View Issue Details

This bug affects 1 person(s).
 10
IDProjectCategoryView StatusLast Update
04052Bug reportsSurvey participants (Tokens)public2010-01-27 22:46
Reporterkreadus Assigned Toc_schmitz  
PrioritynormalSeveritytweak 
Status closedResolutionfixed 
Product Version1.87+ 
Fixed in Version1.87+ 
Summary04052: Token access code truncated in MSSQL 2005
Description

I noticed this happening on MSSQL 2005 server as well. The issue is the default length of the varchar datatype truncating the access_code hash.

This line of code found in ~/limesurvey/index.php {783}

        $query .="AND CAST(".db_table_name('saved_control').".access_code as varchar)= '".md5(auto_unescape($_SESSION['holdpass']))."'\n";

needs to be updated to contain the max-length of the MD5 hash.

This can be found here: http://php.net/manual/en/function.md5.php

It happens to be 32 characters.

Corrected line:

        $query .="AND CAST(".db_table_name('saved_control').".access_code as varchar(32))= '".md5(auto_unescape($_SESSION['holdpass']))."'\n";

Reproducability:

In a T-SQL Interpreter, try the following comparisons:

SELECT access_code, CAST(access_code as varchar) FROM [lime_saved_control]

And it becomes rather apparant.

Cheers,
Brian.

TagsNo tags attached.
Bug heat10
Complete LimeSurvey version number (& build)8243
I will donate to the project if issue is resolved
Browser
Database type & versionMSSQL 2005
Server OS (if known)Win 2003 SP2
Webserver software & version (if known)IIS 6.0
PHP Version5.2.9

Users monitoring this issue

There are no users monitoring this issue.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2010-01-15 21:08 kreadus New Issue
2010-01-15 21:08 kreadus Status new => assigned
2010-01-15 21:08 kreadus Assigned To => user372
2010-01-15 21:08 kreadus LimeSurvey build number => 8243
2010-01-15 21:08 kreadus Database & DB-Version => MSSQL 2005
2010-01-15 21:08 kreadus Operating System (Server) => Win 2003 SP2
2010-01-15 21:08 kreadus Webserver => IIS 6.0
2010-01-15 21:08 kreadus PHP Version => 5.2.9
2010-01-15 22:42 user372 Assigned To user372 => c_schmitz
2010-01-26 13:22 c_schmitz Status assigned => resolved
2010-01-26 13:22 c_schmitz Fixed in Version => 1.87+
2010-01-26 13:22 c_schmitz Resolution open => fixed
2010-01-27 22:46 c_schmitz Status resolved => closed
2016-12-08 10:39 c_schmitz Category Tokens => Survey participants (Tokens)