 |
The patch is here: In short:
We use this as follows: In this way we can do a direct call to the InviteCommand plugin by @Mazi: |
 |
But : Remote control API can send invitation/reminder : not needed. And please : console is made for console ! Security issue . |
|
|
See the first post: there is no security issue, because application/commands/console.php is not accessible from outside. It is protected by the application/.htaccess. With respect to the Remote Control API: this requires a login with Admin rights AFAIK. Of course you can script that as well, but putting a plain text password in get_session_key is more of a security risk than calling a console app with require_once, but without password from within a PHP script. |
|
|
Besides that: the remote control API does not send Registration mails according to the docs. And this is exactly what we want to do. We slightly adjusted @Mazi's script for that. |
|
|
The patch API to allow sending registration email. |
|
|
I can find invite_participants() and remind_participants() in application/helpers/remotecontrol_handle.php Where is the corresponding function for sending registration emails? |
|
|
So why not extending the API to support sending registration emails? That's something I'd definitely support because I can think of lots of use cases. |
|
|
A, I now see that Denis meant to say 'Then patch the API ...'. @Mazi: we can do both. The Remote Control API is limited by nature. Only things that have been added to it can be done with it. Console apps can be added quite easily without the need to patch and update LimeSurvey. It could be a good way to test new ideas before submitting them to core. I really do not see the security issue. If the developer does not declare $run_console_command in a PHP-script and/or does not require_once('path/console.php') nothing has changed. If needed the argv[0] checks could be put back in place and be something like: if(!isset($_SERVER['argv']) && !isset($run_console_command)) |
|
|
JanE, from my point of view the best approach (which we also followed at similar requests) is:
That way others benefit from your changes as well and you are future save when updating later. |
|
|
Sorry, then, not the .... Yes, API is done to do someting in LimeSurvey We don't have a feature request to allow API function by plugin ? |
|
|
Yesterday evening and this morning I had a hell of a job to even get the remote control working properly. /index.php/admin/remotecontrol showed perfectly from outside, but all responses from the remote control API were empty. Our provider has the feature to clone a VPS to another VPS and to my surprise the RC API worked on the clone. It took a lot of debugging to find the cause: Apache on the testing environment was not listening on IPv6 for the test domain and cUrl was trying to connect over IPv6. I already had changed the RC handler, but now I finally can start testing it. Work in progress. |
|
|
I am not sure about the use case for this but:
I suggest closing this since changing framework code is not acceptable (and will be reverted the next time we upgrade the framework or when LS3 hits and the framework code is no longer in our repository). |
|
|
I cannot close it. I would have done it already if I could, because I am now using the LSRC for the use case. |
|
|
Maybe you should "Allow Reporter to close Issue" |
|
|
FWIW: reporters can only Monitor or End Monitoring. We cannot Assign to, Change status, Stick/unstick, Clone or Close. We can't even Edit the original issue. |
|
|
I don't see the Yii framework update ... console.php is done for console not for web. |
- Anonymous
