View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
03643 | Bug reports | Other | public | 2009-09-03 22:38 | 2009-09-15 12:30 |
Reporter | Assigned To | c_schmitz | |||
Priority | normal | Severity | partial_block | ||
Status | closed | Resolution | fixed | ||
Product Version | 1.85+ | ||||
Fixed in Version | 1.85+ | ||||
Summary | 03643: Superadmin cannot VVExport surveys owned by others | ||||
Description | I am owner/superadmin of a LS installation. I cannot VVExport responses from any survey which I do not own (which is created/owned by another user). Instead of the VVexport dialog appearing, I am returned to the survey's main admin page without any error message. But I can use other response export types on surveys that I do not own. | ||||
Additional Information | The rights check in ± lines 22-29 returns an array without values and returns me because the condition evaluates true. Adding an exception for superadmins as per exportresults.php solves the problem (patch against build7561 attached). Although the patch solves the immediate issue, the rights check may be altogether redundant here given the checks done in admin.php (± lines 149-417)? export_data_r.php, for example, does not use this logic. Similar logic appears in browse.php, exportresults.php, html.php, tokens.php, and vvexport.php. Are some or all of these redundant? | ||||
Tags | No tags attached. | ||||
Attached Files | vvexport.diff (355 bytes)
--- D:/temp/vvexport.php Sun Jun 07 15:56:00 2009 +++ D:/temp/vvexport-fixed.php Thu Sep 03 21:56:19 2009 @@ -23,7 +23,7 @@ $sumresult5 = db_execute_assoc($sumquery5); //Checked $sumrows5 = $sumresult5->FetchRow(); -if ($sumrows5['export'] != "1") +if ($sumrows5['export'] != "1" && $_SESSION['USER_RIGHT_SUPERADMIN'] != 1) { return; } | ||||
Bug heat | 4 | ||||
Complete LimeSurvey version number (& build) | 7561 | ||||
I will donate to the project if issue is resolved | |||||
Browser | any | ||||
Database type & version | MySQL 4.1.12 | ||||
Server OS (if known) | Win2k3 sp1 | ||||
Webserver software & version (if known) | IIS 6 | ||||
PHP Version | 5.2.6 | ||||
@ c_schmitz: please review the patch of ITEd - Thx! |
|
Thank you for the patch! I think they are not redundant - they are there to prevent the direct start of a .php file. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2009-09-03 22:38 |
|
New Issue | |
2009-09-03 22:38 |
|
Status | new => assigned |
2009-09-03 22:38 |
|
Assigned To | => user372 |
2009-09-03 22:38 |
|
File Added: vvexport.diff | |
2009-09-03 22:38 |
|
Build Number | => 7561 |
2009-09-03 22:38 |
|
Browser | => any |
2009-09-03 22:38 |
|
Database & DB-Version | => MySQL 4.1.12 |
2009-09-03 22:38 |
|
Operating System (Server) | => Win2k3 sp1 |
2009-09-03 22:38 |
|
Webserver | => IIS 6 |
2009-09-03 22:38 |
|
PHP Version | => 5.2.6 |
2009-09-04 22:04 |
|
Note Added: 09388 | |
2009-09-04 22:04 |
|
Assigned To | user372 => c_schmitz |
2009-09-08 00:31 | c_schmitz | Note Added: 09453 | |
2009-09-08 00:31 | c_schmitz | Status | assigned => resolved |
2009-09-08 00:31 | c_schmitz | Fixed in Version | => 1.85+ |
2009-09-08 00:31 | c_schmitz | Resolution | open => fixed |
2009-09-15 12:30 | c_schmitz | Status | resolved => closed |
2010-05-06 10:27 | c_schmitz | Category | Import / Export => (No Category) |