diff --git a/application/controllers/ResponsesController.php b/application/controllers/ResponsesController.php index 497644bc33c..62f14f0ca58 100644 --- a/application/controllers/ResponsesController.php +++ b/application/controllers/ResponsesController.php @@ -137,6 +137,22 @@ public function actionView(int $surveyId, int $id, string $browseLang = ''): voi extract($aData, EXTR_OVERWRITE); + if ($id < 1) { + $id = 1; + } + + // Unless the response id is 0, getData() throws an exception if the response does not exist. + // We just check it again here to be sure. + $exist = SurveyDynamic::model($surveyId)->exist($id); + if (!$exist) { + throw new CHttpException(404, gT("Invalid response id.")); + } + $next = SurveyDynamic::model($surveyId)->next($id, true); + $previous = SurveyDynamic::model($surveyId)->previous($id, true); + $aData['exist'] = $exist; + $aData['next'] = $next; + $aData['previous'] = $previous; + $aData['id'] = $id; $fieldmap = createFieldMap($survey, 'full', false, false, $aData['language']); // just used to check if the token exists for the given response id before we create the real query @@ -150,6 +166,22 @@ public function actionView(int $surveyId, int $id, string $browseLang = ''): voi unset($fieldmap['token']); $bHaveToken = false; } + + $oCriteria = new CDbCriteria(); + if ($bHaveToken) { + $oCriteria = SurveyDynamic::model($surveyId)->addTokenCriteria($oCriteria); + } + $oCriteria->addCondition("id = {$id}"); + $iIdresult = SurveyDynamic::model($surveyId)->find($oCriteria); + if ($bHaveToken) { + $aResult = array_merge( + $iIdresult->tokens->decrypt()->attributes, + $iIdresult->decrypt()->attributes + ); + } else { + $aResult = $iIdresult->decrypt()->attributes; + } + //add token to top of list if survey is not private if ($bHaveToken) { $fnames[] = ["token", gT("Access code"), 'code' => 'token']; @@ -168,7 +200,7 @@ public function actionView(int $surveyId, int $id, string $browseLang = ''): voi } $fnames[] = ["completed", gT("Completed"), "0"]; $qids = []; - $fields = []; + $fileUploadFields = []; foreach ($fieldmap as $field) { if ($field['fieldname'] == 'lastpage' || $field['fieldname'] == 'submitdate') { @@ -195,7 +227,7 @@ public function actionView(int $surveyId, int $id, string $browseLang = ''): voi ]; } elseif ($field['aid'] !== 'filecount') { $qids[] = $field['qid']; - $fields[] = $field; + $fileUploadFields[] = $field; } else { $fnames[] = [$field['fieldname'], gT("File count")]; } @@ -207,10 +239,14 @@ public function actionView(int $surveyId, int $id, string $browseLang = ''): voi foreach ($rawQuestions as $rawQuestion) { $questions[$rawQuestion->qid] = $rawQuestion; } - foreach ($fields as $field) { + foreach ($fileUploadFields as $field) { + $filesInfo = json_decode_ls($aResult[$field['fieldname']]); + if (empty($filesInfo)) { + continue; + } $qidattributes = QuestionAttribute::model()->getQuestionAttributes($questions[$field['qid']]); - for ($i = 0; $i < $qidattributes['max_num_of_files']; $i++) { + for ($i = 0; $i < count($filesInfo); $i++) { $filenum = sprintf(gT("File %s"), $i + 1); if ($qidattributes['show_title'] == 1) { $fnames[] = [ @@ -256,121 +292,90 @@ public function actionView(int $surveyId, int $id, string $browseLang = ''): voi } $nfncount = count($fnames) - 1; - if ($id < 1) { - $id = 1; - } - - $exist = SurveyDynamic::model($surveyId)->exist($id); - $next = SurveyDynamic::model($surveyId)->next($id, true); - $previous = SurveyDynamic::model($surveyId)->previous($id, true); - $aData['exist'] = $exist; - $aData['next'] = $next; - $aData['previous'] = $previous; - $aData['id'] = $id; - if ($exist) { - $oPurifier = new CHtmlPurifier(); - //SHOW INDIVIDUAL RECORD - $oCriteria = new CDbCriteria(); - if ($bHaveToken) { - $oCriteria = SurveyDynamic::model($surveyId)->addTokenCriteria($oCriteria); - } - - $oCriteria->addCondition("id = {$id}"); - $iIdresult = SurveyDynamic::model($surveyId)->find($oCriteria); - if ($bHaveToken) { - $aResult = array_merge( - $iIdresult->tokens->decrypt()->attributes, - $iIdresult->decrypt()->attributes - ); - } else { - $aResult = $iIdresult->decrypt()->attributes; + $oPurifier = new CHtmlPurifier(); + $id = $aResult['id']; + $rlanguage = $aResult['startlanguage']; + $aData['bHasFile'] = false; + if (isset($rlanguage)) { + $aData['rlanguage'] = $rlanguage; + } + $highlight = false; + $aData['answers'] = []; + for ($i = 0; $i < $nfncount + 1; $i++) { + if ($fnames[$i][0] != 'completed' && is_null($aResult[$fnames[$i][0]])) { + continue; // irrelevant, so don't show } - $id = $aResult['id']; - $rlanguage = $aResult['startlanguage']; - $aData['bHasFile'] = false; - if (isset($rlanguage)) { - $aData['rlanguage'] = $rlanguage; + $inserthighlight = ''; + if ($highlight) { + $inserthighlight = "class='highlight'"; } - $highlight = false; - $aData['answers'] = []; - for ($i = 0; $i < $nfncount + 1; $i++) { - if ($fnames[$i][0] != 'completed' && is_null($aResult[$fnames[$i][0]])) { - continue; // irrelevant, so don't show - } - $inserthighlight = ''; - if ($highlight) { - $inserthighlight = "class='highlight'"; - } - if ($fnames[$i][0] == 'completed') { - if ($aResult['submitdate'] == null || $aResult['submitdate'] == "N") { - $answervalue = "N"; - } else { - $answervalue = "Y"; - } - } elseif (isset($fnames[$i]['type']) && $fnames[$i]['type'] == Question::QT_VERTICAL_FILE_UPLOAD) { - // File upload question type. - $index = $fnames[$i]['index']; - $metadata = $fnames[$i]['metadata']; - $phparray = json_decode_ls($aResult[$fnames[$i][0]]); - - if (isset($phparray[$index])) { - switch ($metadata) { - case "size": - $answervalue = sprintf(gT("%s KB"), intval($phparray[$index][$metadata])); - break; - case "name": - $answervalue = CHtml::link( - htmlspecialchars( - (string) $oPurifier->purify(rawurldecode((string) $phparray[$index][$metadata])) - ), - $this->createUrl( - "responses/downloadfile", - [ - "surveyId" => $surveyId, - "responseId" => $id, - "qid" => $fnames[$i]['qid'], - "index" => $index - ] - ) - ); - break; - default: - $answervalue = htmlspecialchars( - strip_tags( - stripJavaScript($phparray[$index][$metadata]) - ) - ); - } - $aData['bHasFile'] = true; - } else { - $answervalue = ""; - } + if ($fnames[$i][0] == 'completed') { + if ($aResult['submitdate'] == null || $aResult['submitdate'] == "N") { + $answervalue = "N"; } else { - $answervalue = htmlspecialchars( - viewHelper::flatten( - stripJavaScript( - getExtendedAnswer( - $surveyId, - $fnames[$i][0], - $aResult[$fnames[$i][0]], - $sBrowseLanguage + $answervalue = "Y"; + } + } elseif (isset($fnames[$i]['type']) && $fnames[$i]['type'] == Question::QT_VERTICAL_FILE_UPLOAD) { + // File upload question type. + $index = $fnames[$i]['index']; + $metadata = $fnames[$i]['metadata']; + $phparray = json_decode_ls($aResult[$fnames[$i][0]]); + + if (isset($phparray[$index])) { + switch ($metadata) { + case "size": + $answervalue = sprintf(gT("%s KB"), intval($phparray[$index][$metadata])); + break; + case "name": + $answervalue = CHtml::link( + htmlspecialchars( + (string) $oPurifier->purify(rawurldecode((string) $phparray[$index][$metadata])) + ), + $this->createUrl( + "responses/downloadfile", + [ + "surveyId" => $surveyId, + "responseId" => $id, + "qid" => $fnames[$i]['qid'], + "index" => $index + ] ) - ) - ), - ENT_QUOTES - ); + ); + break; + default: + $answervalue = htmlspecialchars( + strip_tags( + stripJavaScript($phparray[$index][$metadata]) + ) + ); + } + $aData['bHasFile'] = true; + } else { + $answervalue = ""; } - $aData['inserthighlight'] = $inserthighlight; - $aData['fnames'] = $fnames; - $aData['answers'][] = [ - 'answervalue' => $answervalue, - 'i' => $i - ]; + } else { + $answervalue = htmlspecialchars( + viewHelper::flatten( + stripJavaScript( + getExtendedAnswer( + $surveyId, + $fnames[$i][0], + $aResult[$fnames[$i][0]], + $sBrowseLanguage + ) + ) + ), + ENT_QUOTES + ); } - } else { - App()->session['flashmessage'] = gT("This response ID is invalid."); + $aData['inserthighlight'] = $inserthighlight; + $aData['fnames'] = $fnames; + $aData['answers'][] = [ + 'answervalue' => $answervalue, + 'i' => $i + ]; } $aData['sidemenu']['state'] = false; diff --git a/application/models/SurveyDynamic.php b/application/models/SurveyDynamic.php index 3315632600c..e848fe3924d 100644 --- a/application/models/SurveyDynamic.php +++ b/application/models/SurveyDynamic.php @@ -405,32 +405,35 @@ public function getExtendedData($colName, $sLanguage, $base64jsonFieldMap) $sSurveyEntry = ""; $aQuestionAttributes = QuestionAttribute::model()->getQuestionAttributes($oFieldMap->qid); $aFilesInfo = json_decode_ls($this->$colName); - for ($iFileIndex = 0; $iFileIndex < $aQuestionAttributes['max_num_of_files']; $iFileIndex++) { - $sSurveyEntry .= ''; - if (isset($aFilesInfo[$iFileIndex])) { + if (!empty($aFilesInfo)) { + foreach ($aFilesInfo as $iFileIndex => $fileInfo) { + if (empty($fileInfo)) { + continue; + } + $sSurveyEntry .= ''; $url = App()->createUrl("responses/downloadfile", ["surveyId" => self::$sid, "responseId" => $this->id, "qid" => $oFieldMap->qid, "index" => $iFileIndex]); - $filename = CHtml::encode(rawurldecode($aFilesInfo[$iFileIndex]['name'])); + $filename = CHtml::encode(rawurldecode($fileInfo['name'])); $size = ""; - if ($aFilesInfo[$iFileIndex]['size'] && strval(floatval($aFilesInfo[$iFileIndex]['size'])) == strval($aFilesInfo[$iFileIndex]['size'])) { + if ($fileInfo['size'] && strval(floatval($fileInfo['size'])) == strval($fileInfo['size'])) { // avoid to throw PHP error if size is invalid - $size = sprintf('%s Mb', round($aFilesInfo[$iFileIndex]['size'] / 1000, 2)); + $size = sprintf('%s Mb', round($fileInfo['size'] / 1000, 2)); } $sSurveyEntry .= ''; $sSurveyEntry .= ''; if ($aQuestionAttributes['show_title']) { - if (!isset($aFilesInfo[$iFileIndex]['title'])) { - $aFilesInfo[$iFileIndex]['title'] = ''; + if (!isset($fileInfo['title'])) { + $fileInfo['title'] = ''; } - $sSurveyEntry .= ''; + $sSurveyEntry .= ''; } if ($aQuestionAttributes['show_comment']) { - if (!isset($aFilesInfo[$iFileIndex]['comment'])) { - $aFilesInfo[$iFileIndex]['comment'] = ''; + if (!isset($fileInfo['comment'])) { + $fileInfo['comment'] = ''; } - $sSurveyEntry .= ''; + $sSurveyEntry .= ''; } + $sSurveyEntry .= ''; } - $sSurveyEntry .= ''; } $sSurveyEntry .= '
' . CHtml::link($filename, $url) . '' . $size . '' . htmlspecialchars((string) $aFilesInfo[$iFileIndex]['title'], ENT_QUOTES, 'UTF-8') . '' . htmlspecialchars((string) $fileInfo['title'], ENT_QUOTES, 'UTF-8') . '' . htmlspecialchars((string) $aFilesInfo[$iFileIndex]['comment'], ENT_QUOTES, 'UTF-8') . '' . htmlspecialchars((string) $fileInfo['comment'], ENT_QUOTES, 'UTF-8') . '
'; $sValue = $sSurveyEntry;