[HM666]

Ok there are several if/else statements & variables that contain $_POST['do'].

Code:

if ($_POST['do'] == 'updateformresult')

$_POST['do'] = 'postform';

if ($_POST['do'] == 'postform')

if ($_POST['do'] == 'insertform')

if ($_POST['do'] == 'updateform')

if ($_POST['do'] == 'insertq')

if ($_POST['do'] == 'updateq')

if ($_POST['do'] == 'formresults_export')

if ($_POST['do'] == 'updateqorder')

if ($_POST['do'] == 'importform')

if ($_POST['do'] == 'addq')

But it seems that the 'postform' may have the most to do with this, but I'm not a PHP coder so I'm not entirely sure. Here is the code that looks about like it has to do with viewing the form:

Code:

	if (($caneditformresult && !is_member_of($vbulletin->userinfo, $caneditformresult)) AND (!$canmanageownformresults OR !$vbulletin->userinfo['userid']))
	{
		print_no_permission();
	}
	$show['edit_id'] = $id = $vbulletin->input->clean_gpc('p', 'id', TYPE_UINT);
	$fid = $vbulletin->input->clean_gpc('p', 'fid', TYPE_UINT);
	$_POST['do'] = 'postform';
	$show['editing'] = true;
	$where = "";
	if ($canmanageownformresults && !is_member_of($vbulletin->userinfo, $caneditformresult))
	{
		$where = " AND userid = '" . $vbulletin->userinfo['userid'] . "'";
	}
	$formresult = $vbulletin->db->query_first("SELECT * FROM " . TABLE_PREFIX . "formresults WHERE fid = '$fid' AND id = '$id' $where");
	if (!$formresult)
	{
		$errormessage = $vbphrase[form_error_data_not_exist];
       	eval(standard_error($errormessage));
	}
}
if ($_POST['do'] == 'postform')
{
	$POST_FORM = true;
	$canviewform = unserialize($vbulletin->options['canviewform']);
	if (!$canviewform OR !is_member_of($vbulletin->userinfo, $canviewform))
	{
		print_no_permission();
	}
	$fid = $vbulletin->input->clean_gpc('p', 'fid', TYPE_UINT);
	if (empty($fid))
	{
		$errormessage = $vbphrase[form_error_not_existing_form];
       	eval(standard_error($errormessage));
	}
	$posthash = $vbulletin->input->clean_gpc('p', 'posthash', TYPE_NOHTML);
	$poststarttime = $vbulletin->input->clean_gpc('p', 'poststarttime', TYPE_NOHTML);
	$hiddenfield1 = $vbulletin->input->clean_gpc('p', 'hiddenfield1', TYPE_NOHTML);
	$hiddenfield2 = $vbulletin->input->clean_gpc('p', 'hiddenfield2', TYPE_NOHTML);
	$hiddenfield3 = $vbulletin->input->clean_gpc('p', 'hiddenfield3', TYPE_NOHTML);
	$complete = true;
	$incompleteqs = array();
	$iqs = array();
	$form = $vbulletin->db->query_first("SELECT * FROM " . TABLE_PREFIX . "forms WHERE fid = '$fid'");
	if (!$form)
	{
		$errormessage = $vbphrase[form_error_not_existing_form];
       	eval(standard_error($errormessage));
	}
	($hook = vBulletinHook::fetch_hook('easy_forms_post_form_start')) ? eval($hook) : false;
	if ($form[submitlimitperuser] >= 1 && !$show['editing'])
	{