Fixed issue #6423: Potential XSS in 'Resume survey' load form

Dev Other minor fixes
LimeSurvey · Aug 21, 2012 · a981479 · a981479
1 parent 71552ab
commit a981479
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/admin/tokens.php b/admin/tokens.php
@@ -424,7 +424,7 @@
 
             $tokenoutput .= "\t<div class='menubar'>"
             ."<div class='menubar-title ui-widget-header'>"
-            ."<strong>".$clang->gT("Token control")." </strong> ".htmlspecialchars($thissurvey['surveyls_title'])."</div>\n";
+            ."<strong>".$clang->gT("Token control")." </strong> ".FlattenText($thissurvey['surveyls_title'])."</div>\n";
             $surveyprivate = $thissurvey['anonymized'];
         }
     }

diff --git a/classes/expressions/ExpressionManager.php b/classes/expressions/ExpressionManager.php
@@ -1821,7 +1821,7 @@ public function sProcessStringContainingExpressions($src, $questionNum=0, $numRe
         for($i=1;$i<=$numRecursionLevels;++$i)
         {
             // TODO - Since want to use <span> for dynamic substitution, what if there are recursive substititons?
-            $result = $this->sProcessStringContainingExpressionsHelper(htmlspecialchars_decode($result,ENT_QUOTES),$questionNum, $staticReplacement);
+            $result = $this->sProcessStringContainingExpressionsHelper($result,$questionNum, $staticReplacement);
             if ($i == $whichPrettyPrintIteration)
             {
                 $prettyPrint = $this->prettyPrintSource;

diff --git a/group.php b/group.php
@@ -76,7 +76,7 @@
 else
 {
     //RUN THIS IF THIS IS THE FIRST TIME , OR THE FIRST PAGE ########################################
-    if (!isset($_SESSION['step']))  //  || !$_SESSION['step']) - don't do this for step0, else rebuild the session
+    if (!isset($_SESSION['step']))  //  || !$_SESSION['step']) - don't do this for step 0, else rebuild the session
     {
         $totalquestions = buildsurveysession();
         LimeExpressionManager::StartSurvey($thissurvey['sid'], $surveyMode, $surveyOptions, false,$LEMdebugLevel);