diff --git a/application/config/config-defaults.php b/application/config/config-defaults.php index 44faa16cb01..ba3da499925 100644 --- a/application/config/config-defaults.php +++ b/application/config/config-defaults.php @@ -237,6 +237,12 @@ // allow these users to be able to use Javascript etc. . $config['filterxsshtml'] = true; +// disablescriptwithxss +// Allow update of script in question +// true : Default : follow XSS rules +// false : allowed for all +$config['disablescriptwithxss'] = true; + // usercontrolSameGroupPolicy // If this option is set to true, then limesurvey operators will only 'see' // users that belong to at least one of their groups diff --git a/application/core/LSWebUser.php b/application/core/LSWebUser.php index 054022c1ff0..7ca2ef65b63 100644 --- a/application/core/LSWebUser.php +++ b/application/core/LSWebUser.php @@ -133,6 +133,9 @@ public function isXssFiltered() // Permission::model exist only after 172 DB version return Yii::app()->getConfig('filterxsshtml'); } + if (!Yii::app()->getConfig('disablescriptwithxss')) { + return true; + } if (Yii::app()->getConfig('filterxsshtml')) { return !\Permission::model()->hasGlobalPermission('superadmin', 'read'); } diff --git a/application/views/admin/globalsettings/_security.php b/application/views/admin/globalsettings/_security.php index f485a91e3c3..dd72f7480ff 100644 --- a/application/views/admin/globalsettings/_security.php +++ b/application/views/admin/globalsettings/_security.php @@ -11,7 +11,7 @@ widget('yiiwheels.widgets.switch.WhSwitch', array( 'name' => 'surveyPreview_require_Auth', 'id'=>'surveyPreview_require_Auth', - 'value' => getGlobalSetting('surveyPreview_require_Auth'), + 'value' => Yii::app()->getConfig('surveyPreview_require_Auth'), 'onLabel'=>gT('On'), 'offLabel' => gT('Off'))); ?> @@ -24,24 +24,42 @@ widget('yiiwheels.widgets.switch.WhSwitch', array( 'name' => 'filterxsshtml', 'id'=>'filterxsshtml', - 'value' => getGlobalSetting('filterxsshtml'), + 'value' => Yii::app()->getConfig('filterxsshtml'), 'onLabel'=>gT('On'), 'offLabel' => gT('Off') )); ?> +