Fixed issue #19093: [security] Improper Authorization in Import Quest…

…ion function (#3513)

Co-authored-by: Lapiu Dev <devgit@lapiu.biz>
Co-authored-by: Denis Chenu <denis@sondages.pro>

application/controllers/QuestionAdministrationController.php

@@ -1166,6 +1166,12 @@ public function actionImport()
         $iSurveyID = (int) App()->request->getPost('sid', 0);
         $gid = (int) App()->request->getPost('gid', 0);
 
+        if (!Permission::model()->hasSurveyPermission($iSurveyID, 'surveycontent', 'import')) {
+            App()->session['flashmessage'] = gT("We are sorry but you don't have permissions to do this.");
+            /* Same redirect than importView */
+            $this->redirect(['questionAdministration/listquestions/surveyid/' . $iSurveyID]);
+        }
+
         $jumptoquestion = (bool)App()->request->getPost('jumptoquestion', 1);
 
         $oSurvey = Survey::model()->findByPk($iSurveyID);