| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 16656 | Bug reports | Survey taking | public | 2020-09-10 13:20 | 2020-11-30 11:40 |
| Reporter | DeveloperChris | Assigned To | gabrieljenik | ||
| Priority | none | Severity | block | ||
| Status | closed | Resolution | fixed | ||
| Product Version | 3.23.3 | ||||
| Summary | 16656: uploading files in chrome corrupts the response and loses the uploaded file | ||||
| Description | I have been chasing a sever bug for several days now and have finally determined what is causing it The upload file question type does not adequately escape characters and causes truncated JSON to be stored in the database because the JSON is truncated it is near impossible to recover the uploaded file. The survey is part of a covid 19 medical response so this bug is critical for us. | ||||
| Steps To Reproduce | import the attached simple LSS file it contains 2 questions a file upload and a mandatory text field the mandatory part is critical to this bug. Activate the survey and browse to it in chrome Version 85.0.4183.102 (Official Build) (64-bit) Add a file in the title field add a gt symbol e.g. t'itle Do not enter any text into the mandatory text question Click submit. An error occurs close the error dialogue Now you can see that the upload question contains damaged JSON open the developer screen in chrome (F12) add text to the mandatory text field Submit the form and see what is actually submitted This also fails in firefox however the symptoms can be a bit different (at times) | ||||
| Additional Information | Problem is in all versions of Limesurvey 3 prior to 3.23.3 if you include a gt '<' symbol in either the title or the comment the displayed title and comment fields are also corrupted this may mean there is an XSS exploit possible See attached images | ||||
| Tags | No tags attached. | ||||
| Bug heat | 10 | ||||
| Complete LimeSurvey version number (& build) | 3.23.3 | ||||
| I will donate to the project if issue is resolved | Yes | ||||
| Browser | Chrome Version 85.0.4183.102 | ||||
| Database type & version | N/A | ||||
| Server OS (if known) | N/A | ||||
| Webserver software & version (if known) | N/A | ||||
| PHP Version | N/A | ||||
 |
I meant to say "an apostrophe" but wrote "a gt symbol" however as stated later in the submission a gt "<" symbol also causes corruption |
|
|
We need a resolution on this problem. |
 |
@gabrieljenik, could you please take a look at this one and discuss about it later? |
 |
The problem is that some encoding needs to be done to the title, comments and other fields. |
 |
My opinion : saved as row (but json_encode), encoded in js (or html) only You can found the real name with : get from DB, json_decode |
|
|
Encoding the upload attributes for handling and rendering in the survey participant taking process. Still, probably, there might be a few places where adapting may be needed. |
|
|
To be reviewed if the same is needed on LS4. |
|
|
@gabrieljenik, please go ahead. If yes, create a ticket and ping me in it/write me in private |
|
|
Fix committed to 3.x-LTS branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=30762 |
 |
Fixed in Release 3.25.2+201131 |
