|
|
That is too complicated for me... Here is the git diff
Furthermore I found some critical vulnerabilities and I'll report them soon with a CVE number. Is there a way to report the Issues to you before they are published?
diff (4,133 bytes)
diff --git a/application/controllers/admin/statistics.php b/application/controllers/admin/statistics.php
index 0196eff666..e2d33049cf 100644
--- a/application/controllers/admin/statistics.php
+++ b/application/controllers/admin/statistics.php
@@ -156,9 +156,11 @@ class statistics extends Survey_Common_Action
* b) "groups" -> group_name + group_order *
*/
- //store all the data in $rows
- $rows = Question::model()->with('group')->findAll(array('condition' => 'parent_qid = 0 AND group.sid=' . $surveyid, 'order' => 'group_order,question_order'));
+ $rows = Question::model()
+ ->with(array('group' => array('alias' => 'g')))
+ ->findAll(array('condition' => 'parent_qid = 0 AND g.sid=' . $surveyid, 'order' => 'group_order,question_order'));
+
//SORT IN NATURAL ORDER!
usort($rows, 'groupOrderThenQuestionOrder');
diff --git a/application/core/plugins/AuthLDAP/AuthLDAP.php b/application/core/plugins/AuthLDAP/AuthLDAP.php
index a1b217934d..08f5ec6e4c 100644
--- a/application/core/plugins/AuthLDAP/AuthLDAP.php
+++ b/application/core/plugins/AuthLDAP/AuthLDAP.php
@@ -363,7 +363,7 @@ class AuthLDAP extends LimeSurvey\PluginManager\AuthPluginBase
{
$this->getEvent()->getContent($this)
->addContent(CHtml::tag('span', array(), "<label for='user'>".gT("Username")."</label>".CHtml::textField('user', '', array('size'=>40, 'maxlength'=>40, 'class'=>"form-control"))))
- ->addContent(CHtml::tag('span', array(), "<label for='password'>".gT("Password")."</label>".CHtml::passwordField('password', '', array('size'=>40, 'maxlength'=>40, 'class'=>"form-control"))));
+ ->addContent(CHtml::tag('span', array(), "<label for='password'>".gT("Password")."</label>".CHtml::passwordField('password', '', array('size'=>40, 'class'=>"form-control"))));
}
/**
diff --git a/application/core/plugins/Authdb/Authdb.php b/application/core/plugins/Authdb/Authdb.php
index 2d94fb5928..9137da28fa 100644
--- a/application/core/plugins/Authdb/Authdb.php
+++ b/application/core/plugins/Authdb/Authdb.php
@@ -122,7 +122,7 @@ class Authdb extends AuthPluginBase
$this->getEvent()->getContent($this)
->addContent(CHtml::tag('span', array(), "<label for='user'>".gT("Username")."</label>".CHtml::textField('user', $sUserName, array('size'=>240, 'maxlength'=>240, 'class'=>"form-control"))))
- ->addContent(CHtml::tag('span', array(), "<label for='password'>".gT("Password")."</label>".CHtml::passwordField('password', $sPassword, array('size'=>240, 'maxlength'=>240, 'class'=>"form-control"))));
+ ->addContent(CHtml::tag('span', array(), "<label for='password'>".gT("Password")."</label>".CHtml::passwordField('password', $sPassword, array('size'=>240, 'class'=>"form-control"))));
}
public function newUserSession()
diff --git a/application/extensions/bootstrap/helpers/TbHtml.php b/application/extensions/bootstrap/helpers/TbHtml.php
index 1c927a3404..cc5498711b 100755
--- a/application/extensions/bootstrap/helpers/TbHtml.php
+++ b/application/extensions/bootstrap/helpers/TbHtml.php
@@ -862,6 +862,12 @@ class TbHtml extends CHtml // required in order to access the protected methods
*/
public static function passwordField($name, $value = '', $htmlOptions = array())
{
+
+ if (array_key_exists('maxlength', $htmlOptions)) {
+
+ trigger_error('maxlength is not supported for password fields', E_USER_NOTICE);
+ unset ($htmlOptions['maxlength']);
+ }
return self::textInputField('password', $name, $value, $htmlOptions);
}
@@ -1799,6 +1805,11 @@ EOD;
*/
public static function activePasswordField($model, $attribute, $htmlOptions = array())
{
+ if (array_key_exists('maxlength', $htmlOptions)) {
+
+ trigger_error('maxlength is not supported for password fields', E_USER_NOTICE);
+ unset ($htmlOptions['maxlength']);
+ }
return self::activeTextInputField('password', $model, $attribute, $htmlOptions);
}
|
