Skip to content
Browse files

Fixed issue: Vulnerable parameter on survey resume

  • Loading branch information...
c-schmitz committed Jul 2, 2014
1 parent 38e5e8a commit 3a6dd6b44cef2fa3f96f403e1cb971d8d0d694b5
Showing with 1 addition and 10 deletions.
  1. +0 −9 application/helpers/common_helper.php
  2. +1 −1 application/helpers/frontend_helper.php
@@ -3799,7 +3799,6 @@ function questionAttributes($returnByName=false)

This comment has been minimized.

Copy link

Shnoulle Jul 16, 2014


Any reason to remove the default ? See

"help"=>$clang->gT("Maximum number of files that the participant can upload for this question"),
"caption"=>$clang->gT("Max number of files"));
@@ -3883,14 +3882,6 @@ function categorySort($a, $b)
return $result;
// make sure the given string (which comes from a POST or GET variable)
// is safe to use in MySQL. This does nothing if gpc_magic_quotes is on.
function autoEscape($str) {
if (!get_magic_quotes_gpc()) {
return addslashes ($str);
return $str;
// the opposite of the above: takes a POST or GET variable which may or
// may not have been 'auto-quoted', and return the *unquoted* version.
@@ -29,7 +29,7 @@ function loadanswers()
$query .= "AND {{saved_control}}.scid={$scid}\n";
$query .="AND {{saved_control}}.identifier = '".autoEscape($_SESSION['survey_'.$surveyid]['holdname'])."' ";
$query .="AND {{saved_control}}.identifier = '".Yii::app()->db->quoteValue($_SESSION['survey_'.$surveyid]['holdname'])."' ";
if (in_array(Yii::app()->db->getDriverName(), array('mssql', 'sqlsrv', 'dblib')))

1 comment on commit 3a6dd6b


This comment has been minimized.

Copy link

Shnoulle commented on 3a6dd6b Jul 10, 2014

Seems there are a double quoting here ?
See: ?

Not sure it's this one, but have some forum post since last upate with same issue.

Fixed with Yii in e86b028 :)

Please sign in to comment.
You can’t perform that action at this time.