/surveyadmin.php
Expand Up @@ -158,6 +158,13 @@ public function newsurvey()
$this->_registerScriptFiles();
Yii::app()->loadHelper('surveytranslator');
$esrow = $this->_fetchSurveyInfo('newsurvey');
// Default setting is to use the global Google Analytics key If one exists
$globalKey = getGlobalSetting('googleanalyticsapikey');
if($globalKey != ""){
$esrow['googleanalyticsapikey'] = "9999useGlobal9999";
$esrow['googleanalyticsapikeysetting'] = "G";
}

Yii::app()->loadHelper('admin/htmleditor');

$aViewUrls['output'] = PrepareEditorScript(false, $this->getController());
Expand Down Expand Up @@ -1614,7 +1621,7 @@ function insert($iSurveyID=null)
'publicgraphs' => App()->request->getPost('publicgraphs')=='1'?'Y':'N',
'assessments' => App()->request->getPost('assessments')=='1'?'Y':'N',
'emailresponseto' => App()->request->getPost('emailresponseto'),
'tokenlength' => $iTokenLength
'tokenlength' => $iTokenLength,
);

$warning = '';
Expand Down
25 changes: 16 additions & 9 deletions application/helpers/admin/import_helper.php
Expand Up @@ -19,14 +19,19 @@
*/
function XMLImportGroup($sFullFilePath, $iNewSID)
{
$aLanguagesSupported = array(); // this array will keep all the languages supported for the survey
$aLanguagesSupported = array(); // this array will keep all the languages supported for the survey
$sBaseLanguage = Survey::model()->findByPk($iNewSID)->language;
$aLanguagesSupported[] = $sBaseLanguage; // adds the base language to the list of supported languages
$aLanguagesSupported = array_merge($aLanguagesSupported,Survey::model()->findByPk($iNewSID)->additionalLanguages);

$bOldEntityLoaderState = libxml_disable_entity_loader(true); // @see: http://phpsecurity.readthedocs.io/en/latest/Injection-Attacks.html#xml-external-entity-injection

$sXMLdata = file_get_contents($sFullFilePath);
$xml = simplexml_load_string($sXMLdata,'SimpleXMLElement',LIBXML_NONET);


$sBaseLanguage = Survey::model()->findByPk($iNewSID)->language;
$aLanguagesSupported[]=$sBaseLanguage; // adds the base language to the list of supported languages
$aLanguagesSupported=array_merge($aLanguagesSupported,Survey::model()->findByPk($iNewSID)->additionalLanguages);
$sXMLdata = file_get_contents($sFullFilePath);
$xml = simplexml_load_string($sXMLdata,'SimpleXMLElement',LIBXML_NONET);
if ($xml==false || $xml->LimeSurveyDocType!='Group') safeDie('This is not a valid LimeSurvey group structure XML file.');

$iDBVersion = (int) $xml->DBVersion;
$aQIDReplacements=array();
$results['defaultvalues']=0;
Expand Down Expand Up @@ -330,6 +335,8 @@ function XMLImportGroup($sFullFilePath, $iNewSID)
$results['newgid']=$newgid;
$results['labelsets']=0;
$results['labels']=0;

libxml_disable_entity_loader($bOldEntityLoaderState); // Put back entity loader to its original state, to avoid contagion to other applications on the server
return $results;
}

Expand Down Expand Up @@ -1607,7 +1614,7 @@ function XMLImportTokens($sFullFilePath,$iSurveyID,$sCreateMissingAttributeField
}

switchMSSQLIdentityInsert('tokens_'.$iSurveyID,true);
foreach ($xml->tokens->rows->row as $row)
foreach ($xml->tokens->rows->row as $row)
{
$insertdata=array();

Expand All @@ -1616,8 +1623,8 @@ function XMLImportTokens($sFullFilePath,$iSurveyID,$sCreateMissingAttributeField
$insertdata[(string)$key]=(string)$value;
}

$token = Token::create($iSurveyID);
$token->setAttributes($insertdata, false);
$token = Token::create($iSurveyID);
$token->setAttributes($insertdata, false);
if (!$token->save())
{
$results['warnings'][]=gT("Skipped tokens entry:").' '. implode('. ',$token->errors['token']);
Expand Down
12 changes: 0 additions & 12 deletions application/helpers/common_helper.php
Expand Up @@ -169,18 +169,6 @@ function getQuestionTypeList($SelectedCode = "T", $ReturnType = "selector")
return $qtypeselecter;
}

function getQuestionModuleList($SelectedCode = "T", $ReturnType = "selector")
{
$publicurl = Yii::app()->getConfig('publicurl');
$qtypes = Question::questionModuleList();

if ($ReturnType == "array")
return $qtypes;

else return null;

}

/**
* isStandardTemplate returns true if a template is a standard template
* This function does not check if a template actually exists
Expand Down
2 changes: 1 addition & 1 deletion application/helpers/expressions/em_core_helper.php
Expand Up @@ -1380,7 +1380,7 @@ public function GetJavaScriptFunctionForReplacement($questionNum, $name,$eqn)
$jsParts[] = " document.getElementById('" . $name . "').innerHTML=LEMfixnum(\n ";
$jsParts[] = $this->GetJavaScriptEquivalentOfExpression();
$jsParts[] = ");\n";
$jsParts[] = " } catch (e) { }\n";
$jsParts[] = " } catch (e) { console.log(e); }\n";
return implode('',$jsParts);
}

Expand Down
2 changes: 1 addition & 1 deletion application/helpers/qanda_helper.php
Expand Up @@ -873,7 +873,7 @@ function do_date($ia)

App()->getClientScript()->registerScript("sDateLangvarJS",$sDateLangvarJS,CClientScript::POS_HEAD);
App()->getClientScript()->registerScriptFile(Yii::app()->getConfig("generalscripts").'date.js');
App()->getClientScript()->registerScriptFile(Yii::app()->getConfig("third_party").'jstoolbox/date.js');
//App()->getClientScript()->registerScriptFile(Yii::app()->getConfig("third_party").'jstoolbox/date.js');

// date_min: Determine whether we have an expression, a full date (YYYY-MM-DD) or only a year(YYYY)
if (trim($aQuestionAttributes['date_min'])!='')
Expand Down
122 changes: 70 additions & 52 deletions application/helpers/remotecontrol/remotecontrol_handle.php
Expand Up @@ -934,7 +934,6 @@ public function delete_group($sSessionKey, $iSurveyID, $iGroupID)
*/
public function import_group($sSessionKey, $iSurveyID, $sImportData, $sImportDataType, $sNewGroupName=NULL, $sNewGroupDescription=NULL)
{

if ($this->_checkSessionKey($sSessionKey))
{
$oSurvey = Survey::model()->findByPk($iSurveyID);
Expand All @@ -955,11 +954,13 @@ public function import_group($sSessionKey, $iSurveyID, $sImportData, $sImportDat

if ( strtolower($sImportDataType)=='lsg')
{
$bOldEntityLoaderState = libxml_disable_entity_loader(true); // @see: http://phpsecurity.readthedocs.io/en/latest/Injection-Attacks.html#xml-external-entity-injection
$sXMLdata = file_get_contents($sFullFilePath);
$xml = @simplexml_load_string($sXMLdata,'SimpleXMLElement',LIBXML_NONET);
if(!$xml)
{
unlink($sFullFilePath);
libxml_disable_entity_loader($bOldEntityLoaderState); // Put back entity loader to its original state, to avoid contagion to other applications on the server
return array('status' => 'Error: Invalid LimeSurvey group structure XML ');
}
$aImportResults = XMLImportGroup($sFullFilePath, $iSurveyID);
Expand All @@ -969,7 +970,11 @@ public function import_group($sSessionKey, $iSurveyID, $sImportData, $sImportDat

unlink($sFullFilePath);

if (isset($aImportResults['fatalerror'])) return array('status' => 'Error: '.$aImportResults['fatalerror']);
if (isset($aImportResults['fatalerror']))
{
libxml_disable_entity_loader($bOldEntityLoaderState); // Put back entity loader to its original state, to avoid contagion to other applications on the server
return array('status' => 'Error: '.$aImportResults['fatalerror']);
}
else
{
$iNewgid = $aImportResults['newgid'];
Expand All @@ -988,6 +993,7 @@ public function import_group($sSessionKey, $iSurveyID, $sImportData, $sImportDat
{
// no need to throw exception
}
libxml_disable_entity_loader($bOldEntityLoaderState); // Put back entity loader to its original state, to avoid contagion to other applications on the server
return (int)$aImportResults['newgid'];
}
}
Expand Down Expand Up @@ -1246,21 +1252,31 @@ public function import_question($sSessionKey, $iSurveyID,$iGroupID, $sImportData

if ( strtolower($sImportDataType)=='lsq')
{
$bOldEntityLoaderState = libxml_disable_entity_loader(true); // @see: http://phpsecurity.readthedocs.io/en/latest/Injection-Attacks.html#xml-external-entity-injection

$sXMLdata = file_get_contents($sFullFilePath);
$xml = @simplexml_load_string($sXMLdata,'SimpleXMLElement',LIBXML_NONET);
if(!$xml)
{
unlink($sFullFilePath);
libxml_disable_entity_loader($bOldEntityLoaderState); // Put back entity loader to its original state, to avoid contagion to other applications on the server
return array('status' => 'Error: Invalid LimeSurvey question structure XML ');
}
$aImportResults = XMLImportQuestion($sFullFilePath, $iSurveyID, $iGroupID);
}
else
{
libxml_disable_entity_loader($bOldEntityLoaderState); // Put back entity loader to its original state, to avoid contagion to other applications on the server
return array('status' => 'Really Invalid extension'); //just for symmetry!
}

unlink($sFullFilePath);

if (isset($aImportResults['fatalerror'])) return array('status' => 'Error: '.$aImportResults['fatalerror']);
if (isset($aImportResults['fatalerror']))
{
libxml_disable_entity_loader($bOldEntityLoaderState); // Put back entity loader to its original state, to avoid contagion to other applications on the server
return array('status' => 'Error: '.$aImportResults['fatalerror']);
}
else
{
fixLanguageConsistency($iSurveyID);
Expand All @@ -1278,6 +1294,8 @@ public function import_question($sSessionKey, $iSurveyID,$iGroupID, $sImportData
else
$oQuestion->setAttribute('mandatory','N');

libxml_disable_entity_loader($bOldEntityLoaderState); // Put back entity loader to its original state, to avoid contagion to other applications on the server

try
{
$oQuestion->save();
Expand Down Expand Up @@ -1416,9 +1434,9 @@ public function get_question_properties($sSessionKey, $iQuestionID, $aQuestionSe
}
else if ($sPropertyName == 'defaultvalue')
{
$aResult['defaultvalue'] = DefaultValue::model()->findByAttributes(array('qid' => $iQuestionID, 'language'=> $sLanguage))->defaultvalue;
}
else
$aResult['defaultvalue'] = DefaultValue::model()->findByAttributes(array('qid' => $iQuestionID, 'language'=> $sLanguage))->defaultvalue;
}
else
{
$aResult[$sPropertyName]=$oQuestion->$sPropertyName;
}
Expand Down Expand Up @@ -1626,7 +1644,7 @@ public function delete_participants($sSessionKey, $iSurveyID, $aTokenIDs)
* @access public
* @param string $sSessionKey Auth credentials
* @param int $iSurveyID Id of the Survey to get token properties
* @param array|struct|int Array $aTokenQueryProperties of participant properties used to query the participant, or the token id as an integer
* @param array|struct|int Array $aTokenQueryProperties of participant properties used to query the participant, or the token id as an integer
* @param array $aTokenProperties The properties to get
* @return array The requested values
*/
Expand All @@ -1645,18 +1663,18 @@ public function get_participant_properties($sSessionKey, $iSurveyID, $aTokenQuer

if(is_array($aTokenQueryProperties)){
$tokenCount = Token::model($iSurveyID)->countByAttributes($aTokenQueryProperties);
if($tokenCount == 0){
return array('status' => 'Error: No results were found based on your attributes.');
}else if($tokenCount > 1){
return array('status' => 'Error: More than 1 result was found based on your attributes.');
}
$token = Token::model($iSurveyID)->findByAttributes($aTokenQueryProperties);
}else{

if($tokenCount == 0){
return array('status' => 'Error: No results were found based on your attributes.');
}else if($tokenCount > 1){
return array('status' => 'Error: More than 1 result was found based on your attributes.');
}
$token = Token::model($iSurveyID)->findByAttributes($aTokenQueryProperties);
}else{
// If aTokenQueryProperties is not an array, it's an integer
$iTokenID = $aTokenQueryProperties;
$token = Token::model($iSurveyID)->findByPk($iTokenID);
}
$token = Token::model($iSurveyID)->findByPk($iTokenID);
}
if (!isset($token))
return array('status' => 'Error: Invalid tokenid');

Expand Down Expand Up @@ -1704,18 +1722,18 @@ public function set_participant_properties($sSessionKey, $iSurveyID, $aTokenQuer
return array('status' => 'Error: No token table');

if(is_array($aTokenQueryProperties)){
$tokenCount = Token::model($iSurveyID)->countByAttributes($aTokenQueryProperties);
if($tokenCount == 0){
return array('status' => 'Error: No results were found based on your attributes.');
}else if($tokenCount > 1){
return array('status' => 'Error: More than 1 result was found based on your attributes.');
}
$tokenCount = Token::model($iSurveyID)->countByAttributes($aTokenQueryProperties);
if($tokenCount == 0){
return array('status' => 'Error: No results were found based on your attributes.');
}else if($tokenCount > 1){
return array('status' => 'Error: More than 1 result was found based on your attributes.');
}
$oToken = Token::model($iSurveyID)->findByAttributes($aTokenQueryProperties);
}else{
}else{
// If aTokenQueryProperties is not an array, it's an integer
$iTokenID = $aTokenQueryProperties;
$oToken = Token::model($iSurveyID)->findByPk($iTokenID);
}
$oToken = Token::model($iSurveyID)->findByPk($iTokenID);
}
if (!isset($oToken))
return array('status' => 'Error: Invalid tokenid');

Expand Down Expand Up @@ -2073,33 +2091,33 @@ public function mail_registered_participants($sSessionKey, $iSurveyID, $override
if(!tableExists("{{tokens_$iSurveyID}}"))
return array('status' => 'Error: No token table');

$command = new CDbCriteria();
$command->condition = '';
if (count($overrideAllConditions)) {
foreach($overrideAllConditions as $condition)
{
$command->addCondition($condition);
}
}
else
{
$command->addCondition('usesleft > 0');
$command->addCondition("sent = 'N'");
$command->addCondition("remindersent = 'N'");
$command->addCondition("(completed ='N') or (completed='')");
$command->addCondition('ISNULL(validfrom) OR validfrom < NOW()');
$command->addCondition('ISNULL(validuntil) OR validuntil > NOW()');
$command->addCondition('emailstatus = "OK"');
}
$command->order = 'tid';
$command = new CDbCriteria();
$command->condition = '';
if (count($overrideAllConditions)) {
foreach($overrideAllConditions as $condition)
{
$command->addCondition($condition);
}
}
else
{
$command->addCondition('usesleft > 0');
$command->addCondition("sent = 'N'");
$command->addCondition("remindersent = 'N'");
$command->addCondition("(completed ='N') or (completed='')");
$command->addCondition('ISNULL(validfrom) OR validfrom < NOW()');
$command->addCondition('ISNULL(validuntil) OR validuntil > NOW()');
$command->addCondition('emailstatus = "OK"');
}
$command->order = 'tid';

$aAllTokens = Token::model($iSurveyID)->findAll( $command );
$iAllTokensCount=count($aAllTokens);
unset($aAllTokens);

$iMaxEmails = (int)Yii::app()->getConfig("maxemails");
$command->limit = $iMaxEmails;
$aResultTokens = Token::model($iSurveyID)->findAll( $command );
$command->limit = $iMaxEmails;
$aResultTokens = Token::model($iSurveyID)->findAll( $command );

if (empty($aResultTokens))
return array('status' => 'Error: No candidate tokens');
Expand All @@ -2111,11 +2129,11 @@ public function mail_registered_participants($sSessionKey, $iSurveyID, $override

//if(!filter_var($emailaddress, FILTER_VALIDATE_EMAIL))
if (preg_match($pattern, $oToken['email']) !== 1)
{
unset($aResultTokens[$key]);
//subtract from 'left to send'
$iAllTokensCount--;
}
{
unset($aResultTokens[$key]);
//subtract from 'left to send'
$iAllTokensCount--;
}
}

if (empty($aResultTokens))
Expand Down
8 changes: 4 additions & 4 deletions application/helpers/replacements_helper.php
Expand Up @@ -197,7 +197,7 @@ function templatereplace($line, $replacements = array(), &$redata = array(), $de
{
$surveyformat = "";
}
if($oTemplate->config->engine->cssframework)
if( isset($oTemplate->config->engine->cssframework) && $oTemplate->config->engine->cssframework)
{
$surveyformat .= " ".$oTemplate->config->engine->cssframework."-engine ";
}
Expand Down Expand Up @@ -553,15 +553,15 @@ function templatereplace($line, $replacements = array(), &$redata = array(), $de
{
$_assessment_current_total = '';
}
if($thissurvey['googleanalyticsapikey'] === "9999useGlobal9999")
if(isset($thissurvey['googleanalyticsapikey']) && $thissurvey['googleanalyticsapikey'] === "9999useGlobal9999")
{
$_googleAnalyticsAPIKey = trim(getGlobalSetting('googleanalyticsapikey'));
}
}
else if (isset($thissurvey['googleanalyticsapikey']) && trim($thissurvey['googleanalyticsapikey']) != '')
{
$_googleAnalyticsAPIKey = trim($thissurvey['googleanalyticsapikey']);
}
else
else
{
$_googleAnalyticsAPIKey = "";

Expand Down

0 comments on commit fa708b7

Please sign in to comment.