View Issue Details

This bug affects 1 person(s).
 2
IDProjectCategoryView StatusLast Update
05462Bug reportsSurvey takingpublic2012-03-14 21:08
Reporteruser15664Assigned Toc_schmitz  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version1.91+ 
Fixed in Version1.91+ 
Summary05462: Survey crashes if the referral URL contains a single quote
Description

If the referral URL contains a single quotation mark, LimeSurvey does not save the responses from the survey.

Steps To Reproduce
  • Make sure Referral URLs are enabled
  • Create a simple survey
  • Launch it by clicking through a URL that contains a single quote (')
  • Fill out responses and click Submit
Additional Information

The save.php contains the refurl variable. There was no escape sequence applied to refurl before writing to the database.

Attached patch fixes the issue. Essentially, I included the addslashes() function.

TagsNo tags attached.
Attached Files
save_apostrophe.patch (243 bytes)   
338c338
< 			"refurl"=>getenv("HTTP_REFERER"));
---
> 			"refurl"=>getenv("HTTP_REFERER")); 
619c619
<                 $query .= ", '".$_SESSION['refurl']."'";
---
>                 $query .= ", '".addslashes($_SESSION['refurl'])."'";
save_apostrophe.patch (243 bytes)   
Bug heat2
Complete LimeSurvey version number (& build)10951
I will donate to the project if issue is resolvedNo
Browser
Database type & versionmysql 5.5.8
Server OS (if known)Apache
Webserver software & version (if known)2.2.17
PHP Version5.3.5

Users monitoring this issue

There are no users monitoring this issue.

Activities

c_schmitz

c_schmitz

2011-09-16 14:52

administrator   ~16285

Thank you!

Related Changesets

LimeSurvey: Yii 15c42352

2011-09-16 05:53:35

c_schmitz

Details Diff
Fixed issue 05462: Survey crashes if the referrer URL contains a single quote

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey_ci@10994 b72ed6b6-b9f8-46b5-92b4-906544132732
Affected Issues
05462
mod - application/libraries/Save.php Diff File

Issue History

Date Modified Username Field Change
2011-09-15 19:39 user15664 New Issue
2011-09-15 19:39 user15664 File Added: save_apostrophe.patch
2011-09-16 14:51 c_schmitz Assigned To => c_schmitz
2011-09-16 14:51 c_schmitz Status new => assigned
2011-09-16 14:52 c_schmitz Note Added: 16285
2011-09-16 14:52 c_schmitz Status assigned => resolved
2011-09-16 14:52 c_schmitz Fixed in Version => 1.91+
2011-09-16 14:52 c_schmitz Resolution open => fixed
2011-10-08 22:18 c_schmitz Status resolved => closed
2012-03-14 21:08 c_schmitz Changeset attached => Import 2012-03-09 13:30:34 Yii 15c42352