From 826b9edd74b1bf9b4aa132a9cf14d8948ed4d20e Mon Sep 17 00:00:00 2001
From: Carsten Schmitz <carsten.schmitz@limesurvey.org>
Date: Sun, 19 Feb 2023 23:42:36 +0100
Subject: [PATCH] Fixed issue: [security] Minor XSS vulnerability when editing
 a question group

---
 application/controllers/QuestionAdministrationController.php | 5 ++++-
 .../controllers/QuestionGroupsAdministrationController.php   | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/application/controllers/QuestionAdministrationController.php b/application/controllers/QuestionAdministrationController.php
index 9ce8480bb5a..ea694eee4ab 100644
--- a/application/controllers/QuestionAdministrationController.php
+++ b/application/controllers/QuestionAdministrationController.php
@@ -271,7 +271,7 @@ public function renderFormAux(Question $question)
      * Load list questions view for a specified survey by $surveyid
      *
      * @param int $surveyid Goven Survey ID
-     * @param string  $landOnSideMenuTab Name of the side menu tab. Default behavior is to land on settings tab.
+     * @param string  $landOnSideMenuTab Name of the side menu tab (settings or structure). Default behavior is to land on settings tab.
      *
      * @return string
      * @access public
@@ -283,6 +283,9 @@ public function actionListQuestions($surveyid, $landOnSideMenuTab = 'settings')
             throw new CHttpException(403, gT("No permission"));
         }
         $iSurveyID = sanitize_int($surveyid);
+        if (!in_array($landOnSideMenuTab, ['settings', 'structure', ''])) {
+            $landOnSideMenuTab = 'settings';
+        }
         // Reinit LEMlang and LEMsid: ensure LEMlang are set to default lang, surveyid are set to this survey id
         // Ensure Last GetLastPrettyPrintExpression get info from this sid and default lang
         LimeExpressionManager::SetEMLanguage(Survey::model()->findByPk($iSurveyID)->language);
diff --git a/application/controllers/QuestionGroupsAdministrationController.php b/application/controllers/QuestionGroupsAdministrationController.php
index 5ab5439368c..04a3c87ee33 100644
--- a/application/controllers/QuestionGroupsAdministrationController.php
+++ b/application/controllers/QuestionGroupsAdministrationController.php
@@ -83,6 +83,9 @@ protected function beforeRender($view)
      */
     public function actionView(int $surveyid, int $gid, $landOnSideMenuTab = 'structure', $mode = 'auto')
     {
+        if (!in_array($landOnSideMenuTab, ['settings', 'structure', ''])) {
+            $landOnSideMenuTab = 'structure';
+        }
         if ($mode != 'overview' && SettingsUser::getUserSettingValue('noViewMode', App()->user->id)) {
             $this->redirect(
                 Yii::app()->createUrl(