05722: token query is fails because it isn't handled as string

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

05722	Bug reports	Survey participants (Tokens)	public	2012-01-30 20:25	2012-03-14 21:08

Reporter	~~user11071~~	Assigned To	~~magiclko~~
Priority	urgent	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	2.00a1
Fixed in Version	2.00a2

Summary	05722: token query is fails because it isn't handled as string
Description	In frontent_helper.php and SurveyAction.php are queries with missing apostrophes what leads in an error. i.e: $tkquery = "SELECT * FROM {{tokens_".$surveyid."}} WHERE token=".$token." "; correct should be: $tkquery = "SELECT * FROM {{tokens_".$surveyid."}} WHERE token='".$token."' "; to solve this problem just search for each $token in frontent_helper.php and SurveyAction.php and fix it.
Steps To Reproduce	fails when preview a closed survey
Tags	No tags attached.
Attached Files	frontend_helper.php.diff (2,974 bytes) Index: helpers/frontend_helper.php =================================================================== --- helpers/frontend_helper.php (revision 12258) +++ helpers/frontend_helper.php (working copy) @@ -1029,7 +1029,7 @@ $today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i", $timeadjust); // check how many uses the token has left - $usesquery = "SELECT usesleft FROM {{tokens_$surveyid}} WHERE token=".$clienttoken; + $usesquery = "SELECT usesleft FROM {{tokens_$surveyid}} WHERE token='".$clienttoken."'"; $usesresult = dbExecuteAssoc($usesquery); $usesrow = $usesresult->read(); if (isset($usesrow)) { $usesleft = $usesrow['usesleft']; } @@ -1061,14 +1061,14 @@ $utquery .= "SET usesleft=usesleft-1\n"; } } - $utquery .= "WHERE token=".$clienttoken.""; + $utquery .= "WHERE token='".$clienttoken."'"; $utresult = dbExecuteAssoc($utquery) or safeDie ("Couldn't update tokens table!<br />\n$utquery<br />\n"); //Checked if ($quotaexit==false) { // TLR change to put date into sent and completed - $cnfquery = "SELECT * FROM {{tokens_$surveyid}} WHERE token=".$clienttoken." AND completed!='N' AND completed!=''"; + $cnfquery = "SELECT * FROM {{tokens_$surveyid}} WHERE token='".$clienttoken."' AND completed!='N' AND completed!=''"; $cnfresult = dbExecuteAssoc($cnfquery); //Checked $cnfrow = $cnfresult->read(); @@ -1529,9 +1529,9 @@ //check if token actually does exist // check also if it is allowed to change survey after completion if ($thissurvey['alloweditaftercompletion'] == 'Y' ) { - $tkquery = "SELECT COUNT() FROM {{tokens_".$surveyid."}} WHERE token=".trim(strip_tags($clienttoken))." "; + $tkquery = "SELECT COUNT() FROM {{tokens_".$surveyid."}} WHERE token='".trim(strip_tags($clienttoken))."'"; } else { - $tkquery = "SELECT COUNT() FROM {{tokens_".$surveyid."}} WHERE token=".trim(strip_tags($clienttoken))." AND (completed = 'N' or completed='')"; + $tkquery = "SELECT COUNT() FROM {{tokens_".$surveyid."}} WHERE token='".trim(strip_tags($clienttoken))."' AND (completed = 'N' or completed='')"; } $tkresult = dbExecuteAssoc($tkquery); //Checked @@ -1706,7 +1706,7 @@ { //get language from token (if one exists) - $tkquery2 = "SELECT * FROM {{tokens_".$surveyid."}} WHERE token='".db_quote($clienttoken)."' AND (completed = 'N' or completed='')"; + $tkquery2 = "SELECT * FROM {{tokens_".$surveyid."}} WHERE token='".$clienttoken."' AND (completed = 'N' or completed='')"; //echo $tkquery2; $result = dbExecuteAssoc($tkquery2) or safeDie ("Couldn't get tokens<br />$tkquery<br />"); //Checked foreach ($result->readAll() as $rw) frontend_helper.php.diff (2,974 bytes)

Bug heat	6
Complete LimeSurvey version number (& build)	2
I will donate to the project if issue is resolved	No
Browser	firefox
Database type & version	Mysql
Server OS (if known)	mac os x
Webserver software & version (if known)	apache
PHP Version	5.3

User List	There are no users monitoring this issue.

~~magiclko~~ 2012-02-02 18:33 reporter ~17182	Fixed in rev 12308.

~~user18423~~ 2012-03-06 21:04 ~17767	In Version 1.92 Build 120303 I've comment out from line 455 after if(!db_tablesexist("{$dbprefix}tokens".$iVid)) { until line 493 where if statement ends and I did the following and worked if(!db_tablesexist("{$dbprefix}tokens".$iVid)) { `$lsrcHelper->createTokenTable($iVid); }`

c_schmitz 2012-03-11 16:32 administrator ~17835	2.00alpha 2 Build 120212 released

LimeSurvey: Yii 0916a171 2012-02-02 09:30:48 ssachdeva Details Diff	Fixed 'inserttokens' subaction and issue 05722: token query is fails because it isn't handled as string. Patch by gurix. git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey_yii@12308 b72ed6b6-b9f8-46b5-92b4-906544132732	Affected Issues 05722
	mod - application/controllers/SurveyAction.php	Diff File
	mod - application/controllers/admin/tokens.php	Diff File
	mod - application/helpers/frontend_helper.php	Diff File

Date Modified	Username	Field	Change
2012-01-30 20:25	~~user11071~~	New Issue
2012-01-30 21:18	c_schmitz	Assigned To	=> c_schmitz
2012-01-30 21:18	c_schmitz	Status	new => assigned
2012-02-01 21:49	~~user11071~~	File Added: frontend_helper.php.diff
2012-02-02 17:13	c_schmitz	Assigned To	c_schmitz => magiclko
2012-02-02 18:33	~~magiclko~~	Note Added: 17182
2012-02-02 18:33	~~magiclko~~	Status	assigned => resolved
2012-02-02 18:33	~~magiclko~~	Resolution	open => fixed
2012-02-06 14:32	c_schmitz	Fixed in Version	=> 2.00a2
2012-03-06 21:04	~~user18423~~	Note Added: 17767
2012-03-11 16:32	c_schmitz	Note Added: 17835
2012-03-11 16:32	c_schmitz	Status	resolved => closed
2012-03-14 21:08		Changeset attached	=> Import 2012-03-09 13:30:34 Yii 0916a171
2016-12-08 10:39	c_schmitz	Category	Tokens => Survey participants (Tokens)

View Issue Details

Users monitoring this issue

Activities

Related Changesets

Issue History