View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
05159Bug reportsOtherpublic2011-05-11 05:472011-05-25 12:21
Reporteruser13932Assigned Toc_schmitz  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version1.91 
Fixed in Version1.91+ 
Summary05159: code printing when using showprintablesurvey with radio button
Description

" class="input-radio" /> will print between the button image and the option supposed to be next to it.

Steps To Reproduce

-create a new question
-add a radio button answer type
-add 2 or more answers instead of putting text put html code like an image as the option description
-save
-use the function showprintablesurvey

TagsNo tags attached.
Attached Files
5159.diff (856 bytes)    
### Eclipse Workspace Patch 1.0
#P Limesurvey 1.x trunk stable
Index: admin/printablesurvey.php
===================================================================
--- admin/printablesurvey.php	(revision 10061)
+++ admin/printablesurvey.php	(working copy)
@@ -329,7 +329,7 @@
             // define('IMAGE_'.$type.'_SIZE' , ' width="'.$image_dimensions[0].'" height="'.$image_dimensions[1].'"');
             define('IMAGE_'.$type.'_SIZE' , ' width="14" height="14"');
         }
-        $output = '<img src="'.PRINT_TEMPLATE_URL.'print_img_'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="'.$title.'" class="input-'.$type.'" />';
+        $output = '<img src="'.PRINT_TEMPLATE_URL.'print_img_'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="'.htmlspecialchars($title).'" class="input-'.$type.'" />';
         break;
 
         case 'rank':
5159.diff (856 bytes)   
5159.2.diff (1,574 bytes)    
### Eclipse Workspace Patch 1.0
#P Limesurvey 1.x trunk stable
Index: admin/printablesurvey.php
===================================================================
--- admin/printablesurvey.php	(revision 10061)
+++ admin/printablesurvey.php	(working copy)
@@ -121,7 +121,7 @@
     $pdf_form = '
     <form action="'.$scriptname.'?action=showprintablesurvey&amp;sid='.$surveyid.'&amp;lang='.$surveyprintlang.'" method="post">
 	    <input type="submit" value="'.$clang->gT('PDF Export').'"/>
-	    <input type="hidden" name="checksessionbypost" value="'.$_SESSION['checksessionpost'].'"/>
+	    <input type="hidden" name="checksessionbypost" value="'.htmlspecialchars($_SESSION['checksessionpost']).'"/>
 	    <input type="hidden" name="printableexport" value="true"/>
     </form>
     ';
@@ -306,7 +306,7 @@
 
     if(!empty($title))
     {
-        $div_title = ' title="'.$title.'"';
+        $div_title = ' title="'.htmlspecialchars($title).'"';
     }
     else
     {
@@ -329,7 +329,7 @@
             // define('IMAGE_'.$type.'_SIZE' , ' width="'.$image_dimensions[0].'" height="'.$image_dimensions[1].'"');
             define('IMAGE_'.$type.'_SIZE' , ' width="14" height="14"');
         }
-        $output = '<img src="'.PRINT_TEMPLATE_URL.'print_img_'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="'.$title.'" class="input-'.$type.'" />';
+        $output = '<img src="'.PRINT_TEMPLATE_URL.'print_img_'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="'.htmlspecialchars($title).'" class="input-'.$type.'" />';
         break;
 
         case 'rank':
5159.2.diff (1,574 bytes)   
Bug heat6
Complete LimeSurvey version number (& build)10060
I will donate to the project if issue is resolvedNo
Browserfirefox 4
Database type & versionmysql 5.0.82
Server OS (if known)sme server 7.5.1
Webserver software & version (if known)php 5.1.6-3.el4s1.10
PHP Version 5.1.6-3.el4s1.10

Users monitoring this issue

There are no users monitoring this issue.

Activities

user13932

2011-05-11 06:27

  ~14980

note sure if it can help here is the source code of one answer in the browser :

<li>
<img src="/templates/default/print_img_radio.png" alt="<img align=" middle"="" width="14" height="14">" class="input-radio" />
<img src="/images/logos/angel.jpg" alt="" align="middle">
</li>

you can see some problem starting with the alt=
mot

mot

2011-05-11 16:24

reporter   ~14983

Looks like the text get's inserted there unencoded, but the attribute will need html encoding for attributes. I'll take a look if this is easy to patch.

user13932

2011-05-11 16:46

  ~14984

i have searched further and found the file responsible of this : admin/ printablesurvey.php

The incriminated line is the 313
$output = '<img src="'.PRINT_TEMPLATE_URL.'printimg'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="'.$title.'" class="input-'.$type.'" />';

It could be :
$output = '<img src="'.PRINT_TEMPLATE_URL.'printimg'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="'.htmlentities($title).'" class="input-'.$type.'" />';

However it seems that the variable $title contain exactly what will be print next to the radio button. I am not sure i want to see twice my answer if the button image is not found. I rather see something that is like a radio button like a O

It should be better to see sommething like this ( a "-" or a "O"):

$output = '<img src="'.PRINT_TEMPLATE_URL.'printimg'.$type.'.png"'.constant('IMAGE_'.$type.'_SIZE').' alt="-" class="input-'.$type.'" />';
mot

mot

2011-05-12 00:35

reporter   ~14985

Thanks for providing that additional information. I had a hard time to locate it so far because I needed to setup my development environment first. I'll upload a patch.

However option titles IIRC do only support HTML fragments when displayed on the online version. The hard copy version will only allow to display text next to the checkbox/radio picture, not pictures or other HTML. So it will display just a radio with nothing next to it.

What you want to achieve looks like a feature request to me, but I think it's not trivial to implement.
mot

mot

2011-05-12 00:51

reporter   ~14986

Quickly scanned the file for similar issues and found another two.
c_schmitz

c_schmitz

2011-05-15 12:13

administrator   ~15005

Fixed in rev 10067
mot

mot

2011-05-16 16:40

reporter   ~15036

Thx.
c_schmitz

c_schmitz

2011-05-16 16:42

administrator   ~15037

Thank YOU!
c_schmitz

c_schmitz

2011-05-25 12:21

administrator   ~15103

Released new 1.91+ version.

Issue History

Date Modified Username Field Change
2011-05-11 05:47 user13932 New Issue
2011-05-11 06:27 user13932 Note Added: 14980
2011-05-11 16:24 mot Note Added: 14983
2011-05-11 16:46 user13932 Note Added: 14984
2011-05-12 00:35 mot Note Added: 14985
2011-05-12 00:47 mot File Added: 5159.diff
2011-05-12 00:50 mot File Added: 5159.2.diff
2011-05-12 00:51 mot Note Added: 14986
2011-05-12 00:51 mot Issue Monitored: mot
2011-05-12 00:51 mot Issue End Monitor: mot
2011-05-12 17:16 c_schmitz Assigned To => c_schmitz
2011-05-12 17:16 c_schmitz Status new => assigned
2011-05-15 12:13 c_schmitz Note Added: 15005
2011-05-15 12:13 c_schmitz Status assigned => resolved
2011-05-15 12:13 c_schmitz Fixed in Version => 1.91+
2011-05-15 12:13 c_schmitz Resolution open => fixed
2011-05-16 16:40 mot Note Added: 15036
2011-05-16 16:42 c_schmitz Note Added: 15037
2011-05-25 12:21 c_schmitz Note Added: 15103
2011-05-25 12:21 c_schmitz Status resolved => closed