diff --git a/CHANGELOG b/CHANGELOG index efd92290..c7263c03 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ queXS 1.7.0 - Changes since 1.6.1 New Feature: Replace queXS caseid as token with a random token to allow for safe external access +Fixed Bug: Replaced php short tags with long tags Database updates: diff --git a/include/limesurvey/admin/browse.php b/include/limesurvey/admin/browse.php index 6d81353a..ef9d2bdf 100644 --- a/include/limesurvey/admin/browse.php +++ b/include/limesurvey/admin/browse.php @@ -197,7 +197,7 @@ if ($subaction == "id") if ($qfs != false) { //Limit responses by questionnaire and/or sample - $query .= " JOIN `case` AS c ON (s.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $query .= " JOIN `case` AS c ON (s.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $query .= " JOIN `sample` AS ss ON (ss.sample_id = c.sample_id AND ss.import_id = '{$qfs[1]}') "; } @@ -592,7 +592,7 @@ elseif ($subaction == "all") if ($qfs != false) { //Limit responses by questionnaire and/or sample - $sql_from .= " JOIN `case` AS c ON ({$surveytable}.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $sql_from .= " JOIN `case` AS c ON ({$surveytable}.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $sql_from .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -639,7 +639,7 @@ elseif ($subaction == "all") if ($qfs != false) { //Limit responses by questionnaire and/or sample - $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $dtquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -669,7 +669,7 @@ elseif ($subaction == "all") if ($qfs != false) { //Limit responses by questionnaire and/or sample - $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $dtquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -702,7 +702,7 @@ elseif ($subaction == "all") if ($qfs != false) { //Limit responses by questionnaire and/or sample - $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $dtquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } diff --git a/include/limesurvey/admin/export_data_functions.php b/include/limesurvey/admin/export_data_functions.php index daa5fc90..3a3544a3 100644 --- a/include/limesurvey/admin/export_data_functions.php +++ b/include/limesurvey/admin/export_data_functions.php @@ -460,7 +460,7 @@ function spss_getquery() { if ($qfs != false) { //Limit responses by questionnaire and/or sample - $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } diff --git a/include/limesurvey/admin/exportresults.php b/include/limesurvey/admin/exportresults.php index ffbc42d8..07662bdd 100644 --- a/include/limesurvey/admin/exportresults.php +++ b/include/limesurvey/admin/exportresults.php @@ -425,14 +425,15 @@ if ($tokenTableExists && $thissurvey['anonymized']=='N' && isset($_POST['attribu if (in_array('callattempts',$_POST['attribute_select'])) { $dquery .= ", (SELECT COUNT(c.call_attempt_id) - FROM call_attempt as c - WHERE c.case_id = {$dbprefix}survey_$surveyid.token) as callattempts "; + FROM call_attempt as c, `case` as ca + WHERE c.case_id = ca.case_id AND ca.token = {$dbprefix}survey_$surveyid.token) as callattempts "; } if (in_array('messagesleft',$_POST['attribute_select'])) { $dquery .= ", (SELECT COUNT(c2.call_id) - FROM `call` as c2 - WHERE c2.case_id = {$dbprefix}survey_$surveyid.token + FROM `call` as c2, `case` as ca2 + WHERE ca2.case_id = c2.case_id + AND ca2.token = {$dbprefix}survey_$surveyid.token AND c2.outcome_id = 23) as messagesleft "; } if (in_array('token',$_POST['attribute_select'])) @@ -477,7 +478,7 @@ if ($tokenTableExists && $thissurvey['anonymized']=='N' && isset($_POST['attribu { $dquery .= ", ( SELECT sv.val FROM sample_var as sv, `case` as c3 - WHERE c3.case_id = {$dbprefix}survey_$surveyid.token + WHERE c3.token = {$dbprefix}survey_$surveyid.token AND c3.sample_id = sv.sample_id AND sv.var LIKE '$attr_name') as attribute_$i "; @@ -505,7 +506,7 @@ $qfs = questionnaireSampleFilterstate(); if ($qfs != false) { //Limit responses by questionnaire and/or sample - $dquery .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $dquery .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $dquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } diff --git a/include/limesurvey/admin/statistics_function.php b/include/limesurvey/admin/statistics_function.php index e2104717..1e7f82a2 100644 --- a/include/limesurvey/admin/statistics_function.php +++ b/include/limesurvey/admin/statistics_function.php @@ -510,7 +510,7 @@ if ($qfs != false) { //Limit responses by questionnaire and/or sample - $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -1143,7 +1143,7 @@ if ($qfs != false) { //Limit responses by questionnaire and/or sample - $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -1207,7 +1207,7 @@ if ($qfs != false) { //Limit responses by questionnaire and/or sample - $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -1237,7 +1237,7 @@ if ($qfs != false) { //Limit responses by questionnaire and/or sample - $querystarter .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $querystarter .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $querystarter .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -1957,7 +1957,7 @@ if ($qfs != false) { //Limit responses by questionnaire and/or sample - $querylimit .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $querylimit .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $querylimit .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } diff --git a/include/limesurvey/admin/vvexport.php b/include/limesurvey/admin/vvexport.php index 44166ee5..53ce7274 100644 --- a/include/limesurvey/admin/vvexport.php +++ b/include/limesurvey/admin/vvexport.php @@ -123,7 +123,7 @@ elseif (isset($surveyid) && $surveyid) if ($qfs != false) { //Limit responses by questionnaire and/or sample - $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } diff --git a/include/limesurvey/classes/expressions/LimeExpressionManager.php b/include/limesurvey/classes/expressions/LimeExpressionManager.php index d43c27d0..d6af41a0 100644 --- a/include/limesurvey/classes/expressions/LimeExpressionManager.php +++ b/include/limesurvey/classes/expressions/LimeExpressionManager.php @@ -3419,7 +3419,7 @@ $sql = "SELECT sv.var,sv.val FROM sample_var as sv, `case` as c WHERE c.sample_id = sv.sample_id - AND c.case_id = {$_SESSION['token']}"; + AND c.token = {$_SESSION['token']}"; $queXSrs = $connect->GetAssoc($sql); diff --git a/include/limesurvey/index.php b/include/limesurvey/index.php index ebb255ce..0524e2c1 100644 --- a/include/limesurvey/index.php +++ b/include/limesurvey/index.php @@ -2649,7 +2649,7 @@ function check_quota($checkaction,$surveyid) $querysel = "SELECT id FROM ".db_table_name('survey_'.$surveyid)." AS s JOIN `case` AS cq ON (cq.case_id = '$case_id') JOIN sample AS sampt ON (sampt.sample_id = cq.sample_id) - JOIN `case` AS c ON (c.case_id = s.token AND c.questionnaire_id = cq.questionnaire_id) + JOIN `case` AS c ON (c.token = s.token AND c.questionnaire_id = cq.questionnaire_id) JOIN `sample` as sam ON (c.sample_id = sam.sample_id AND sam.import_id = sampt.import_id) WHERE ".implode(' AND ',$querycond)." "." AND s.submitdate IS NOT NULL"; diff --git a/include/limesurvey/quexs.php b/include/limesurvey/quexs.php index dd961f46..5e3647f9 100644 --- a/include/limesurvey/quexs.php +++ b/include/limesurvey/quexs.php @@ -753,8 +753,14 @@ function get_start_interview_url() if ($case_id) { + $sql = "SELECT token + FROM `case` + WHERE case_id = $case_id"; + + $token = $db->GetOne($sql); + $sid = get_limesurvey_id($operator_id); - $url = LIME_URL . "index.php?loadall=reload&sid=$sid&token=$case_id&lang=" . DEFAULT_LOCALE; + $url = LIME_URL . "index.php?loadall=reload&sid=$sid&token=$token&lang=" . DEFAULT_LOCALE; $questionnaire_id = get_questionnaire_id($operator_id); //get prefills