12431: Preview of question is empty

May 26, 2017, 1:58 am

≫ Next: 12434: Reflected XSS when viewing questiongroups

≪ Previous: 12430: Cannot preview group

See image: when you ask for a question preview, the window is (nearly) empty.

↧

12434: Reflected XSS when viewing questiongroups

May 26, 2017, 5:16 am

≫ Next: 12435: Wrong exports

≪ Previous: 12431: Preview of question is empty

A administrator can view questiongroups by navigating to a URL in the following form: <a href="https://example.com/index.php?r=admin/questiongroups/sa/view/surveyid/{surveyid}/gid/{gid}">https://example.com/index.php?r=admin/questiongroups/sa/view/surveyid/{surveyid}/gid/{gid}</a> Within this page, multiple links are embedded for actions on the questiongroup. The gid in these links are taken from the user input from the URL and do not properly encode special characters. Therefore, these links are susceptible for XSS attacks. The following outtakes from the page source show the locations in which html has been injected. The payload used for this is: "><img src=a onerror=alert(1)>. [...]  <a class="btn btn-default" href="/index.php?r=survey/index/action/previewgroup/sid/162378/gid/"><img src=a onerror=alert(1)>" role="button" target="_blank"> [...]  <a class="btn btn-default" href="/index.php?r=admin/questiongroups/sa/edit/surveyid/162378/gid/"><img src=a onerror=alert(1)>" role="button"> Edit current question group </a> [...]  <a class="btn btn-default" href="/index.php?r=admin/expressions/sa/survey_logic_file/sid/162378/gid/"><img src=a onerror=alert(1)>" role="button"> [...]  <a class="btn btn-default" onclick="if (confirm('Deleting this group will also delete any questions and answers it contains. Are you sure you want to continue?')) { window.open('/index.php?r=admin/questiongroups/sa/delete/surveyid/162378/gid/"><img src=a onerror=alert(1)>','_top'); }" role="button"> [...]  <a class="btn btn-default" href="/index.php?r=admin/export/sa/group/surveyid/162378/gid/"><img src=a onerror=alert(1)>" role="button"> [...]  <li id="explorer" class="dropdownlvl2 dropdownstyle panel panel-default"> <input type="hidden" id="open-explorer" /> <input type="hidden" id="open-questiongroup" data-gid=""><img src=a onerror=alert(1)>" /> [...] <div class="panel panel-primary panel-clickable" id="panel-1" data-url="/index.php?r=admin/questions/sa/newquestion/surveyid/162378/gid/"><img src=a onerror=alert(1)>"> [...]

↧

12435: Wrong exports

May 26, 2017, 5:15 am

≫ Next: 12437: Crash on survey with 2 MC questions

≪ Previous: 12434: Reflected XSS when viewing questiongroups

Bug 1: Exporting 'Started but not yet completed' survey status csv file generates the same csv file as 'All tokens' survey status. Bug 2: 'Started' column is missing in the csv export file. (Need that column so that users can identify those participants who has partially completed.)

↧

12437: Crash on survey with 2 MC questions

May 26, 2017, 12:36 pm

≫ Next: 12438: Old favicon in GIT 3.0 installation

≪ Previous: 12435: Wrong exports

CDbException The table "{{survey_319294}}" for active record class "SurveyDynamic" cannot be found in the database. D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\framework\db\ar\CActiveRecord.php(2387) 2375 2376 /** 2377 * Constructor. 2378 * @param CActiveRecord $model the model instance 2379 * @throws CDbException if specified table for active record class cannot be found in the database 2380 */ 2381 public function __construct($model) 2382 { 2383 $this->_modelClassName=get_class($model); 2384 2385 $tableName=$model->tableName(); 2386 if(($table=$model->getDbConnection()->getSchema()->getTable($tableName))===null) 2387 throw new CDbException(Yii::t('yii','The table "{table}" for active record class "{class}" cannot be found in the database.', 2388 array('{class}'=>$this->_modelClassName,'{table}'=>$tableName))); 2389 2390 if(($modelPk=$model->primaryKey())!==null || $table->primaryKey===null) 2391 { 2392 $table->primaryKey=$modelPk; 2393 if(is_string($table->primaryKey) && isset($table->columns[$table->primaryKey])) 2394 $table->columns[$table->primaryKey]->isPrimaryKey=true; 2395 elseif(is_array($table->primaryKey)) 2396 { 2397 foreach($table->primaryKey as $name) 2398 { 2399 if(isset($table->columns[$name])) Stack Trace #0 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\framework\db\ar\CActiveRecord.php(411): CActiveRecordMetaData->__construct(SurveyDynamic) #1 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\framework\db\ar\CActiveRecord.php(680): CActiveRecord->getMetaData() #2 – D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\application\models\LSActiveRecord.php(29): CActiveRecord->hasAttribute("created") 24 * @return array 25 */ 26 public function behaviors() 27 { 28 $aBehaviors=array(); 29 $sCreateFieldName=($this->hasAttribute('created')?'created':null); 30 $sUpdateFieldName=($this->hasAttribute('modified')?'modified':null); 31 $sDriverName = Yii::app()->db->getDriverName(); 32 if ($sDriverName=='sqlsrv' || $sDriverName=='dblib') { 33 $sTimestampExpression=new CDbExpression('GETDATE()'); 34 } #3 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\framework\db\ar\CActiveRecord.php(396): LSActiveRecord->behaviors() #4 – D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\application\models\SurveyDynamic.php(45): CActiveRecord::model("SurveyDynamic") 40 if (!is_null($sid)) { 41 self::sid($sid); 42 $refresh = true; 43 } 44 45 $model = parent::model(__CLASS__); 46 47 //We need to refresh if we changed sid 48 if ($refresh === true) $model->refreshMetaData(); 49 50 return $model; #5 – D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\application\core\LSETwigViewRenderer.php(194): SurveyDynamic::model("319294") 189 if (!empty($aDatas['aSurveyInfo']['sid'])){ 190 $surveyid = $aDatas['aSurveyInfo']['sid']; 191 $event->set('surveyId', $aDatas['aSurveyInfo']['sid']); 192 193 if (!empty($_SESSION['survey_'.$surveyid]['srid'])){ 194 $aDatas['aSurveyInfo']['bShowClearAll'] = ! SurveyDynamic::model($surveyid)->isCompleted($_SESSION['survey_'.$surveyid]['srid']); 195 } 196 197 } 198 199 App()->getPluginManager()->dispatchEvent($event); #6 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\application\core\LSETwigViewRenderer.php(144): LSETwigViewRenderer->renderTemplateFromString("{# LimeSurvey Copyright (C) 2007-2017 The LimeSurvey P...", array("aSurveyInfo" => array("template" => "default", "language" => "en", "sid" => "319294", "owner_id" => "1", ...)), false) #7 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\application\helpers\SurveyRuntimeHelper.php(449): LSETwigViewRenderer->renderTemplateFromFile("layout_main.twig", array("aSurveyInfo" => array("template" => "default", "language" => "en", "sid" => "319294", "owner_id" => "1", ...)), false) #8 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\application\controllers\survey\index.php(580): SurveyRuntimeHelper->run("319294", array("surveyid" => "319294", "thissurvey" => array("template" => "default", "language" => "en", "sid" => "319294", "owner_id" => "1", ...), "thisstep" => null, "tokensexist" => 0, ...)) #9 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\application\controllers\survey\index.php(21): index->action() #10 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\framework\web\actions\CAction.php(76): index->run() #11 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\framework\web\CController.php(308): CAction->runWithParams(array("lang" => "en", "sid" => "319294")) #12 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\framework\web\CController.php(286): CController->runAction(index) #13 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\framework\web\CController.php(265): CController->runActionWithFilters(index, array()) #14 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\framework\web\CWebApplication.php(282): CController->run("index") #15 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\framework\web\CWebApplication.php(141): CWebApplication->runController("survey/index/sid/319294") #16 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\framework\base\CApplication.php(185): CWebApplication->processRequest() #17 + D:\Dropbox\sites\limegit.toolsforresearch.com\public_html\index.php(205): CApplication->run() 2017-05-26 21:12:38 Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.5.30 Yii Framework/1.1.17

↧

12438: Old favicon in GIT 3.0 installation

May 26, 2017, 12:57 pm

≫ Next: 12439: Information from debug = 2, debugsql =1 not good visible

≪ Previous: 12437: Crash on survey with 2 MC questions

See image

↧

12439: Information from debug = 2, debugsql =1 not good visible

May 26, 2017, 1:59 pm

≫ Next: 12440: Propertie TemplateConfiguration.name undefined

≪ Previous: 12438: Old favicon in GIT 3.0 installation

This happens mainly in admin theme.

↧

12440: Propertie TemplateConfiguration.name undefined

May 29, 2017, 5:32 am

≫ Next: 12441: "Resume later" does not work - Error while sending QUERY packet

≪ Previous: 12439: Information from debug = 2, debugsql =1 not good visible

Home page (survey listing) show «La propriété « TemplateConfiguration.name » est indéfinie.» in french

↧

12441: "Resume later" does not work - Error while sending QUERY packet

May 29, 2017, 5:51 am

≫ Next: 12442: Massive-delete questions fails to delete some questions

≪ Previous: 12440: Propertie TemplateConfiguration.name undefined

Hi, when conducting a survey a click on "Resume later" leads the participant to a site where the participant can fill in some information to resume to the survey later on. However, after having typed in the necessary information a click on "Save now" leads to a situation where the page is loading for a couple of minutes and then brings up the message mentioned below. During the time where the webpage is loading the backend or any other survey are not accessible. I use PHP 7.0 which might be the cause for the error? Any other suggestions? Thank you. Kind regards PHP warning Error while sending QUERY packet. PID=20896 /is/htdocs/XXX_YYY/www/limesurvey/framework/db/CDbCommand.php(508) 496 Yii::trace('Query result found in cache','system.db.CDbCommand'); 497 return $result[0]; 498 } 499 } 500 501 try 502 { 503 if($this->_connection->enableProfiling) 504 Yii::beginProfile('system.db.CDbCommand.query('.$this->getText().$par.')','system.db.CDbCommand.query'); 505 506 $this->prepare(); 507 if($params===array()) 508 $this->_statement->execute(); 509 else 510 $this->_statement->execute($params); 511 512 if($method==='') 513 $result=new CDbDataReader($this); 514 else 515 { 516 $mode=(array)$mode; 517 call_user_func_array(array($this->_statement, 'setFetchMode'), $mode); 518 $result=$this->_statement->$method(); 519 $this->_statement->closeCursor(); 520 } Stack Trace #0 + /is/htdocs/XXX_YYY/www/limesurvey/framework/db/CDbCommand.php(508): PDOStatement->execute() #1 + /is/htdocs/XXX_YYY/www/limesurvey/framework/db/CDbCommand.php(396): CDbCommand->queryInternal("fetchAll", array(2), array()) #2 + /is/htdocs/XXX_YYY/www/limesurvey/framework/db/schema/mysql/CMysqlSchema.php(168): CDbCommand->queryAll() #3 + /is/htdocs/XXX_YYY/www/limesurvey/framework/db/schema/mysql/CMysqlSchema.php(128): CMysqlSchema->findColumns(CMysqlTableSchema) #4 + /is/htdocs/XXX_YYY/www/limesurvey/framework/db/schema/CDbSchema.php(96): CMysqlSchema->loadTable("survey_884596") #5 + /is/htdocs/XXX_YYY/www/limesurvey/framework/db/ar/CActiveRecord.php(2386): CDbSchema->getTable("{{survey_884596}}") #6 + /is/htdocs/XXX_YYY/www/limesurvey/framework/db/ar/CActiveRecord.php(411): CActiveRecordMetaData->__construct(SurveyDynamic) #7 + /is/htdocs/XXX_YYY/www/limesurvey/framework/db/ar/CActiveRecord.php(680): CActiveRecord->getMetaData() #8 – /is/htdocs/XXX_YYY/www/limesurvey/application/models/LSActiveRecord.php(29): CActiveRecord->hasAttribute("created") 24 * @return array 25 */ 26 public function behaviors() 27 { 28 $aBehaviors=array(); 29 $sCreateFieldName=($this->hasAttribute('created')?'created':null); 30 $sUpdateFieldName=($this->hasAttribute('modified')?'modified':null); 31 $sDriverName = Yii::app()->db->getDriverName(); 32 if ($sDriverName=='sqlsrv' || $sDriverName=='dblib') 33 { 34 $sTimestampExpression=new CDbExpression('GETDATE()'); #9 + /is/htdocs/XXX_YYY/www/limesurvey/framework/db/ar/CActiveRecord.php(396): LSActiveRecord->behaviors() #10 – /is/htdocs/XXX_YYY/www/limesurvey/application/models/SurveyDynamic.php(42): CActiveRecord::model("SurveyDynamic") 37 { 38 self::sid($sid); 39 $refresh = true; 40 } 41 42 $model = parent::model(__CLASS__); 43 44 //We need to refresh if we changed sid 45 if ($refresh === true) $model->refreshMetaData(); 46 47 return $model; #11 – /is/htdocs/XXX_YYY/www/limesurvey/application/helpers/replacements_helper.php(347): SurveyDynamic::model("884596") 342 $_linkreplace=''; 343 } 344 345 if(isset($thissurvey['sid']) && isset($_SESSION['survey_'.$thissurvey['sid']]['srid']) && $thissurvey['active']=='Y') 346 { 347 $iscompleted=SurveyDynamic::model($surveyid)->isCompleted($_SESSION['survey_'.$thissurvey['sid']]['srid']); 348 } 349 else 350 { 351 $iscompleted=false; 352 } #12 + /is/htdocs/XXX_YYY/www/limesurvey/application/libraries/Save.php(66): templatereplace(" <meta http-equiv="content-type" content=...", array(), array("errormsg" => "Error: Email failed, this may indicate a PHP Mail Setup problem ...", "thissurvey" => array("template" => "default", "language" => "en", "sid" => "884596", "owner_id" => "12", ...), "surveyid" => "884596", "clienttoken" => "", ...)) #13 + /is/htdocs/XXX_YYY/www/limesurvey/application/helpers/SurveyRuntimeHelper.php(684): Save->showsaveform() #14 + /is/htdocs/XXX_YYY/www/limesurvey/application/controllers/survey/index.php(611): SurveyRuntimeHelper->run("884596", array("surveyid" => "884596", "thissurvey" => array("template" => "default", "language" => "en", "sid" => "884596", "owner_id" => "12", ...), "thisstep" => "1", "tokensexist" => 0, ...)) #15 + /is/htdocs/XXX_YYY/www/limesurvey/application/controllers/survey/index.php(70): index->action() #16 + /is/htdocs/XXX_YYY/www/limesurvey/framework/web/actions/CAction.php(76): index->run() #17 + /is/htdocs/XXX_YYY/www/limesurvey/framework/web/CController.php(308): CAction->runWithParams(array("sid" => "884596")) #18 + /is/htdocs/XXX_YYY/www/limesurvey/framework/web/CController.php(286): CController->runAction(index) #19 + /is/htdocs/XXX_YYY/www/limesurvey/framework/web/CController.php(265): CController->runActionWithFilters(index, array()) #20 + /is/htdocs/XXX_YYY/www/limesurvey/framework/web/CWebApplication.php(282): CController->run("index") #21 + /is/htdocs/XXX_YYY/www/limesurvey/framework/web/CWebApplication.php(141): CWebApplication->runController("survey/index/sid/884596") #22 + /is/htdocs/XXX_YYY/www/limesurvey/framework/base/CApplication.php(185): CWebApplication->processRequest() #23 + /is/htdocs/XXX_YYY/www/limesurvey/index.php(214): CApplication->run()

↧

12442: Massive-delete questions fails to delete some questions

May 29, 2017, 6:40 am

≫ Next: 12443: Count for list_participants

≪ Previous: 12441: "Resume later" does not work - Error while sending QUERY packet

Some questions do not get deleted although massive report says "deleted"

↧

12443: Count for list_participants

May 29, 2017, 12:31 pm

≫ Next: 12444: Time limit not working correctly

≪ Previous: 12442: Massive-delete questions fails to delete some questions

Since we don't have a "count_participants" method in Remote Control and I've now way of guessing the amount of participants, I've add a "count_results" key to the $aData array so I can' safely create a pagination. I don't know if the way I did is the best approach, but It gets the job done. In my humble opinion every method with a "limit" option should have another method to count the total amount of results or return it so we know when the results have ended.

↧

12444: Time limit not working correctly

May 30, 2017, 1:30 am

≫ Next: 12445: Slider "Slider initial value" not recorded in data

≪ Previous: 12443: Count for list_participants

While setting questiontype List (Options), screen is flickering after time has run out on preview. In the active survey the participant can finish the question even if the time has run out. Original ticket: Hallo, wenn ich bei meiner Umfrage ein Zeitlimit setzen möchte und habe als Fragentyp "Liste (Optionsfelder)" dann fängt der Bildschirm in der Vorschau an zu flackern sobald die Zeit abgelaufen ist. Wenn ich die Aktion auf "nur deaktivieren" setze dann kann der User die Frage noch in aller Ruhe beantworten obwohl das Limit abgelaufen ist.

↧

12445: Slider "Slider initial value" not recorded in data

May 30, 2017, 6:28 am

≫ Next: 12448: Allow 'with comment' for all question types

≪ Previous: 12444: Time limit not working correctly

When this setting is used, not only should the slider start at that position, but that value should be recorded in the data as an initial value (even if the slider is not manipulated) - <a href="https://manual.limesurvey.org/Question_type_-_Multiple_numerical_input#Slider_initial_value_.28slider_default.29">https://manual.limesurvey.org/Question_type_-_Multiple_numerical_input#Slider_initial_value_.28slider_default.29.</a> - Currently, the slider starts in the correct position but nothing is recorded in the data - Expression Manager does not see the initial value - One cannot advance if the question is mandatory (although I see little use for a mandatory setting on a slider with an initial value, one should still be able to advance in that case)

↧

12448: Allow 'with comment' for all question types

May 31, 2017, 3:59 am

≫ Next: 12449: Quick translation is not working

≪ Previous: 12445: Slider "Slider initial value" not recorded in data

Similar to 'list with comments' I would appreciate the option 'with comments' for all question types. Why? Many questions cannot be formulated in a finite way leaving often options uncaptured. And those would be helpful. Working now with 'short/ long comments' after e.g. an array makes the whole survey very long, and you have to declare in the label, that the comment is related to the previous question. Whereas the principle of 'list with comment' is very smart and compact.

↧

12449: Quick translation is not working

May 31, 2017, 4:05 am

≫ Next: 12450: DataEntry not opening with array filter questions

≪ Previous: 12448: Allow 'with comment' for all question types

It does not save the translations. No update to 2.6+ possible until next september for my university's server.

↧

12450: DataEntry not opening with array filter questions

June 1, 2017, 1:16 am

≫ Next: 12451: Problem when One user export to pdf

≪ Previous: 12449: Quick translation is not working

Data-entry blank screen with debug=>0

↧

12451: Problem when One user export to pdf

June 1, 2017, 8:35 am

≫ Next: 12452: Conditional routing doesn't work, all vars are treated as string during comparison

≪ Previous: 12450: DataEntry not opening with array filter questions

I have LimeSurvey (Version 2.64.7+170404 ) with php7 and MSSQL Server. [Thu Jun 01 13:48:10.256254 2017] [:error] [pid 19692] [client 10.38.23.49:54803] PHP Notice: Undefined property: pdf::$getFontFamily in /var/www/html/limesurvey/application/libraries/admin/pdf.php on line 806, referer: <a href="http://vm-limesurvey-pre/limesurvey/index.php/printanswers/view/surveyid/646934">http://vm-limesurvey-pre/limesurvey/index.php/printanswers/view/surveyid/646934</a> [Thu Jun 01 13:48:10.261062 2017] [:error] [pid 19692] [client 10.38.23.49:54803] PHP Notice: Undefined property: pdf::$getFontFamily in /var/www/html/limesurvey/application/libraries/admin/pdf.php on line 806, referer: <a href="http://vm-limesurvey-pre/limesurvey/index.php/printanswers/view/surveyid/646934">http://vm-limesurvey-pre/limesurvey/index.php/printanswers/view/surveyid/646934</a> [Thu Jun 01 13:48:10.263196 2017] [:error] [pid 19692] [client 10.38.23.49:54803] PHP Notice: Undefined property: pdf::$getFontFamily in /var/www/html/limesurvey/application/libraries/admin/pdf.php on line 806, referer: <a href="http://vm-limesurvey-pre/limesurvey/index.php/printanswers/view/surveyid/646934">http://vm-limesurvey-pre/limesurvey/index.php/printanswers/view/surveyid/646934</a>

↧

12452: Conditional routing doesn't work, all vars are treated as string during comparison

June 1, 2017, 7:26 am

≫ Next: 12453: Unable to update passwords using Firefox browser

≪ Previous: 12451: Problem when One user export to pdf

Hi On LS 2.65.1+170522 the conditions based on integer variable (e.g Numerical Input) do not work anymore.

↧

12453: Unable to update passwords using Firefox browser

June 4, 2017, 4:04 pm

≫ Next: 12454: Connection with MySQL Cluster

≪ Previous: 12452: Conditional routing doesn't work, all vars are treated as string during comparison

When logged in as admin using the latest version of FIrefox, I am unable to update my password through my profile. I am unable to update any password in the user management section. The password fields are visible, but disabled and not able to be changed. There is no problem when using Internet Explorer, but this is not always an acceptable solution.

↧

12454: Connection with MySQL Cluster

June 4, 2017, 11:42 pm

≫ Next: 12455: Invite email does not let you attach a file

≪ Previous: 12453: Unable to update passwords using Firefox browser

Hello, I am going to transfer my Lime Survey from normal MySQL to MySQL cluster. But can anyone please help me to guide how to make the connection in that. As i have set up my MySQL cluster with 3 nodes on local system. The suggestion is highly appreciated.

↧

12455: Invite email does not let you attach a file

June 5, 2017, 9:07 am

≫ Next: 12456: Conditional routing doesn't work on scale and array questions

≪ Previous: 12454: Connection with MySQL Cluster

The invite email gives an error if you want to attach a file to the email.

↧