From acf09fc56bc4b8449bac2de014ff03d7ba2ec86e Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Thu, 8 Nov 2018 15:16:29 +0100
Subject: [PATCH] Fix link to redirect to the correct page see BT#14957

---
 main/survey/create_meeting.php   | 2 +-
 main/survey/fillsurvey.php       | 9 +++++++++
 main/survey/meeting.php          | 4 ++--
 main/survey/surveyUtil.class.php | 5 -----
 4 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/main/survey/create_meeting.php b/main/survey/create_meeting.php
index 6c52a89cea..de499f3da5 100644
--- a/main/survey/create_meeting.php
+++ b/main/survey/create_meeting.php
@@ -146,7 +146,7 @@ if ($form->validate()) {
     }
 
     // Redirecting to the survey page (whilst showing the return message)
-    header('Location: '.api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.$return['id'].'&'.api_get_cidreq());
+    header('Location: '.api_get_path(WEB_CODE_PATH).'survey/survey_list.php?'.api_get_cidreq());
     exit;
 } else {
     // Displaying the header
diff --git a/main/survey/fillsurvey.php b/main/survey/fillsurvey.php
index b35d7c0d38..135fd8d427 100755
--- a/main/survey/fillsurvey.php
+++ b/main/survey/fillsurvey.php
@@ -204,6 +204,15 @@ if (empty($survey_data)) {
 }
 $survey_data['survey_id'] = $survey_invitation['survey_id'];
 
+if ($survey_data['survey_type'] == '3') {
+    header('Location: '.
+        api_get_path(WEB_CODE_PATH).
+        'survey/meeting.php?cidReq='.$courseInfo['code'].'&id_session='.$sessionId.'&invitationcode='.Security::remove_XSS($invitationcode)
+    );
+    exit;
+}
+
+
 // Storing the answers
 if (count($_POST) > 0) {
     if ($survey_data['survey_type'] === '0') {
diff --git a/main/survey/meeting.php b/main/survey/meeting.php
index 6a020c5b9a..868dc4f5cf 100644
--- a/main/survey/meeting.php
+++ b/main/survey/meeting.php
@@ -9,9 +9,9 @@ $userId = api_get_user_id();
 $courseInfo = api_get_course_info();
 
 $surveyId = isset($_REQUEST['survey_id']) ? (int) $_REQUEST['survey_id'] : 0;
+$invitationcode = isset($_REQUEST['invitationcode']) ? Database::escape_string($_REQUEST['invitationcode']) : 0;
 
-if (!api_is_allowed_to_edit()) {
-    $invitationcode = isset($_REQUEST['invitationcode']) ? Database::escape_string($_REQUEST['invitationcode']) : 0;
+if (!api_is_allowed_to_edit() || !empty($invitationcode)) {
     $table_survey_invitation = Database::get_course_table(TABLE_SURVEY_INVITATION);
     $table_survey = Database::get_course_table(TABLE_SURVEY);
 
diff --git a/main/survey/surveyUtil.class.php b/main/survey/surveyUtil.class.php
index 06382fbaa2..3e694e7735 100755
--- a/main/survey/surveyUtil.class.php
+++ b/main/survey/surveyUtil.class.php
@@ -3157,7 +3157,6 @@ class SurveyUtil
                         api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.$survey[0].'&'.api_get_cidreq()
                     );
                 }
-
             }
 
             // Validation when belonging to a session
@@ -3373,10 +3372,6 @@ class SurveyUtil
                 );
                 $url = api_get_path(WEB_CODE_PATH).'survey/fillsurvey.php?course='.$_course['sysCode']
                     .'&invitationcode='.$row['invitation_code'].'&cidReq='.$_course['sysCode'].'&id_session='.$row['session_id'];
-                if ($row['survey_type'] == 3) {
-                    $url = api_get_path(WEB_CODE_PATH).'survey/meeting.php?course='.$_course['sysCode']
-                        .'&invitationcode='.$row['invitation_code'].'&cidReq='.$_course['sysCode'].'&id_session='.$row['session_id'];
-                }
                 echo '<a href="'.$url.'">
                     '.$row['title']
                     .'</a></td>';