Permalink
Browse files

Fixed issue #14323: Error - resetting conditions

Fixed issue : No CSRF control when delete all condition
Dev: remove this AWFULL onclick="window.open"
  • Loading branch information...
Shnoulle committed Dec 6, 2018
1 parent 9f00624 commit 75b52f0f64d4d7696e5ed2f2dbadaba86637ffd7
@@ -635,14 +635,12 @@ protected function getMethod()
*/
protected function resetSurveyLogic($iSurveyID)
{
$request = Yii::app()->request;
$postOk = $request->getQuery('ok');
if (empty($postOk)) {
if (empty(Yii::app()->request->getPost('ok'))) {
$data = array('iSurveyID' => $iSurveyID);
$content = $this->getController()->renderPartial('/admin/conditions/deleteAllConditions', $data, true);
$this->_renderWrappedTemplate('conditions', array('message' => array(
'title' => gT("Warning"),
'message' => $content
'title' => gT("Warning"),
'message' => $content
)));
Yii::app()->end();
} else {
@@ -7,16 +7,18 @@
<p>
<?php eT("Continue?"); ?>
</p>
<?php echo CHtml::beginForm(array("admin/conditions/sa/index/",'subaction'=>'resetsurveylogic','surveyid'=>$iSurveyID)); ?>
<button
class='btn btn-default'
onclick="window.open('<?php echo $this->createUrl("admin/conditions/sa/index/subaction/resetsurveylogic/surveyid/$iSurveyID")."?ok=Y"; ?>', '_top')"
class='btn btn-danger'
type = "submit"
name = "ok"
value="Y";
>
<?php eT('Yes'); ?>
</button>
<button
<a
class='btn btn-default'
onclick="window.open('<?php echo $this->createUrl("admin/survey/sa/view/surveyid/$iSurveyID"); ?>', '_top')"
href="<?php echo $this->createUrl("admin/survey/sa/view/surveyid/$iSurveyID"); ?>"
>
<?php eT('Cancel'); ?>
</button>
</a>

0 comments on commit 75b52f0

Please sign in to comment.