Skip to content

Commit

Permalink
Merge branch '3.x-LTS' of https://github.com/LimeSurvey/LimeSurvey in…
Browse files Browse the repository at this point in the history 
…to 3.x-LTS
  • Loading branch information
@TonisOrmisson
TonisOrmisson committed May 30, 2023
2 parents f5f9f13 + f2116bf commit d206465
Show file tree
Hide file tree
Showing 1,869 changed files with 24,617 additions and 10,741 deletions.
23 changes: 23 additions & 0 deletions .github/workflows/build.yml
View file
@@ -0,0 +1,23 @@
name: Build
on:
push:
branches:
- master
- develop
- 3.x-LTS
- sonarcubefixes3
pull_request:
types: [opened, synchronize, reopened]
jobs:
sonarcloud:
name: SonarCloud
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
33 changes: 22 additions & 11 deletions .github/workflows/main.yml
View file
Expand Up @@ -8,7 +8,7 @@ on:

jobs:
CI-pipeline:
runs-on: ubuntu-18.04 # ubuntu runner hosted by Github
runs-on: ubuntu-20.04 # ubuntu runner hosted by Github
strategy:
matrix:
# Specify what versions of php you want to test
Expand Down Expand Up @@ -48,6 +48,7 @@ jobs:
# Set up the Apache and PHP
sudo apt-get update > /dev/null
sudo apt install php libapache2-mod-php -y
sudo apt install php php-mysql php-mbstring php-xml php7.4-mbstring php8.0-mysql php7.4-mysql php5.6-mysql php7.4-xml php5.6-xml -y
sudo cp -f ./tests/CI-pipeline/github-actions-apache /etc/apache2/sites-available/000-default.conf
sudo sed -e "s?%CI_BUILD_DIR%?$(pwd)?g" --in-place /etc/apache2/sites-available/000-default.conf
Expand All @@ -65,16 +66,16 @@ jobs:
chmod -R 777 ./tests/tmp
chmod -R 777 ./application/config
chmod +x ./tests/bin/lint-*
- name: Load custom console and start the Application
run: |
php application/commands/console.php install admin password TravisLS no@email.com verbose
cp application/config/config-sample-mysql.php application/config/config.php
php -v
php -m
- name: Check MySQL service
run: |
# InnoDB needs large_file_prefix & Barracuda file format
# https://discuss.gogs.io/t/solved-mysql-error-1064-while-running-first-install/1604
# InnoDB variables ARE already set to desired values in Github runner (ubuntu-18.04)
sudo service mysql status
mysql -uroot -proot -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'root';" || true
#mysql -uroot -proot -b limesurvey -e "INSERT INTO lime_plugins VALUES (NULL, 'Authdb', 1, NULL);" || true
mysql -uroot -proot -e "Show variables like '%large%';"
mysql -uroot -proot -e "Show variables like '%innodb_file%';"
mysql -uroot -proot -e "Show variables like '%innodb_default%';"
Expand All @@ -85,15 +86,27 @@ jobs:
# sed -i '61s/.*/ "debug"=>2,/' application/config/config.php
# cat application/config/config.php

- name: Test the server
- name: Load custom console and start the Application
run: |
wget localhost
cat index.html
# find /var/log # Dump all available logs
cp application/config/config-sample-mysql.php application/config/config.php
php application/commands/console.php install admin password TravisLS no@email.com verbose || true
cat application/config/config.php
sudo tail -n 500 /var/log/mysql/error.log || true
- name: Check for syntax errors
run: find application/ -type f -name '*.php' -print0 | xargs -I {} -0 -P 0 php -l {}

# Chromedriver setup.
# Note: Keep getting timeout problems on Travis with chromedriver.
# wget https://chromedriver.storage.googleapis.com/2.33/chromedriver_linux64.zip
# unzip chromedriver_linux64.zip

- name: Test the server
run: |
wget localhost
cat index.html
- name: Set up Selenium with firefox
run: |
which firefox
Expand All @@ -102,9 +115,7 @@ jobs:
wget "https://selenium-release.storage.googleapis.com/3.7/selenium-server-standalone-3.7.1.jar"
export MOZ_HEADLESS=1
java -jar selenium-server-standalone-3.7.1.jar -enablePassThrough false > /dev/null 2> /dev/null &
- name: Check for syntax errors
run: find application/ -type f -name '*.php' -print0 | xargs -I {} -0 -P 0 php -l {}
- name: Run the test script
run: |
DOMAIN=localhost ./third_party/bin/phpunit --stop-on-failure
DOMAIN=localhost ./third_party/bin/phpunit --stop-on-failure
2 changes: 1 addition & 1 deletion application/commands/InstallCommand.php
View file
Expand Up @@ -144,7 +144,7 @@ protected function createDatabase()
$this->output('Opening connection...');
$this->connection->active = true;
} catch (Exception $e) {
throw new CException("Invalid access data. Check your config.php db access data");
throw new CException("Invalid access data. Check your config.php db access data: " . $e->getMessage());
}

$sDatabaseName = $this->getDBConnectionStringProperty('dbname', $connectionString);
Expand Down
34 changes: 34 additions & 0 deletions application/commands/ValidateExpressionCommand.php
View file
@@ -0,0 +1,34 @@
<?php

/**
* LimeSurvey (tm)
* Copyright (C) 2011 The LimeSurvey Project Team / Carsten Schmitz
* All rights reserved.
* License: GNU/GPL License v2 or later, see LICENSE.php
* LimeSurvey is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/
class ValidateExpressionCommand extends CConsoleCommand
{
/**
* @param int $surveyId
* @param string $lang
* @param string $type 'invitation' 'reminder' 'registration' 'confirmation' 'admin_notification' 'admin_detailed_notification'
*/
public function actionEmail($surveyId, $lang, $type)
{
$_GET['type'] = $type;

Yii::import('application.controllers.admin.ExpressionValidate', true);
Yii::import('application.helpers.expressions.em_manager_helper', true);
Yii::import('application.helpers.replacements_helper', true);
Yii::import('application.helpers.common_helper', true);

$c = new ExpressionValidate();
$_SESSION['LEMsid'] = $surveyId;
$c->email($surveyId, $lang);
}
}
2 changes: 2 additions & 0 deletions application/config/internal.php
View file
Expand Up @@ -264,6 +264,7 @@
'darkencss' => 'LS_Twig_Extension::darkencss',
'lightencss' => 'LS_Twig_Extension::lightencss',
'getAllTokenAnswers' => 'LS_Twig_Extension::getAllTokenAnswers',
'getGoogleAnalyticsTrackingUrl' => 'LS_Twig_Extension::getGoogleAnalyticsTrackingUrl',
),
'filters' => array(
'jencode' => 'CJSON::encode',
Expand Down Expand Up @@ -372,6 +373,7 @@
'darkencss',
'lightencss',
'getAllTokenAnswers',
'getGoogleAnalyticsTrackingUrl',
),
),

Expand Down
5 changes: 2 additions & 3 deletions application/config/updater_version.php
View file
Expand Up @@ -15,8 +15,7 @@

// THIS FILE SHOULD NOT BE CHANGED MANUALLY !

$config['updaterversion'] = 10;
$config['updaterversion'] = 20;
$config['comfort_update_server_url'] = 'comfortupdate.limesurvey.org/';
//$config['comfort_update_server_url'] = 'web.comfortupdate.org/';
$config['comfort_update_server_ssl'] = 0;
$config['comfort_update_server_ssl'] = 1;
return $config;
4 changes: 2 additions & 2 deletions application/config/version.php
View file
Expand Up @@ -12,10 +12,10 @@
*/


$config['versionnumber'] = '3.28.7';
$config['versionnumber'] = '3.28.59';
$config['dbversionnumber'] = 366;
$config['buildnumber'] = '';
$config['updatable'] = true;
$config['templateapiversion'] = 3;
$config['assetsversionnumber'] = '30235';
$config['assetsversionnumber'] = '30289';
return $config;
10 changes: 10 additions & 0 deletions application/controllers/PrintanswersController.php
View file
Expand Up @@ -143,6 +143,7 @@ function actionView($surveyid, $printableexport = false)
if (empty($sExportType)) {
Yii::app()->setLanguage($sLanguage);
$aData['aSurveyInfo']['include_content'] = 'printanswers';
$aData['aSurveyInfo']['trackUrlPageName'] = 'printanswers';
Yii::app()->twigRenderer->renderTemplateFromFile('layout_printanswers.twig', $aData, false);

} else if ($sExportType == 'pdf') {
Expand Down Expand Up @@ -190,6 +191,15 @@ function actionView($surveyid, $printableexport = false)

$quexmlpdf = new quexmlpdf();

//apply settings stored at last output
foreach ($quexmlpdf->_quexmlsettings() as $s) {
$setting = getGlobalSetting($s);
if ($setting !== null && trim($setting) !== '') {
$method = str_replace("queXML", "set", $s);
$quexmlpdf->$method($setting);
}
}

// Setting the selected language for printout
App()->setLanguage($sLanguage);

Expand Down
9 changes: 5 additions & 4 deletions application/controllers/RegisterController.php
View file
Expand Up @@ -95,7 +95,7 @@ public function actionIndex($sid = null)
} else {
$iSurveyId = App()->request->getPost('sid');
}

$iSurveyId = (int) $iSurveyId;
$oSurvey = Survey::model()->find("sid=:sid", array(':sid'=>$iSurveyId));
/* Throw 404 if needed */
$sLanguage = Yii::app()->request->getParam('lang', Yii::app()->getConfig('defaultlang'));
Expand Down Expand Up @@ -413,12 +413,12 @@ public function getTokenId($iSurveyId)
} else {
// TODO : move xss filtering in model
$oToken = Token::create($iSurveyId);
$oToken->firstname = sanitize_xss_string($aFieldValue['sFirstName']);
$oToken->lastname = sanitize_xss_string($aFieldValue['sLastName']);
$oToken->firstname = $aFieldValue['sFirstName'];
$oToken->lastname = $aFieldValue['sLastName'];
$oToken->email = $aFieldValue['sEmail'];
$oToken->emailstatus = 'OK';
$oToken->language = $sLanguage;
$aFieldValue['aAttribute'] = array_map('sanitize_xss_string', $aFieldValue['aAttribute']);
$aFieldValue['aAttribute'] = $aFieldValue['aAttribute'];
$oToken->setAttributes($aFieldValue['aAttribute']);
if ($aSurveyInfo['startdate']) {
$oToken->validfrom = $aSurveyInfo['startdate'];
Expand All @@ -427,6 +427,7 @@ public function getTokenId($iSurveyId)
$oToken->validuntil = $aSurveyInfo['expires'];
}
$oToken->generateToken();
$oToken->setScenario('register');
$oToken->save();
$this->sMailMessage = gT("An email has been sent to the address you provided with access details for this survey. Please follow the link in that email to proceed.");
return $oToken->tid;
Expand Down
1 change: 1 addition & 0 deletions application/controllers/Statistics_userController.php
View file
Expand Up @@ -301,6 +301,7 @@ public function actionAction($surveyid, $language = null)
//$this->layout = "public";
//$this->render('/statistics_user_view', $data);
$data['aSurveyInfo']['include_content'] = 'statistics_user';
$aData['aSurveyInfo']['trackUrlPageName'] = 'statistics_user';
// Set template into last instance. Will be picked up later by the renderer
$oTemplate = Template::model()->getInstance('', $iSurveyID);
Yii::app()->twigRenderer->renderTemplateFromFile('layout_statistics_user.twig', $data, false);
Expand Down
33 changes: 22 additions & 11 deletions application/controllers/UploaderController.php
View file
Expand Up @@ -38,6 +38,10 @@ public function run($actionID)
$sFileGetContent = Yii::app()->request->getParam('filegetcontents', ''); // The file to view fu_ or fu_tmp
$bDelete = Yii::app()->request->getParam('delete');
$sFieldName = Yii::app()->request->getParam('fieldname');
$aFieldMap = createFieldMap($oSurvey, 'short', false, false, $sLanguage);
if (!isset($aFieldMap[$sFieldName])) {
throw new CHttpException(400); // See for debug > 1
}
$sFileName = Yii::app()->request->getParam('filename', ''); // The file to delete fu_ or fu_tmp
$sOriginalFileName = Yii::app()->request->getParam('name', ''); // Used for javascript return only
$sMode = Yii::app()->request->getParam('mode');
Expand All @@ -52,23 +56,23 @@ public function run($actionID)
// If one seems to be a hack: Bad request
throw new CHttpException(400); // See for debug > 1
}
if ($sFileGetContent) {
if (substr($sFileGetContent, 0, 6) == 'futmp_') {
if ($sFileGetContentFiltered) {
if (substr($sFileGetContentFiltered, 0, 6) == 'futmp_') {
$sFileDir = $tempdir.'/upload/';
} elseif (substr($sFileGetContent, 0, 3) == 'fu_') {
} elseif (substr($sFileGetContentFiltered, 0, 3) == 'fu_') {
// Need to validate $_SESSION['srid'], and this file is from this srid !
$sFileDir = "{$uploaddir}/surveys/{$surveyid}/files/";
} else {
throw new CHttpException(400); // See for debug > 1
}
if (is_file($sFileDir.$sFileGetContent)) {
if (is_file($sFileDir.$sFileGetContentFiltered)) {
// Validate file before else 500 error by getMimeType
$mimeType = LSFileHelper::getMimeType($sFileDir.$sFileGetContent, null, false);
$mimeType = LSFileHelper::getMimeType($sFileDir.$sFileGetContentFiltered, null, false);
if (is_null($mimeType)) {
$mimeType = "application/octet-stream"; // Can not really get content if not image
}
header('Content-Type: '.$mimeType);
readfile($sFileDir.$sFileGetContent);
readfile($sFileDir.$sFileGetContentFiltered);
Yii::app()->end();
} else {
Yii::app()->end();
Expand Down Expand Up @@ -105,8 +109,8 @@ public function run($actionID)
}
//var_dump($sFileDir.$sFilename);
// Return some json to do a beautiful text
if (@unlink($sFileDir.$sFileName)) {
echo sprintf(gT('File %s deleted'), $sOriginalFileName);
if (@unlink($sFileDir . $sFileNameFiltered)) {
echo sprintf(gT('File %s deleted'), CHtml::encode($sOriginalFileName));
} else {
echo gT('Oops, There was an error deleting the file');
}
Expand All @@ -126,6 +130,7 @@ public function run($actionID)
//$filename = sanitize_filename($_FILES['uploadfile']['name']);// This remove all non alpha numeric characters and replaced by _ . Leave only one dot .
$size = $_FILES['uploadfile']['size'] / 1024;
$preview = Yii::app()->session['preview'];
// TODO: Remove this validation. It's already done at the start.
$aFieldMap = createFieldMap($oSurvey, 'short', false, false, $sLanguage);
if (!isset($aFieldMap[$sFieldName])) {
throw new CHttpException(400); // See for debug > 1
Expand Down Expand Up @@ -334,17 +339,23 @@ public function run($actionID)

$fn = $sFieldName;
$qid = (int) Yii::app()->request->getParam('qid');
$minfiles = (int) Yii::app()->request->getParam('minfiles');
$maxfiles = (int) Yii::app()->request->getParam('maxfiles');
$qidattributes = QuestionAttribute::model()->getQuestionAttributes($qid);
$minfiles = "";
if (!empty($qidattributes['min_num_of_files'])) {
$minfiles = intval($qidattributes['min_num_of_files']);
}
$maxfiles = "";
if (!empty($qidattributes['max_num_of_files'])) {
$maxfiles = intval($qidattributes['max_num_of_files']);
}
$maxfilesize = floor(min(intval($qidattributes['max_filesize']), getMaximumFileUploadSize() / 1024));
if($maxfilesize <=0 ) {
$maxfilesize = getMaximumFileUploadSize() / 1024;
}
$body = '</head><body class="uploader">
<div class="model-container clearfix">
<div id="notice" class="text-center"></div>
<input type="hidden" id="ia" value="'.$fn.'" />
<input type="hidden" id="ia" value="' . CHtml::encode($fn) . '" />
<input type="hidden" id="'.$fn.'_minfiles" value="'.$minfiles.'" />
<input type="hidden" id="'.$fn.'_maxfiles" value="'.$maxfiles.'" />
<input type="hidden" id="'.$fn.'_maxfilesize" value="'.$maxfilesize.'" />
Expand Down
8 changes: 4 additions & 4 deletions application/controllers/admin/PluginManagerController.php
View file
Expand Up @@ -49,7 +49,7 @@ function ($installedPlugin) {
foreach ($aoPlugins as $oPlugin) {
/* @var $plugin Plugin */
if (array_key_exists($oPlugin->name, $aDiscoveredPlugins)) {
$plugin = App()->getPluginManager()->loadPlugin($oPlugin->name, $oPlugin->id);
$plugin = App()->getPluginManager()->loadPlugin($oPlugin->name, $oPlugin->id, false);
if ($plugin) {
$aPluginSettings = $plugin->getPluginSettings(false);
$data[] = array(
Expand Down Expand Up @@ -113,8 +113,8 @@ private function activate($id)
if (!is_null($oPlugin)) {
$iStatus = $oPlugin->active;
if ($iStatus == 0) {
// Load the plugin:
App()->getPluginManager()->loadPlugin($oPlugin->name, $id);
// Load the plugin (and init)
App()->getPluginManager()->loadPlugin($oPlugin->name, $id, true);
$result = App()->getPluginManager()->dispatchEvent(new PluginEvent('beforeActivate', $this), $oPlugin->name);
if ($result->get('success', true)) {
$iStatus = 1;
Expand Down Expand Up @@ -184,7 +184,7 @@ public function configure($id)
}

$arPlugin = Plugin::model()->findByPk($id)->attributes;
$oPluginObject = App()->getPluginManager()->loadPlugin($arPlugin['name'], $arPlugin['id']);
$oPluginObject = App()->getPluginManager()->loadPlugin($arPlugin['name'], $arPlugin['id'], false);

if ($arPlugin === null) {
Yii::app()->user->setFlash('error', gT('The plugin was not found.'));
Expand Down

0 comments on commit d206465

Please sign in to comment.