diff --git a/main/survey/link.php b/main/survey/link.php
index 6fb9225e38..2447fa4eb6 100755
--- a/main/survey/link.php
+++ b/main/survey/link.php
@@ -40,7 +40,7 @@ if ($hashIsValid && $courseInfo) {
$invitation_id = SurveyUtil::save_invitation($params);
if ($invitation_id) {
- $link = api_get_path(WEB_CODE_PATH).'survey/fillsurvey.php?invitationcode='.$invitation_code.'&course='.$courseInfo['code'].'&id_session='.$sessionId;
+ $link = SurveyUtil::generateFillSurveyLink($invitation_code, $courseInfo['code'], $sessionId);
header('Location: '.$link);
exit;
}
diff --git a/main/survey/pending.php b/main/survey/pending.php
index ef1e224b90..0ac4a62705 100644
--- a/main/survey/pending.php
+++ b/main/survey/pending.php
@@ -10,7 +10,7 @@ $cidReset = true;
require_once __DIR__.'/../inc/global.inc.php';
-api_block_anonymous_users(true);
+api_block_anonymous_users();
$em = Database::getManager();
@@ -36,13 +36,18 @@ foreach ($pending as $i => $item) {
$course = $course ? ['id' => $course->getId(), 'title' => $course->getTitle(), 'code' => $course->getCode()] : null;
$session = $session ? ['id' => $session->getId(), 'name' => $session->getName()] : null;
+ $courseInfo = api_get_course_info_by_id($course->getId());
$surveysData[$survey->getSurveyId()] = [
'title' => $survey->getTitle(),
- 'invitation_code' => $invitation->getInvitationCode(),
'avail_from' => $survey->getAvailFrom(),
'avail_till' => $survey->getAvailTill(),
'course' => $course,
'session' => $session,
+ 'link' => SurveyUtil::generateFillSurveyLink(
+ $invitation->getInvitationCode(),
+ $courseInfo,
+ $survey->getSessionId()
+ ),
];
}
diff --git a/main/survey/survey.lib.php b/main/survey/survey.lib.php
index 52377c0ab1..2e24adf281 100755
--- a/main/survey/survey.lib.php
+++ b/main/survey/survey.lib.php
@@ -1948,16 +1948,17 @@ class SurveyManager
return;
}
- $urlParams = http_build_query([
- 'course' => api_get_course_id(),
- 'invitationcode' => $invitation->getInvitationCode(),
- ]);
-
Display::addFlash(
Display::return_message(get_lang('MandatorySurveyNoAnswered'), 'warning')
);
- header('Location: '.api_get_path(WEB_CODE_PATH).'survey/fillsurvey.php?'.$urlParams.'&'.api_get_cidreq());
+ $url = SurveyUtil::generateFillSurveyLink(
+ $invitation->getInvitationCode(),
+ api_get_course_info(),
+ api_get_session_id()
+ );
+
+ header('Location: '.$url);
exit;
}
diff --git a/main/survey/surveyUtil.class.php b/main/survey/surveyUtil.class.php
index 7dd58c6659..f84aaa0cfe 100755
--- a/main/survey/surveyUtil.class.php
+++ b/main/survey/surveyUtil.class.php
@@ -2396,8 +2396,7 @@ class SurveyUtil
$sessionId = api_get_session_id();
// Replacing the **link** part with a valid link for the user
- $link = api_get_path(WEB_CODE_PATH).'survey/fillsurvey.php?';
- $link .= 'id_session='.$sessionId.'&course='.$_course['code'].'&invitationcode='.$invitation_code;
+ $link = self::generateFillSurveyLink($invitation_code, $_course, $sessionId);
$text_link = ''.get_lang('ClickHereToAnswerTheSurvey')."
\r\n
\r\n"
.get_lang('OrCopyPasteTheFollowingUrl')."
\r\n ".$link;
@@ -3417,8 +3416,7 @@ class SurveyUtil
[],
ICON_SIZE_TINY
);
- $url = api_get_path(WEB_CODE_PATH).'survey/fillsurvey.php?course='.$_course['sysCode']
- .'&invitationcode='.$row['invitation_code'].'&cidReq='.$_course['sysCode'].'&id_session='.$row['session_id'];
+ $url = self::generateFillSurveyLink($row['invitation_code'], $_course, $row['session_id']);
echo '
'.$row['title']
.'';
@@ -3889,4 +3887,35 @@ class SurveyUtil
return Database::store_result($query);
}
+
+ /**
+ * @param string $code invitation code
+ * @param array $courseInfo
+ * @param int $sessionId
+ * @param string $surveyCode
+ *
+ * @return string
+ */
+ public static function generateFillSurveyLink($code, $courseInfo, $sessionId, $surveyCode = '')
+ {
+ $code = Security::remove_XSS($code);
+ $sessionId = (int) $sessionId;
+
+ if (empty($courseInfo)) {
+ return '';
+ }
+
+ $params = [
+ 'invitationcode' => $code,
+ 'cidReq' => $courseInfo['code'],
+ 'course' => $courseInfo['code'],
+ 'id_session' => $sessionId,
+ ];
+
+ if (!empty($surveyCode)) {
+ $params['scode'] = Security::remove_XSS($surveyCode);
+ }
+
+ return api_get_path(WEB_CODE_PATH).'survey/fillsurvey.php?'.http_build_query($params);
+ }
}
diff --git a/main/survey/survey_invitation.php b/main/survey/survey_invitation.php
index 9a308adc2b..10b3f1f05d 100755
--- a/main/survey/survey_invitation.php
+++ b/main/survey/survey_invitation.php
@@ -149,9 +149,7 @@ foreach ($sentIntitations as $row) {
echo ' ';
$code = $row['invitation_code'];
- $link = api_get_path(WEB_CODE_PATH).'survey/fillsurvey.php?';
- $link .= 'id_session='.$sessionId.'&course='.$courseInfo['code'].'&invitationcode='.$code;
-
+ $link = SurveyUtil::generateFillSurveyLink($code, $courseInfo, $sessionId);
$link = Display::input('text', 'copy_'.$id, $link, ['id' => 'copy_'.$id, 'class' => '']);
$link .= ' '.Display::url(
Display::returnFontAwesomeIcon('copy').get_lang('CopyTextToClipboard'),
diff --git a/main/survey/survey_invite.php b/main/survey/survey_invite.php
index 3cfc967a8f..a5a4480904 100755
--- a/main/survey/survey_invite.php
+++ b/main/survey/survey_invite.php
@@ -175,7 +175,7 @@ if (api_is_multiple_url_enabled()) {
}
// Show the URL that can be used by users to fill a survey without invitation
-$auto_survey_link = $portal_url.'main/survey/fillsurvey.php?course='.$_course['sysCode'].'&invitationcode=auto&scode='.$survey_data['survey_code'].'&id_session='.$survey_data['session_id'];
+$auto_survey_link = SurveyUtil::generateFillSurveyLink('auto', $_course, $survey_data['session_id'], $survey_data['survey_code']);
$form->addElement('label', null, get_lang('AutoInviteLink'));
$form->addElement('label', null, $auto_survey_link);
diff --git a/main/template/default/survey/pending.tpl b/main/template/default/survey/pending.tpl
index 8cd4cc303f..f37a481471 100644
--- a/main/template/default/survey/pending.tpl
+++ b/main/template/default/survey/pending.tpl
@@ -11,13 +11,10 @@
{% for survey in surveys %}
- {% set course_code = survey.course ? survey.course.code : '' %}
- {% set session_id = survey.session ? survey.session.id : 0 %}
-
|