From 9ad848c28b6ee33da33fdf29fb6712b2d3ad97cf Mon Sep 17 00:00:00 2001
From: jmontoyaa <gugli100@gmail.com>
Date: Mon, 22 Jan 2018 11:00:32 +0100
Subject: [PATCH] Fix parse of survey direct link (session id added) see
 BT#13870

---
 main/survey/generate_link.php |  4 ++--
 main/survey/link.php          | 38 +++++++++++++++++------------------
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/main/survey/generate_link.php b/main/survey/generate_link.php
index 813babd036..ef9556fd56 100755
--- a/main/survey/generate_link.php
+++ b/main/survey/generate_link.php
@@ -16,11 +16,11 @@ if (empty($survey_id)) {
 $survey_data = SurveyManager::get_survey($survey_id);
 
 $interbreadcrumb[] = [
-    'url' => api_get_path(WEB_CODE_PATH).'survey/survey_list.php',
+    'url' => api_get_path(WEB_CODE_PATH).'survey/survey_list.php?'.api_get_cidreq(),
     'name' => get_lang('SurveyList'),
 ];
 $interbreadcrumb[] = [
-    'url' => api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.$survey_id,
+    'url' => api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.$survey_id.'&'.api_get_cidreq(),
     'name' => strip_tags($survey_data['title']),
 ];
 
diff --git a/main/survey/link.php b/main/survey/link.php
index 96ac62a60d..e9e5e827a1 100755
--- a/main/survey/link.php
+++ b/main/survey/link.php
@@ -3,44 +3,44 @@
 
 require_once __DIR__.'/../inc/global.inc.php';
 
-$survey_id = isset($_REQUEST['i']) ? intval($_REQUEST['i']) : null;
+$surveyId = isset($_REQUEST['i']) ? (int) $_REQUEST['i'] : 0;
+$sessionId = isset($_REQUEST['s']) ? (int) $_REQUEST['s'] : 0;
+$courseId = isset($_REQUEST['c']) ? (int) $_REQUEST['c'] : 0;
 
-if (empty($survey_id)) {
+if (empty($surveyId)) {
     api_not_allowed(true);
 }
 if (!SurveyManager::survey_generation_hash_available()) {
     api_not_allowed(true);
 }
-$course_info = api_get_course_info_by_id($_REQUEST['c']);
-
-$hash_is_valid = SurveyManager::validate_survey_hash(
-    $survey_id,
-    $_REQUEST['c'],
-    $_REQUEST['s'],
+$courseInfo = api_get_course_info_by_id($courseId);
+$hashIsValid = SurveyManager::validate_survey_hash(
+    $surveyId,
+    $courseId,
+    $sessionId,
     $_REQUEST['g'],
     $_REQUEST['h']
 );
-if ($hash_is_valid && $course_info) {
+if ($hashIsValid && $courseInfo) {
     $survey_data = SurveyManager::get_survey(
-        $survey_id,
+        $surveyId,
         null,
-        $course_info['code']
+        $courseInfo['code']
     );
 
     $invitation_code = api_get_unique_id();
-
     $params = [
-            'c_id' => $_REQUEST['c'],
-            'session_id' => $_REQUEST['s'],
-            'user' => $invitation_code,
-            'survey_code' => $survey_data['code'],
-            'invitation_code' => $invitation_code,
-            'invitation_date' => api_get_utc_datetime()
+        'c_id' => $courseId,
+        'session_id' => $sessionId,
+        'user' => $invitation_code,
+        'survey_code' => $survey_data['code'],
+        'invitation_code' => $invitation_code,
+        'invitation_date' => api_get_utc_datetime()
     ];
     $invitation_id = SurveyUtil::save_invitation($params);
 
     if ($invitation_id) {
-        $link = api_get_path(WEB_CODE_PATH).'survey/fillsurvey.php?invitationcode='.$invitation_code.'&course='.$course_info['code'];
+        $link = api_get_path(WEB_CODE_PATH).'survey/fillsurvey.php?invitationcode='.$invitation_code.'&course='.$courseInfo['code'].'&id_session='.$sessionId;
         header('Location: '.$link);
         exit;
     }