View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
05159Bug reportsOtherpublic2011-05-11 05:472011-05-25 12:21
Reporteruser13932Assigned Toc_schmitz  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version1.91 
Fixed in Version1.91+ 
Summary05159: code printing when using showprintablesurvey with radio button
Description

" class="input-radio" /> will print between the button image and the option supposed to be next to it.

Steps To Reproduce

-create a new question
-add a radio button answer type
-add 2 or more answers instead of putting text put html code like an image as the option description
-save
-use the function showprintablesurvey

TagsNo tags attached.
Attached Files
5159.diff (856 bytes)    
### Eclipse Workspace Patch 1.0
#P Limesurvey 1.x trunk stable
Index: admin/printablesurvey.php
===================================================================
--- admin/printablesurvey.php	(revision 10061)
+++ admin/printablesurvey.php	(working copy)
@@ -329,7 +329,7 @@
             // define('IMAGE_'.$type.'_SIZE' , ' width="'.$image_dimensions[0].'" height="'.$image_dimensions[1].'"');
             define('IMAGE_'.$type.'_SIZE' , ' width="14" height="14"');
         }
-        $output = '<img src="'.PRINT_TEMPLATE_URL.'print_img_'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="'.$title.'" class="input-'.$type.'" />';
+        $output = '<img src="'.PRINT_TEMPLATE_URL.'print_img_'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="'.htmlspecialchars($title).'" class="input-'.$type.'" />';
         break;
 
         case 'rank':
5159.diff (856 bytes)   
5159.2.diff (1,574 bytes)    
### Eclipse Workspace Patch 1.0
#P Limesurvey 1.x trunk stable
Index: admin/printablesurvey.php
===================================================================
--- admin/printablesurvey.php	(revision 10061)
+++ admin/printablesurvey.php	(working copy)
@@ -121,7 +121,7 @@
     $pdf_form = '
     <form action="'.$scriptname.'?action=showprintablesurvey&amp;sid='.$surveyid.'&amp;lang='.$surveyprintlang.'" method="post">
 	    <input type="submit" value="'.$clang->gT('PDF Export').'"/>
-	    <input type="hidden" name="checksessionbypost" value="'.$_SESSION['checksessionpost'].'"/>
+	    <input type="hidden" name="checksessionbypost" value="'.htmlspecialchars($_SESSION['checksessionpost']).'"/>
 	    <input type="hidden" name="printableexport" value="true"/>
     </form>
     ';
@@ -306,7 +306,7 @@
 
     if(!empty($title))
     {
-        $div_title = ' title="'.$title.'"';
+        $div_title = ' title="'.htmlspecialchars($title).'"';
     }
     else
     {
@@ -329,7 +329,7 @@
             // define('IMAGE_'.$type.'_SIZE' , ' width="'.$image_dimensions[0].'" height="'.$image_dimensions[1].'"');
             define('IMAGE_'.$type.'_SIZE' , ' width="14" height="14"');
         }
-        $output = '<img src="'.PRINT_TEMPLATE_URL.'print_img_'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="'.$title.'" class="input-'.$type.'" />';
+        $output = '<img src="'.PRINT_TEMPLATE_URL.'print_img_'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="'.htmlspecialchars($title).'" class="input-'.$type.'" />';
         break;
 
         case 'rank':
5159.2.diff (1,574 bytes)   
Bug heat6
Complete LimeSurvey version number (& build)10060
I will donate to the project if issue is resolvedNo
Browserfirefox 4
Database type & versionmysql 5.0.82
Server OS (if known)sme server 7.5.1
Webserver software & version (if known)php 5.1.6-3.el4s1.10
PHP Version 5.1.6-3.el4s1.10

Users monitoring this issue

There are no users monitoring this issue.

Activities

user13932

2011-05-11 06:27

  ~14980

note sure if it can help here is the source code of one answer in the browser :


  • <img src="/templates/default/print_img_radio.png" alt="<img align=" middle"="" width="14" height="14">" class="input-radio" />
    <img src="/images/logos/angel.jpg" alt="" align="middle">

    • you can see some problem starting with the alt=
    mot

    mot

    2011-05-11 16:24

    reporter   ~14983

    Looks like the text get's inserted there unencoded, but the attribute will need html encoding for attributes. I'll take a look if this is easy to patch.

    user13932

    2011-05-11 16:46

      ~14984

    i have searched further and found the file responsible of this : admin/ printablesurvey.php

    The incriminated line is the 313
    $output = '<img src="'.PRINT_TEMPLATE_URL.'printimg'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="'.$title.'" class="input-'.$type.'" />';

    It could be :
    $output = '<img src="'.PRINT_TEMPLATE_URL.'printimg'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="'.htmlentities($title).'" class="input-'.$type.'" />';

    However it seems that the variable $title contain exactly what will be print next to the radio button. I am not sure i want to see twice my answer if the button image is not found. I rather see something that is like a radio button like a O

    It should be better to see sommething like this ( a "-" or a "O"):

    $output = '<img src="'.PRINT_TEMPLATE_URL.'printimg'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="-" class="input-'.$type.'" />';
    mot

    mot

    2011-05-12 00:35

    reporter   ~14985

    Thanks for providing that additional information. I had a hard time to locate it so far because I needed to setup my development environment first. I'll upload a patch.

    However option titles IIRC do only support HTML fragments when displayed on the online version. The hard copy version will only allow to display text next to the checkbox/radio picture, not pictures or other HTML. So it will display just a radio with nothing next to it.

    What you want to achieve looks like a feature request to me, but I think it's not trivial to implement.
    mot

    mot

    2011-05-12 00:51

    reporter   ~14986

    Quickly scanned the file for similar issues and found another two.
    c_schmitz

    c_schmitz

    2011-05-15 12:13

    administrator   ~15005

    Fixed in rev 10067
    mot

    mot

    2011-05-16 16:40

    reporter   ~15036

    Thx.
    c_schmitz

    c_schmitz

    2011-05-16 16:42

    administrator   ~15037

    Thank YOU!
    c_schmitz

    c_schmitz

    2011-05-25 12:21

    administrator   ~15103

    Released new 1.91+ version.

    Issue History

    Date Modified Username Field Change
    2011-05-11 05:47 user13932 New Issue
    2011-05-11 06:27 user13932 Note Added: 14980
    2011-05-11 16:24 mot Note Added: 14983
    2011-05-11 16:46 user13932 Note Added: 14984
    2011-05-12 00:35 mot Note Added: 14985
    2011-05-12 00:47 mot File Added: 5159.diff
    2011-05-12 00:50 mot File Added: 5159.2.diff
    2011-05-12 00:51 mot Note Added: 14986
    2011-05-12 00:51 mot Issue Monitored: mot
    2011-05-12 00:51 mot Issue End Monitor: mot
    2011-05-12 17:16 c_schmitz Assigned To => c_schmitz
    2011-05-12 17:16 c_schmitz Status new => assigned
    2011-05-15 12:13 c_schmitz Note Added: 15005
    2011-05-15 12:13 c_schmitz Status assigned => resolved
    2011-05-15 12:13 c_schmitz Fixed in Version => 1.91+
    2011-05-15 12:13 c_schmitz Resolution open => fixed
    2011-05-16 16:40 mot Note Added: 15036
    2011-05-16 16:42 c_schmitz Note Added: 15037
    2011-05-25 12:21 c_schmitz Note Added: 15103
    2011-05-25 12:21 c_schmitz Status resolved => closed