Skip to content
Permalink
Browse files

Fixed issue: Vulnerable parameter on survey resume

  • Loading branch information...
c-schmitz committed Jul 2, 2014
1 parent 38e5e8a commit 3a6dd6b44cef2fa3f96f403e1cb971d8d0d694b5
Showing with 1 addition and 10 deletions.
  1. +0 −9 application/helpers/common_helper.php
  2. +1 −1 application/helpers/frontend_helper.php
@@ -3799,7 +3799,6 @@ function questionAttributes($returnByName=false)
'category'=>$clang->gT('Other'),
'sortorder'=>130,
"inputtype"=>"text",
'default'=>'1',

This comment has been minimized.

Copy link
@Shnoulle

Shnoulle Jul 16, 2014

Collaborator

Any reason to remove the default ? See http://bugs.limesurvey.org/view.php?id=9141

"help"=>$clang->gT("Maximum number of files that the participant can upload for this question"),
"caption"=>$clang->gT("Max number of files"));
@@ -3883,14 +3882,6 @@ function categorySort($a, $b)
return $result;
}
// make sure the given string (which comes from a POST or GET variable)
// is safe to use in MySQL. This does nothing if gpc_magic_quotes is on.
function autoEscape($str) {
if (!get_magic_quotes_gpc()) {
return addslashes ($str);
}
return $str;
}
// the opposite of the above: takes a POST or GET variable which may or
// may not have been 'auto-quoted', and return the *unquoted* version.
@@ -29,7 +29,7 @@ function loadanswers()
{
$query .= "AND {{saved_control}}.scid={$scid}\n";
}
$query .="AND {{saved_control}}.identifier = '".autoEscape($_SESSION['survey_'.$surveyid]['holdname'])."' ";
$query .="AND {{saved_control}}.identifier = '".Yii::app()->db->quoteValue($_SESSION['survey_'.$surveyid]['holdname'])."' ";
if (in_array(Yii::app()->db->getDriverName(), array('mssql', 'sqlsrv', 'dblib')))
{

1 comment on commit 3a6dd6b

@Shnoulle

This comment has been minimized.

Copy link
Collaborator

Shnoulle commented on 3a6dd6b Jul 10, 2014

Seems there are a double quoting here ?
See: http://bugs.limesurvey.org/view.php?id=9134 ?

Not sure it's this one, but have some forum post since last upate with same issue.

Fixed with Yii in e86b028 :)

Please sign in to comment.
You can’t perform that action at this time.