17353: Argument 1 must be at least CRYPTO_SIGN_BYTES long - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

17353	Bug reports	Survey participants (Tokens)	public	2021-06-04 21:06	2021-07-12 11:53

Reporter	pathros	Assigned To	ollehar
Priority	immediate	Severity	crash
Status	closed	Resolution	fixed
Product Version	5.x

Summary	17353: Argument 1 must be at least CRYPTO_SIGN_BYTES long
Description	I created a new survey, which I want it to be anonymous but with a list of participants. I have created tokens and sent them to the participants. However, when they click on the invitation link, they get the following error: `Server error 500: Argument 1 must be at least CRYPTO_SIGN_BYTES long.` Taking a look into the source code, right at the "compat.php" file we have: const CRYPTO_SIGN_BYTES = 64; / Input validation: / if (ParagonIE_Sodium_Core_Util::strlen($signedMessage) < self::CRYPTO_SIGN_BYTES) { throw new SodiumException('Argument 1 must be at least CRYPTO_SIGN_BYTES long.'); } In Limesurvey, if I attempt to set a 64 token long, it changes it to 15. So, I don't get it. What should be longer than 64? What does that mean??? How can I fix it??? Can anybody shed some light? I have tried the same thing in Limesurvey version 3 LTS, and everything works flawlessly. However, I want to use the version 5, since it has the ability to encrypt the email addresses.
Steps To Reproduce	1.- Set the survey to anonymous and restricted to a specific list of participants. 2.- Create a new list of participants. Only fill the email field. Let both the firstname and lastname be null. Set the three fields, firstname, lastname, and email be encrypted. 3.- Create the tokens and send them to the participants. 4.- Right from the email inbox, click on the invitation link. You should get that error: Server error 500: Argument 1 must be at least CRYPTO_SIGN_BYTES long. Note: However, if you click on the unsubscribe link, it does work!
Additional Information	I am using latest version of Limesurvey 5.0.1. Moreover, I got this answer from Paragonie: It sounds like Limesurvey has a bug in their code that uses sodium_compat rather than a sodium_compat bug. https://github.com/LimeSurvey/LimeSurvey/blob/1a013ec45e0336650560d078a3038b05c7bb4135/application/core/LSSodium.php#L88-L128 Weirdly, their function claims to be "encryption" but isn't.We recommend talking to the Limesurvey developers. Paragon Initiative Enterprises does not develop or support Limesurvey.
Tags	add_participants, bug
Attached Files	limesurvey_survey_624727.lss (23,775 bytes) <?xml version="1.0" encoding="UTF-8"?> <document> <LimeSurveyDocType>Survey</LimeSurveyDocType> <DBVersion>448</DBVersion> <languages> <language>es-MX</language> </languages> <groups> <fields> <fieldname>gid</fieldname> <fieldname>sid</fieldname> <fieldname>group_order</fieldname> <fieldname>randomization_group</fieldname> <fieldname>grelevance</fieldname> </fields> <rows> <row> <gid><![CDATA[1]]></gid> <sid><![CDATA[624727]]></sid> <group_order><![CDATA[1]]></group_order> <randomization_group/> <grelevance><![CDATA[1]]></grelevance> </row> </rows> </groups> <group_l10ns> <fields> <fieldname>id</fieldname> <fieldname>gid</fieldname> <fieldname>group_name</fieldname> <fieldname>description</fieldname> <fieldname>language</fieldname> <fieldname>sid</fieldname> <fieldname>group_order</fieldname> <fieldname>randomization_group</fieldname> <fieldname>grelevance</fieldname> </fields> <rows> <row> <id><![CDATA[1]]></id> <gid><![CDATA[1]]></gid> <group_name><![CDATA[Mi primer grupo de preguntas]]></group_name> <language><![CDATA[es-MX]]></language> <sid><![CDATA[624727]]></sid> <group_order><![CDATA[1]]></group_order> <randomization_group/> <grelevance><![CDATA[1]]></grelevance> </row> </rows> </group_l10ns> <questions> <fields> <fieldname>qid</fieldname> <fieldname>parent_qid</fieldname> <fieldname>sid</fieldname> <fieldname>gid</fieldname> <fieldname>type</fieldname> <fieldname>title</fieldname> <fieldname>preg</fieldname> <fieldname>other</fieldname> <fieldname>mandatory</fieldname> <fieldname>encrypted</fieldname> <fieldname>question_order</fieldname> <fieldname>scale_id</fieldname> <fieldname>same_default</fieldname> <fieldname>relevance</fieldname> <fieldname>modulename</fieldname> </fields> <rows> <row> <qid><![CDATA[1]]></qid> <parent_qid><![CDATA[0]]></parent_qid> <sid><![CDATA[624727]]></sid> <gid><![CDATA[1]]></gid> <type><![CDATA[Q]]></type> <title><![CDATA[Q00]]></title> <preg/> <other><![CDATA[N]]></other> <mandatory><![CDATA[N]]></mandatory> <encrypted><![CDATA[N]]></encrypted> <question_order><![CDATA[1]]></question_order> <scale_id><![CDATA[0]]></scale_id> <same_default><![CDATA[0]]></same_default> <relevance><![CDATA[1]]></relevance> </row> </rows> </questions> <subquestions> <fields> <fieldname>qid</fieldname> <fieldname>parent_qid</fieldname> <fieldname>sid</fieldname> <fieldname>gid</fieldname> <fieldname>type</fieldname> <fieldname>title</fieldname> <fieldname>preg</fieldname> <fieldname>other</fieldname> <fieldname>mandatory</fieldname> <fieldname>encrypted</fieldname> <fieldname>question_order</fieldname> <fieldname>scale_id</fieldname> <fieldname>same_default</fieldname> <fieldname>relevance</fieldname> <fieldname>modulename</fieldname> </fields> <rows> <row> <qid><![CDATA[53]]></qid> <parent_qid><![CDATA[1]]></parent_qid> <sid><![CDATA[624727]]></sid> <gid><![CDATA[1]]></gid> <type><![CDATA[T]]></type> <title><![CDATA[SQ001]]></title> <other><![CDATA[N]]></other> <encrypted><![CDATA[N]]></encrypted> <question_order><![CDATA[0]]></question_order> <scale_id><![CDATA[0]]></scale_id> <same_default><![CDATA[0]]></same_default> <relevance><![CDATA[1]]></relevance> </row> <row> <qid><![CDATA[54]]></qid> <parent_qid><![CDATA[1]]></parent_qid> <sid><![CDATA[624727]]></sid> <gid><![CDATA[1]]></gid> <type><![CDATA[T]]></type> <title><![CDATA[SQ002]]></title> <other><![CDATA[N]]></other> <encrypted><![CDATA[N]]></encrypted> <question_order><![CDATA[1]]></question_order> <scale_id><![CDATA[0]]></scale_id> <same_default><![CDATA[0]]></same_default> <relevance><![CDATA[1]]></relevance> </row> <row> <qid><![CDATA[55]]></qid> <parent_qid><![CDATA[1]]></parent_qid> <sid><![CDATA[624727]]></sid> <gid><![CDATA[1]]></gid> <type><![CDATA[T]]></type> <title><![CDATA[SQ003]]></title> <other><![CDATA[N]]></other> <encrypted><![CDATA[N]]></encrypted> <question_order><![CDATA[2]]></question_order> <scale_id><![CDATA[0]]></scale_id> <same_default><![CDATA[0]]></same_default> <relevance><![CDATA[1]]></relevance> </row> <row> <qid><![CDATA[56]]></qid> <parent_qid><![CDATA[1]]></parent_qid> <sid><![CDATA[624727]]></sid> <gid><![CDATA[1]]></gid> <type><![CDATA[T]]></type> <title><![CDATA[SQ004]]></title> <other><![CDATA[N]]></other> <encrypted><![CDATA[N]]></encrypted> <question_order><![CDATA[3]]></question_order> <scale_id><![CDATA[0]]></scale_id> <same_default><![CDATA[0]]></same_default> <relevance><![CDATA[1]]></relevance> </row> <row> <qid><![CDATA[57]]></qid> <parent_qid><![CDATA[1]]></parent_qid> <sid><![CDATA[624727]]></sid> <gid><![CDATA[1]]></gid> <type><![CDATA[T]]></type> <title><![CDATA[SQ005]]></title> <other><![CDATA[N]]></other> <encrypted><![CDATA[N]]></encrypted> <question_order><![CDATA[4]]></question_order> <scale_id><![CDATA[0]]></scale_id> <same_default><![CDATA[0]]></same_default> <relevance><![CDATA[1]]></relevance> </row> </rows> </subquestions> <question_l10ns> <fields> <fieldname>id</fieldname> <fieldname>qid</fieldname> <fieldname>question</fieldname> <fieldname>help</fieldname> <fieldname>script</fieldname> <fieldname>language</fieldname> </fields> <rows> <row> <id><![CDATA[1]]></id> <qid><![CDATA[1]]></qid> <question><![CDATA[Teclee en cada cuadro el nombre completo de cada candidato de su preferencia (sólo el número de candidatos que usted prefiera. No es obligatorio que llene todos los cuadros.):]]></question> <help/> <script/> <language><![CDATA[es-MX]]></language> </row> <row> <id><![CDATA[53]]></id> <qid><![CDATA[53]]></qid> <question><![CDATA[Candidato 1]]></question> <language><![CDATA[es-MX]]></language> </row> <row> <id><![CDATA[54]]></id> <qid><![CDATA[54]]></qid> <question><![CDATA[Candidato 2]]></question> <language><![CDATA[es-MX]]></language> </row> <row> <id><![CDATA[55]]></id> <qid><![CDATA[55]]></qid> <question><![CDATA[Candidato 3]]></question> <language><![CDATA[es-MX]]></language> </row> <row> <id><![CDATA[56]]></id> <qid><![CDATA[56]]></qid> <question><![CDATA[Candidato 4]]></question> <language><![CDATA[es-MX]]></language> </row> <row> <id><![CDATA[57]]></id> <qid><![CDATA[57]]></qid> <question><![CDATA[Candidato 5]]></question> <language><![CDATA[es-MX]]></language> </row> </rows> </question_l10ns> <question_attributes> <fields> <fieldname>qid</fieldname> <fieldname>attribute</fieldname> <fieldname>value</fieldname> <fieldname>language</fieldname> </fields> <rows> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[autoaddnewline]]></attribute> <value><![CDATA[yes]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[addlineicon]]></attribute> <value><![CDATA[plus-circle]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[prefix]]></attribute> <value/> <language><![CDATA[es-MX]]></language> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[suffix]]></attribute> <value/> <language><![CDATA[es-MX]]></language> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[text_input_columns]]></attribute> <value><![CDATA[9]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[label_input_columns]]></attribute> <value/> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[random_order]]></attribute> <value><![CDATA[0]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[input_size]]></attribute> <value/> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[display_rows]]></attribute> <value/> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[hide_tip]]></attribute> <value><![CDATA[0]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[hidden]]></attribute> <value><![CDATA[0]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[cssclass]]></attribute> <value/> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[maximum_chars]]></attribute> <value><![CDATA[100]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[min_answers]]></attribute> <value><![CDATA[1]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[max_answers]]></attribute> <value><![CDATA[5]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[array_filter]]></attribute> <value/> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[array_filter_style]]></attribute> <value><![CDATA[0]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[array_filter_exclude]]></attribute> <value/> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[exclude_all_others]]></attribute> <value/> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[random_group]]></attribute> <value/> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[em_validation_q]]></attribute> <value/> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[em_validation_q_tip]]></attribute> <value/> <language><![CDATA[es-MX]]></language> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[em_validation_sq]]></attribute> <value/> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[em_validation_sq_tip]]></attribute> <value/> <language><![CDATA[es-MX]]></language> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[page_break]]></attribute> <value><![CDATA[0]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[numbers_only]]></attribute> <value><![CDATA[0]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[statistics_showgraph]]></attribute> <value><![CDATA[0]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[statistics_graphtype]]></attribute> <value><![CDATA[0]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[question_template]]></attribute> <value><![CDATA[inputondemand]]></value> <language/> </row> <row> <qid><![CDATA[1]]></qid> <attribute><![CDATA[save_as_default]]></attribute> <value><![CDATA[N]]></value> <language/> </row> </rows> </question_attributes> <surveys> <fields> <fieldname>sid</fieldname> <fieldname>gsid</fieldname> <fieldname>admin</fieldname> <fieldname>expires</fieldname> <fieldname>startdate</fieldname> <fieldname>adminemail</fieldname> <fieldname>anonymized</fieldname> <fieldname>faxto</fieldname> <fieldname>format</fieldname> <fieldname>savetimings</fieldname> <fieldname>template</fieldname> <fieldname>language</fieldname> <fieldname>additional_languages</fieldname> <fieldname>datestamp</fieldname> <fieldname>usecookie</fieldname> <fieldname>allowregister</fieldname> <fieldname>allowsave</fieldname> <fieldname>autonumber_start</fieldname> <fieldname>autoredirect</fieldname> <fieldname>allowprev</fieldname> <fieldname>printanswers</fieldname> <fieldname>ipaddr</fieldname> <fieldname>ipanonymize</fieldname> <fieldname>refurl</fieldname> <fieldname>showsurveypolicynotice</fieldname> <fieldname>publicstatistics</fieldname> <fieldname>publicgraphs</fieldname> <fieldname>listpublic</fieldname> <fieldname>htmlemail</fieldname> <fieldname>sendconfirmation</fieldname> <fieldname>tokenanswerspersistence</fieldname> <fieldname>assessments</fieldname> <fieldname>usecaptcha</fieldname> <fieldname>usetokens</fieldname> <fieldname>bounce_email</fieldname> <fieldname>attributedescriptions</fieldname> <fieldname>emailresponseto</fieldname> <fieldname>emailnotificationto</fieldname> <fieldname>tokenlength</fieldname> <fieldname>showxquestions</fieldname> <fieldname>showgroupinfo</fieldname> <fieldname>shownoanswer</fieldname> <fieldname>showqnumcode</fieldname> <fieldname>bouncetime</fieldname> <fieldname>bounceprocessing</fieldname> <fieldname>bounceaccounttype</fieldname> <fieldname>bounceaccounthost</fieldname> <fieldname>bounceaccountpass</fieldname> <fieldname>bounceaccountencryption</fieldname> <fieldname>bounceaccountuser</fieldname> <fieldname>showwelcome</fieldname> <fieldname>showprogress</fieldname> <fieldname>questionindex</fieldname> <fieldname>navigationdelay</fieldname> <fieldname>nokeyboard</fieldname> <fieldname>alloweditaftercompletion</fieldname> <fieldname>googleanalyticsstyle</fieldname> <fieldname>googleanalyticsapikey</fieldname> <fieldname>tokenencryptionoptions</fieldname> </fields> <rows> <row> <sid><![CDATA[624727]]></sid> <gsid><![CDATA[1]]></gsid> <admin><![CDATA[Administrador del sistema]]></admin> <expires><![CDATA[2021-06-19 18:37:00]]></expires> <startdate><![CDATA[2021-06-03 18:37:00]]></startdate> <adminemail><![CDATA[patrotsky@yahoo.com]]></adminemail> <anonymized><![CDATA[Y]]></anonymized> <faxto/> <format><![CDATA[I]]></format> <savetimings><![CDATA[Y]]></savetimings> <template><![CDATA[bootswatch]]></template> <language><![CDATA[es-MX]]></language> <additional_languages/> <datestamp><![CDATA[Y]]></datestamp> <usecookie><![CDATA[Y]]></usecookie> <allowregister><![CDATA[N]]></allowregister> <allowsave><![CDATA[I]]></allowsave> <autonumber_start><![CDATA[1]]></autonumber_start> <autoredirect><![CDATA[I]]></autoredirect> <allowprev><![CDATA[I]]></allowprev> <printanswers><![CDATA[I]]></printanswers> <ipaddr><![CDATA[N]]></ipaddr> <ipanonymize><![CDATA[Y]]></ipanonymize> <refurl><![CDATA[N]]></refurl> <showsurveypolicynotice><![CDATA[0]]></showsurveypolicynotice> <publicstatistics><![CDATA[I]]></publicstatistics> <publicgraphs><![CDATA[I]]></publicgraphs> <listpublic><![CDATA[N]]></listpublic> <htmlemail><![CDATA[I]]></htmlemail> <sendconfirmation><![CDATA[I]]></sendconfirmation> <tokenanswerspersistence><![CDATA[I]]></tokenanswerspersistence> <assessments><![CDATA[I]]></assessments> <usecaptcha><![CDATA[R]]></usecaptcha> <usetokens><![CDATA[N]]></usetokens> <bounce_email><![CDATA[patrotsky@yahoo.com]]></bounce_email> <attributedescriptions><![CDATA[{"firstname":{"encrypted":"Y"},"lastname":{"encrypted":"Y"},"email":{"encrypted":"Y"}}]]></attributedescriptions> <emailresponseto><![CDATA[inherit]]></emailresponseto> <emailnotificationto><![CDATA[inherit]]></emailnotificationto> <tokenlength><![CDATA[32]]></tokenlength> <showxquestions><![CDATA[I]]></showxquestions> <showgroupinfo><![CDATA[I]]></showgroupinfo> <shownoanswer><![CDATA[I]]></shownoanswer> <showqnumcode><![CDATA[I]]></showqnumcode> <bounceprocessing><![CDATA[N]]></bounceprocessing> <showwelcome><![CDATA[I]]></showwelcome> <showprogress><![CDATA[I]]></showprogress> <questionindex><![CDATA[-1]]></questionindex> <navigationdelay><![CDATA[-1]]></navigationdelay> <nokeyboard><![CDATA[I]]></nokeyboard> <alloweditaftercompletion><![CDATA[N]]></alloweditaftercompletion> <googleanalyticsstyle/> <googleanalyticsapikey/> <tokenencryptionoptions><![CDATA[{ "enabled":"Y","columns":{ "firstname":"Y","lastname":"Y","email":"Y" } }]]></tokenencryptionoptions> </row> </rows> </surveys> <surveys_languagesettings> <fields> <fieldname>surveyls_survey_id</fieldname> <fieldname>surveyls_language</fieldname> <fieldname>surveyls_title</fieldname> <fieldname>surveyls_description</fieldname> <fieldname>surveyls_welcometext</fieldname> <fieldname>surveyls_endtext</fieldname> <fieldname>surveyls_policy_notice</fieldname> <fieldname>surveyls_policy_error</fieldname> <fieldname>surveyls_policy_notice_label</fieldname> <fieldname>surveyls_url</fieldname> <fieldname>surveyls_urldescription</fieldname> <fieldname>surveyls_email_invite_subj</fieldname> <fieldname>surveyls_email_invite</fieldname> <fieldname>surveyls_email_remind_subj</fieldname> <fieldname>surveyls_email_remind</fieldname> <fieldname>surveyls_email_register_subj</fieldname> <fieldname>surveyls_email_register</fieldname> <fieldname>surveyls_email_confirm_subj</fieldname> <fieldname>surveyls_email_confirm</fieldname> <fieldname>surveyls_dateformat</fieldname> <fieldname>surveyls_attributecaptions</fieldname> <fieldname>email_admin_notification_subj</fieldname> <fieldname>email_admin_notification</fieldname> <fieldname>email_admin_responses_subj</fieldname> <fieldname>email_admin_responses</fieldname> <fieldname>surveyls_numberformat</fieldname> <fieldname>attachments</fieldname> </fields> <rows> <row> <surveyls_survey_id><![CDATA[624727]]></surveyls_survey_id> <surveyls_language><![CDATA[es-MX]]></surveyls_language> <surveyls_title><![CDATA[Auscultación cuantitativa a aspirantes para ocupar el cargo de Director del IISUNAM]]></surveyls_title> <surveyls_description/> <surveyls_welcometext/> <surveyls_endtext/> <surveyls_policy_notice/> <surveyls_policy_notice_label/> <surveyls_url/> <surveyls_urldescription/> <surveyls_email_invite_subj><![CDATA[Invitación a participar en una encuesta]]></surveyls_email_invite_subj> <surveyls_email_invite><![CDATA[Estimado/a {FIRSTNAME}, usted ha sido invitado a participar en una encuesta. La encuesta es titulada: "{SURVEYNAME}" "{SURVEYDESCRIPTION}" Para participar, por favor pulse en el siguiente enlace. Atentamente, {ADMINNAME} ({ADMINEMAIL}) Pulse aquí para hacer la encuesta: {SURVEYURL} Si no desea participar más en esta encuesta y no quiere recibir más invitaciones, por favor haga click en el siguiente link: {OPTOUTURL} Si está en la lista negra, pero desea participar en esta encuesta y desea recibir invitaciones por favor haga clic en el siguiente enlace: {OpenUrl} ]]></surveyls_email_invite> <surveyls_email_remind_subj><![CDATA[Recordatorio para participar en una encuesta]]></surveyls_email_remind_subj> <surveyls_email_remind><![CDATA[Estimado/a {FIRSTNAME} {LASTNAME}: Recientemente se le invitó a participar en la encuesta de título «{SURVEYNAME}» «{SURVEYDESCRIPTION}» Advertimos que aún no la ha completado, y de la forma más atenta queríamos recordarle que todavía se encuentra disponible si desea participar. Para hacerlo, por favor pulse en el siguiente enlace. {SURVEYURL} Nuevamente le agradecemos su interés y colaboración. Atentamente, {ADMINNAME} ({ADMINEMAIL}) Si no desea participar más en esta encuesta y no quiere recibir más invitaciones, por favor haga click en el siguiente link: {OPTOUTURL}]]></surveyls_email_remind> <surveyls_email_register_subj><![CDATA[Confirmación de inscripción en la encuesta]]></surveyls_email_register_subj> <surveyls_email_register><![CDATA[Estimado/a {FIRSTNAME} {LASTNAME}: Usted, o alguien utilizando su dirección de correo electrónico, se ha registrado para participar en un cuestionario en línea titulado "{SURVEYNAME}". Para completarla, pulse en la siguiente URL: {SURVEYURL} Si tiene dudas con respecto al cuestionario, o si no se registró para participar y cree que este correo es un error, por favor, póngase en contacto con {ADMINNAME} en {ADMINEMAIL}.]]></surveyls_email_register> <surveyls_email_confirm_subj><![CDATA[Confirmación de su participación en nuestra encuesta]]></surveyls_email_confirm_subj> <surveyls_email_confirm><![CDATA[Estimado/a {FIRSTNAME}, este correo es para confirmarle que ha completado la encuesta titulada {SURVEYNAME} y sus respuestas han sido guardadas. Gracias por su participación. Si tiene alguna duda sobre este correo electrónico, por favor póngase en contacto con {ADMINNAME} en {ADMINEMAIL}. Reciba un muy cordial saludo, {ADMINNAME}]]></surveyls_email_confirm> <surveyls_dateformat><![CDATA[5]]></surveyls_dateformat> <surveyls_attributecaptions/> <email_admin_notification_subj><![CDATA[Responder envío de encuesta {SURVEYNAME}]]></email_admin_notification_subj> <email_admin_notification><![CDATA[Hola, Una nueva respuesta ha sido realizada para su encuesta '{SURVEYNAME}'. Click en el siguiente link para recargar la encuesta: {RELOADURL} Click en el siguiente link para ver la respuesta individualmente: {VIEWRESPONSEURL} Click en el siguiente link para editar la respuesta: {EDITRESPONSEURL} Vea las estadísticas aquí: {STATISTICSURL} Las siguientes respuestas fueron subidas por: {ANSWERTABLE}]]></email_admin_notification> <email_admin_responses_subj><![CDATA[Responder envío de encuesta {SURVEYNAME} con resultados]]></email_admin_responses_subj> <email_admin_responses><![CDATA[Hola, Una nueva respuesta ha sido realizada para su encuesta '{SURVEYNAME}'. Click en el siguiente link para recargar la encuesta: {RELOADURL} Click en el siguiente link para ver la respuesta individualmente: {VIEWRESPONSEURL} Click en el siguiente link para editar la respuesta: {EDITRESPONSEURL} Vea las estadísticas aquí: {STATISTICSURL} Las siguientes respuestas fueron subidas por: {ANSWERTABLE}]]></email_admin_responses> <surveyls_numberformat><![CDATA[0]]></surveyls_numberformat> </row> </rows> </surveys_languagesettings> <themes> <theme> <sid>624727</sid> <template_name>bootswatch</template_name> <config> <options>inherit</options> </config> </theme> <theme> <sid>624727</sid> <template_name>fruity</template_name> <config> <options>inherit</options> </config> </theme> </themes> <themes_inherited> <theme> <sid>624727</sid> <template_name>bootswatch</template_name> <config> <options> <ajaxmode>off</ajaxmode> <brandlogo>on</brandlogo> <container>on</container> <brandlogofile>themes/survey/bootswatch/files/logo.png</brandlogofile> <showpopups>1</showpopups> <showclearall>off</showclearall> <questionhelptextposition>top</questionhelptextposition> </options> </config> </theme> <theme> <sid>624727</sid> <template_name>fruity</template_name> <config> <options> <ajaxmode>off</ajaxmode> <brandlogo>on</brandlogo> <container>on</container> <brandlogofile>themes/survey/bootswatch/files/logo.png</brandlogofile> <showpopups>1</showpopups> <showclearall>off</showclearall> <questionhelptextposition>top</questionhelptextposition> </options> </config> </theme> </themes_inherited> </document> limesurvey_survey_624727.lss (23,775 bytes)

Bug heat	10
Complete LimeSurvey version number (& build)	5.0.1 build 210532
I will donate to the project if issue is resolved	No
Browser	Firefox
Database type & version	MySQL 5.7 and MySQL 8
Server OS (if known)	Ubuntu 18 and 20
Webserver software & version (if known)	Nginx 1.15.8
PHP Version	7.4

User List	pathros

ollehar 2021-06-04 21:08 administrator ~64748	Try to install the sodium PHP extension.

DenisChenu 2021-06-05 10:14 developer ~64749	their function claims to be "encryption" but isn't This seems a real security issue here.

ollehar 2021-06-05 10:26 administrator ~64750	No idea what they meant by that.

DenisChenu 2021-06-05 11:01 developer ~64751	@pathros : maybe you can give us the contact at Paragon Initiative Enterprises Else : i confirm the issue : empty firstname and/or lastname send error.. OK if they are not empty. And seems there are another issue when edit token (i edit after send and they are set to terminate …) SodiumException.html (27,446 bytes) <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>SodiumException</title> <style type="text/css"> /<![CDATA[/ html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-size:100%;vertical-align:baseline;background:transparent;margin:0;padding:0;} body{line-height:1;} ol,ul{list-style:none;} blockquote,q{quotes:none;} blockquote:before,blockquote:after,q:before,q:after{content:none;} :focus{outline:0;} ins{text-decoration:none;} del{text-decoration:line-through;} table{border-collapse:collapse;border-spacing:0;} body { font: normal 9pt "Verdana"; color: #000; background: #fff; } h1 { font: normal 18pt "Verdana"; color: #f00; margin-bottom: .5em; } h2 { font: normal 14pt "Verdana"; color: #800000; margin-bottom: .5em; } h3 { font: bold 11pt "Verdana"; } pre { font: normal 11pt Menlo, Consolas, "Lucida Console", Monospace; } pre span.error { display: block; background: #fce3e3; } pre span.ln { color: #999; padding-right: 0.5em; border-right: 1px solid #ccc; } pre span.error-ln { font-weight: bold; } .container { margin: 1em 4em; } .version { color: gray; font-size: 8pt; border-top: 1px solid #aaa; padding-top: 1em; margin-bottom: 1em; } .message { color: #000; padding: 1em; font-size: 11pt; background: #f3f3f3; -webkit-border-radius: 10px; -moz-border-radius: 10px; border-radius: 10px; margin-bottom: 1em; line-height: 160%; } .source { margin-bottom: 1em; } .code pre { background-color: #ffe; margin: 0.5em 0; padding: 0.5em; line-height: 125%; border: 1px solid #eee; } .source .file { margin-bottom: 1em; font-weight: bold; } .traces { margin: 2em 0; } .trace { margin: 0.5em 0; padding: 0.5em; } .trace.app { border: 1px dashed #c00; } .trace .number { text-align: right; width: 2em; padding: 0.5em; } .trace .content { padding: 0.5em; } .trace .plus, .trace .minus { display:inline; vertical-align:middle; text-align:center; border:1px solid #000; color:#000; font-size:10px; line-height:10px; margin:0; padding:0 1px; width:10px; height:10px; } .trace.collapsed .minus, .trace.expanded .plus, .trace.collapsed pre { display: none; } .trace-file { cursor: pointer; padding: 0.2em; } .trace-file:hover { background: #f0ffff; } /]]>/ </style> </head> <body> <div class="container"> <h1>SodiumException</h1> <p class="message"> Argument 1 must be at least CRYPTO_SIGN_BYTES long. </p> <div class="source"> <p class="file">/mnt/data/shnoulle/nginx/www/master/third_party/paragonie/sodium_compat/src/Compat.php(2633)</p> <div class="code"><pre><span class="ln">2621</span> * @psalm-suppress MixedArgument <span class="ln">2622</span> * @psalm-suppress MixedInferredReturnType <span class="ln">2623</span> * @psalm-suppress MixedReturnStatement <span class="ln">2624</span> / <span class="ln">2625</span> public static function crypto_sign_open($signedMessage, $publicKey) <span class="ln">2626</span> { <span class="ln">2627</span> / Type checks: / <span class="ln">2628</span> ParagonIE_Sodium_Core_Util::declareScalarType($signedMessage, 'string', 1); <span class="ln">2629</span> ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2); <span class="ln">2630</span> <span class="ln">2631</span> / Input validation: / <span class="ln">2632</span> if (ParagonIE_Sodium_Core_Util::strlen($signedMessage) < self::CRYPTO_SIGN_BYTES) { <span class="error"><span class="ln error-ln">2633</span> throw new SodiumException('Argument 1 must be at least CRYPTO_SIGN_BYTES long.'); </span><span class="ln">2634</span> } <span class="ln">2635</span> if (ParagonIE_Sodium_Core_Util::strlen($publicKey) !== self::CRYPTO_SIGN_PUBLICKEYBYTES) { <span class="ln">2636</span> throw new SodiumException('Argument 2 must be CRYPTO_SIGN_PUBLICKEYBYTES long.'); <span class="ln">2637</span> } <span class="ln">2638</span> <span class="ln">2639</span> if (self::useNewSodiumAPI()) { <span class="ln">2640</span> /* <span class="ln">2641</span> * @psalm-suppress InvalidReturnStatement <span class="ln">2642</span> * @psalm-suppress FalsableReturnStatement <span class="ln">2643</span> / <span class="ln">2644</span> return sodium_crypto_sign_open($signedMessage, $publicKey); <span class="ln">2645</span> } </pre></div> </div> <div class="traces"> <h2>Stack Trace</h2> <table style="width:100%;"> <tbody><tr class="trace app expanded"> <td class="number"> #0 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/core/LSSodium.php(118): <strong>ParagonIE_Sodium_Compat</strong>::<strong>crypto_sign_open</strong>() </div> <div class="code"><pre><span class="ln">113</span> / <span class="ln">114</span> public function decrypt($sEncryptedString, $bReturnFalseIfError = false) <span class="ln">115</span> { <span class="ln">116</span> if ($this->bLibraryExists === true) { <span class="ln">117</span> if (!empty($sEncryptedString) && $sEncryptedString != 'null') { <span class="error"><span class="ln error-ln">118</span> $plaintext = ParagonIE_Sodium_Compat::crypto_sign_open(base64_decode($sEncryptedString), $this->sEncryptionPublicKey); </span><span class="ln">119</span> if ($plaintext === false) { <span class="ln">120</span> throw new SodiumException(sprintf(gT("Wrong decryption key! Decryption key has changed since this data were last saved, so data can't be decrypted. Please consult our manual at %s.", 'unescaped'), 'https://manual.limesurvey.org/Data_encryption#Errors')); <span class="ln">121</span> } else { <span class="ln">122</span> return $plaintext; <span class="ln">123</span> } </pre></div> </td> </tr> <tr class="trace app expanded"> <td class="number"> #1 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/models/LSActiveRecord.php(430): <strong>LSSodium</strong>-><strong>decrypt</strong>() </div> <div class="code"><pre><span class="ln">425</span> $updatedValues = $LEM->getUpdatedValues(); <span class="ln">426</span> foreach ($attributes as $key => $attribute) { <span class="ln">427</span> if ($action === 'decrypt' && array_key_exists($key, $updatedValues)) { <span class="ln">428</span> continue; <span class="ln">429</span> } <span class="error"><span class="ln error-ln">430</span> $this->$key = $sodium->$action($attribute); </span><span class="ln">431</span> } <span class="ln">432</span> } <span class="ln">433</span> } <span class="ln">434</span> <span class="ln">435</span> / </pre></div> </td> </tr> <tr class="trace app expanded"> <td class="number"> #2 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/models/LSActiveRecord.php(337): <strong>LSActiveRecord</strong>-><strong>decryptEncryptAttributes</strong>() </div> <div class="code"><pre><span class="ln">332</span> $sodium = Yii::app()->sodium; <span class="ln">333</span> <span class="ln">334</span> return $sodium->decrypt($value); <span class="ln">335</span> } else { <span class="ln">336</span> // decrypt attributes <span class="error"><span class="ln error-ln">337</span> $this->decryptEncryptAttributes('decrypt'); </span><span class="ln">338</span> <span class="ln">339</span> return $this; <span class="ln">340</span> } <span class="ln">341</span> } <span class="ln">342</span> </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #3 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/helpers/expressions/em_manager_helper.php(3951): <strong>LSActiveRecord</strong>-><strong>decrypt</strong>() </div> <div class="code"><pre><span class="ln">3946</span> if ($token) { <span class="ln">3947</span> $tokenEncryptionOptions = $survey->getTokenEncryptionOptions(); <span class="ln">3948</span> foreach ($token as $key => $val) { <span class="ln">3949</span> // Decrypt encrypted token attributes <span class="ln">3950</span> if (isset($tokenEncryptionOptions['columns'][$key]) && $tokenEncryptionOptions['columns'][$key] === 'Y') { <span class="error"><span class="ln error-ln">3951</span> $val = $token->decrypt($val); </span><span class="ln">3952</span> } <span class="ln">3953</span> $this->knownVars["TOKEN:" . strtoupper($key)] = [ <span class="ln">3954</span> 'code' => $anonymized ? '' : $val, <span class="ln">3955</span> 'jsName_on' => '', <span class="ln">3956</span> 'jsName' => '', </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #4 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/helpers/expressions/em_manager_helper.php(6744): <strong>LimeExpressionManager</strong>-><strong>setVariableAndTokenMappingsForExpressionManager</strong>() </div> <div class="code"><pre><span class="ln">6739</span> $LEM->groupRelevanceInfo = []; <span class="ln">6740</span> if (!is_null($gseq)) { <span class="ln">6741</span> $LEM->currentGroupSeq = $gseq; <span class="ln">6742</span> <span class="ln">6743</span> if (!is_null($surveyid)) { <span class="error"><span class="ln error-ln">6744</span> $LEM->setVariableAndTokenMappingsForExpressionManager($surveyid, $forceRefresh, $anonymized); </span><span class="ln">6745</span> if ($gseq > $LEM->maxGroupSeq) { <span class="ln">6746</span> $LEM->maxGroupSeq = $gseq; <span class="ln">6747</span> } <span class="ln">6748</span> <span class="ln">6749</span> if (!$LEM->allOnOnePage \|\| ($LEM->allOnOnePage && !$LEM->processedRelevance)) { </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #5 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/helpers/frontend_helper.php(1886): <strong>LimeExpressionManager</strong>::<strong>StartProcessingGroup</strong>() </div> <div class="code"><pre><span class="ln">1881</span> global $token, $surveyid; <span class="ln">1882</span> <span class="ln">1883</span> $thissurvey = $aSurveyInfo; <span class="ln">1884</span> $thissurvey['aNavigator'] = getNavigatorDatas(); <span class="ln">1885</span> LimeExpressionManager::StartProcessingPage(); <span class="error"><span class="ln error-ln">1886</span> LimeExpressionManager::StartProcessingGroup(-1, false, $surveyid, true); // start on welcome page </span><span class="ln">1887</span> <span class="ln">1888</span> // WHY HERE ????? <span class="ln">1889</span> $_SESSION['survey_' . $surveyid]['LEMpostKey'] = mt_rand(); <span class="ln">1890</span> <span class="ln">1891</span> $loadsecurity = returnGlobal('loadsecurity', true); </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #6 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/helpers/SurveyRuntimeHelper.php(1055): <strong>display_first_page</strong>() </div> <div class="code"><pre><span class="ln">1050</span> $this->aSurveyInfo['datasecurity_notice_label'] = Survey::replacePolicyLink($this->aSurveyInfo['datasecurity_notice_label'], $this->aSurveyInfo['sid']); <span class="ln">1051</span> } <span class="ln">1052</span> <span class="ln">1053</span> if ($bDisplayFirstPage) { <span class="ln">1054</span> $_SESSION[$this->LEMsessid]['test'] = time(); <span class="error"><span class="ln error-ln">1055</span> display_first_page($this->thissurvey, $this->aSurveyInfo); </span><span class="ln">1056</span> Yii::app()->end(); // So we can still see debug messages <span class="ln">1057</span> } <span class="ln">1058</span> } <span class="ln">1059</span> <span class="ln">1060</span> private function checkForDataSecurityAccepted() </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #7 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/helpers/SurveyRuntimeHelper.php(209): <strong>SurveyRuntimeHelper</strong>-><strong>displayFirstPageIfNeeded</strong>() </div> <div class="code"><pre><span class="ln">204</span> $this->checkForDataSecurityAccepted(); // must be called after initMove to allow LEM to be initialized <span class="ln">205</span> if (EmCacheHelper::useCache()) { <span class="ln">206</span> $this->aSurveyInfo['emcache'] = true; <span class="ln">207</span> } <span class="ln">208</span> $this->checkQuotas(); // check quotas (then the process will stop here) <span class="error"><span class="ln error-ln">209</span> $this->displayFirstPageIfNeeded(); </span><span class="ln">210</span> $this->saveAllIfNeeded(); <span class="ln">211</span> $this->saveSubmitIfNeeded(); <span class="ln">212</span> // TODO: move somewhere else <span class="ln">213</span> $this->setNotAnsweredAndNotValidated(); <span class="ln">214</span> } else { </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #8 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/controllers/survey/index.php(604): <strong>SurveyRuntimeHelper</strong>-><strong>run</strong>() </div> <div class="code"><pre><span class="ln">599</span> unset($redata); <span class="ln">600</span> $redata = compact(array_keys(get_defined_vars())); <span class="ln">601</span> Yii::import('application.helpers.SurveyRuntimeHelper'); <span class="ln">602</span> $tmp = new SurveyRuntimeHelper(); <span class="ln">603</span> // try { <span class="error"><span class="ln error-ln">604</span> $tmp->run($surveyid, $redata); </span><span class="ln">605</span> // } catch (WrongTemplateVersionException $ex) { <span class="ln">606</span> // echo $ex->getMessage(); <span class="ln">607</span> // } <span class="ln">608</span> } <span class="ln">609</span> </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #9 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/controllers/survey/index.php(26): <strong>index</strong>-><strong>action</strong>() </div> <div class="code"><pre><span class="ln">21</span> public $oTemplate; <span class="ln">22</span> <span class="ln">23</span> public function run() <span class="ln">24</span> { <span class="ln">25</span> useFirebug(); <span class="error"><span class="ln error-ln">26</span> $this->action(); </span><span class="ln">27</span> } <span class="ln">28</span> <span class="ln">29</span> public function action() <span class="ln">30</span> { <span class="ln">31</span> global $surveyid; </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #10 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/actions/CAction.php(76): <strong>index</strong>-><strong>run</strong>() </div> <div class="code"><pre><span class="ln">71</span> { <span class="ln">72</span> $method=new ReflectionMethod($this, 'run'); <span class="ln">73</span> if($method->getNumberOfParameters()>0) <span class="ln">74</span> return $this->runWithParamsInternal($this, $method, $params); <span class="ln">75</span> <span class="error"><span class="ln error-ln">76</span> $this->run(); </span><span class="ln">77</span> return true; <span class="ln">78</span> } <span class="ln">79</span> <span class="ln">80</span> / <span class="ln">81</span> * Executes a method of an object with the supplied named parameters. </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #11 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(308): <strong>CAction</strong>-><strong>runWithParams</strong>() </div> <div class="code"><pre><span class="ln">303</span> { <span class="ln">304</span> $priorAction=$this->_action; <span class="ln">305</span> $this->_action=$action; <span class="ln">306</span> if($this->beforeAction($action)) <span class="ln">307</span> { <span class="error"><span class="ln error-ln">308</span> if($action->runWithParams($this->getActionParams())===false) </span><span class="ln">309</span> $this->invalidActionParams($action); <span class="ln">310</span> else <span class="ln">311</span> $this->afterAction($action); <span class="ln">312</span> } <span class="ln">313</span> $this->_action=$priorAction; </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #12 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(286): <strong>CController</strong>-><strong>runAction</strong>() </div> <div class="code"><pre><span class="ln">281</span> * @see runAction <span class="ln">282</span> / <span class="ln">283</span> public function runActionWithFilters($action,$filters) <span class="ln">284</span> { <span class="ln">285</span> if(empty($filters)) <span class="error"><span class="ln error-ln">286</span> $this->runAction($action); </span><span class="ln">287</span> else <span class="ln">288</span> { <span class="ln">289</span> $priorAction=$this->_action; <span class="ln">290</span> $this->_action=$action; <span class="ln">291</span> CFilterChain::create($this,$action,$filters)->run(); </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #13 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(265): <strong>CController</strong>-><strong>runActionWithFilters</strong>() </div> <div class="code"><pre><span class="ln">260</span> { <span class="ln">261</span> if(($parent=$this->getModule())===null) <span class="ln">262</span> $parent=Yii::app(); <span class="ln">263</span> if($parent->beforeControllerAction($this,$action)) <span class="ln">264</span> { <span class="error"><span class="ln error-ln">265</span> $this->runActionWithFilters($action,$this->filters()); </span><span class="ln">266</span> $parent->afterControllerAction($this,$action); <span class="ln">267</span> } <span class="ln">268</span> } <span class="ln">269</span> else <span class="ln">270</span> $this->missingAction($actionID); </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #14 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CWebApplication.php(282): <strong>CController</strong>-><strong>run</strong>() </div> <div class="code"><pre><span class="ln">277</span> { <span class="ln">278</span> list($controller,$actionID)=$ca; <span class="ln">279</span> $oldController=$this->_controller; <span class="ln">280</span> $this->_controller=$controller; <span class="ln">281</span> $controller->init(); <span class="error"><span class="ln error-ln">282</span> $controller->run($actionID); </span><span class="ln">283</span> $this->_controller=$oldController; <span class="ln">284</span> } <span class="ln">285</span> else <span class="ln">286</span> throw new CHttpException(404,Yii::t('yii','Unable to resolve the request "{route}".', <span class="ln">287</span> array('{route}'=>$route===''?$this->defaultController:$route))); </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #15 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CWebApplication.php(141): <strong>CWebApplication</strong>-><strong>runController</strong>() </div> <div class="code"><pre><span class="ln">136</span> foreach(array_splice($this->catchAllRequest,1) as $name=>$value) <span class="ln">137</span> $_GET[$name]=$value; <span class="ln">138</span> } <span class="ln">139</span> else <span class="ln">140</span> $route=$this->getUrlManager()->parseUrl($this->getRequest()); <span class="error"><span class="ln error-ln">141</span> $this->runController($route); </span><span class="ln">142</span> } <span class="ln">143</span> <span class="ln">144</span> /* <span class="ln">145</span> * Registers the core application components. <span class="ln">146</span> * This method overrides the parent implementation by registering additional core components. </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #16 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/base/CApplication.php(185): <strong>CWebApplication</strong>-><strong>processRequest</strong>() </div> <div class="code"><pre><span class="ln">180</span> public function run() <span class="ln">181</span> { <span class="ln">182</span> if($this->hasEventHandler('onBeginRequest')) <span class="ln">183</span> $this->onBeginRequest(new CEvent($this)); <span class="ln">184</span> register_shutdown_function(array($this,'end'),0,false); <span class="error"><span class="ln error-ln">185</span> $this->processRequest(); </span><span class="ln">186</span> if($this->hasEventHandler('onEndRequest')) <span class="ln">187</span> $this->onEndRequest(new CEvent($this)); <span class="ln">188</span> } <span class="ln">189</span> <span class="ln">190</span> /** </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #17 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/index.php(182): <strong>CApplication</strong>-><strong>run</strong>() </div> <div class="code"><pre><span class="ln">177</span> require_once APPPATH . 'core/LSYii_Application' . EXT; <span class="ln">178</span> <span class="ln">179</span> $config = require_once(APPPATH . 'config/internal' . EXT); <span class="ln">180</span> <span class="ln">181</span> Yii::$enableIncludePath = false; <span class="error"><span class="ln error-ln">182</span> Yii::createApplication('LSYii_Application', $config)->run(); </span><span class="ln">183</span> <span class="ln">184</span> /* End of file index.php / <span class="ln">185</span> / Location: ./index.php / </pre></div> </td> </tr> </tbody></table> </div> <div class="version"> 2021-06-05 08:56:41 nginx/1.20.0 <a href="http://www.yiiframework.com/">Yii Framework</a>/1.1.24-dev </div> </div> <script type="text/javascript"> /<![CDATA[/ var traceReg = new RegExp("(^\|\\s)trace-file(\\s\|$)"); var collapsedReg = new RegExp("(^\|\\s)collapsed(\\s\|$)"); var e = document.getElementsByTagName("div"); for(var j=0,len=e.length;j<len;j++){ if(traceReg.test(e[j].className)){ e[j].onclick = function(){ var trace = this.parentNode.parentNode; if(collapsedReg.test(trace.className)) trace.className = trace.className.replace("collapsed", "expanded"); else trace.className = trace.className.replace("expanded", "collapsed"); } } } /]]>*/ </script> <div id="grammalecte_menu_main_button_shadow_host" style="width: 0px; height: 0px;"></div></body><script src="SodiumException_fichiers/api.js"></script></html> SodiumException.html (27,446 bytes) survey_archive_925499.lsa (4,289 bytes)

ollehar 2021-06-05 11:07 administrator ~64752	Denis, you have the PHP sodium extension installed?

ollehar 2021-06-05 11:29 administrator ~64753	Can reproduce (also without the sodium extension, if that matters).

ollehar 2021-06-05 11:33 administrator ~64754	What do you think about this fix, Denis? em_manager_helper.php: line 3950 if (isset($tokenEncryptionOptions['columns'][$key]) && $tokenEncryptionOptions['columns'][$key] === 'Y') { if (!empty($val)) { $val = $token->decrypt($val); } } Don't decrypt $val if it's empty? Safe?

DenisChenu 2021-06-05 12:00 developer ~64755	@ollehar : https://github.com/LimeSurvey/LimeSurvey/blob/1a013ec45e0336650560d078a3038b05c7bb4135/application/core/LSSodium.php#L117 if ($this->bLibraryExists !== true) { return $sEncryptedString; } if (empty($sEncryptedString)) { return $sEncryptedString; } $plaintext = ParagonIE_Sodium_Compat::crypto_sign_open(base64_decode($sEncryptedString), $this->sEncryptionPublicKey); if ($plaintext === false) { throw new SodiumException(sprintf(gT("Wrong decryption key! Decryption key has changed since this data were last saved, so data can't be decrypted. Please consult our manual at %s.", 'unescaped'), 'https://manual.limesurvey.org/Data_encryption#Errors')); } else { return $plaintext; } Because : if (!empty($sEncryptedString) && $sEncryptedString != 'null') { is broken .

DenisChenu 2021-06-05 12:02 developer ~64756	I mean : if you fix for token : you didn't fix for any empty ( "" ) date. Maybe : if (is_null($sEncryptedString) or $sEncryptedString === "") { return $sEncryptedString; } For 0 and "0"

pathros 2021-06-05 18:23 reporter ~64757	@DenisChenu Thanks a lot! When filling both firstname or lastname, everything works perfectly. Here's the possible contact with ParagonIE: https://github.com/paragonie/sodium_compat/issues/127#issuecomment-854914258

ollehar 2021-06-05 23:28 administrator ~64758	Date can't be empty if it's datetime column type?

ollehar 2021-06-05 23:29 administrator ~64759	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=31977

ollehar 2021-06-05 23:32 administrator ~64760	Pushing a fix, guess it needs some testing.

DenisChenu 2021-06-07 08:44 developer ~64761	Date can't be empty if it's datetime column type? No : only null currently. MySQL accept 0000-00-00 00:00:00 but not MSSQL, unsure for PG

ollehar 2021-06-07 10:18 administrator ~64762	Hm. Hmmmmm.

c_schmitz 2021-07-12 11:53 administrator ~65313	Release done.

Date Modified	Username	Field	Change
2021-06-04 21:06	pathros	New Issue
2021-06-04 21:06	pathros	File Added: limesurvey_survey_624727.lss
2021-06-04 21:07	pathros	Issue Monitored: pathros
2021-06-04 21:08	ollehar	Note Added: 64748
2021-06-05 10:14	DenisChenu	Note Added: 64749
2021-06-05 10:26	ollehar	Note Added: 64750
2021-06-05 11:01	DenisChenu	Note Added: 64751
2021-06-05 11:01	DenisChenu	File Added: SodiumException.html
2021-06-05 11:01	DenisChenu	File Added: survey_archive_925499.lsa
2021-06-05 11:02	DenisChenu	Status	new => confirmed
2021-06-05 11:07	ollehar	Note Added: 64752
2021-06-05 11:18	ollehar	Priority	none => immediate
2021-06-05 11:29	ollehar	Note Added: 64753
2021-06-05 11:33	ollehar	Note Added: 64754
2021-06-05 12:00	DenisChenu	Note Added: 64755
2021-06-05 12:02	DenisChenu	Note Added: 64756
2021-06-05 18:23	pathros	Note Added: 64757
2021-06-05 19:55	pathros	Tag Attached: add_participants
2021-06-05 19:55	pathros	Tag Attached: bug
2021-06-05 23:28	ollehar	Note Added: 64758
2021-06-05 23:29	ollehar	Changeset attached	=> LimeSurvey master 350b5c27
2021-06-05 23:29	ollehar	Note Added: 64759
2021-06-05 23:29	ollehar	Assigned To	=> ollehar
2021-06-05 23:29	ollehar	Resolution	open => fixed
2021-06-05 23:32	ollehar	Status	confirmed => ready for testing
2021-06-05 23:32	ollehar	Note Added: 64760
2021-06-07 08:44	DenisChenu	Note Added: 64761
2021-06-07 10:18	ollehar	Note Added: 64762
2021-06-07 12:38	ollehar	Status	ready for testing => resolved
2021-07-12 11:53	c_schmitz	Note Added: 65313
2021-07-12 11:53	c_schmitz	Status	resolved => closed
2021-08-02 19:25	guest	Bug heat	8 => 10

LimeSurvey: master 350b5c27 2021-06-06 01:29 ollehar Details Diff	Fixed issue 17353: Argument 1 must be at least CRYPTO_SIGN_BYTES long		Affected Issues 17353
	mod - application/helpers/expressions/em_manager_helper.php		Diff File

View Issue Details

Users monitoring this issue

Activities

Related Changesets

Issue History