| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 06066 | Bug reports | Survey taking | public | 2012-05-04 17:32 | 2012-08-03 13:46 |
| Reporter | Tmac | Assigned To | c_schmitz | ||
| Priority | normal | Severity | minor | ||
| Status | closed | Resolution | fixed | ||
| Product Version | 1.92+ | ||||
| Fixed in Version | 1.92+ | ||||
| Summary | 06066: File upload record damaged if user uses single quotes in comment or titles | ||||
| Description | If a user uploads a file (eg. jpg) and annotates the file by adding a comment or a title, the JSON value that should get stored gets damaged/truncated if the title or comment contains a single quote ('). | ||||
| Steps To Reproduce | Upload a file and use a single quote in the comment or title. | ||||
| Tags | No tags attached. | ||||
| Bug heat | 6 | ||||
| Complete LimeSurvey version number (& build) | 120418 | ||||
| I will donate to the project if issue is resolved | No | ||||
| Browser | Chrome | ||||
| Database type & version | MySQL | ||||
| Server OS (if known) | Linux | ||||
| Webserver software & version (if known) | Apache | ||||
| PHP Version | PHP Version 5.3.3-7+squeeze8 | ||||
 |
If you upload a file and put a single quote in the title or comment, the value shown in the upload file questions looks fine. However, if you click the edit button the value shown in the pop-up window is truncated at the single quote. That is a problem with /scripts/uploader.js However, the value stored in the database is fine (e.g. it includes the embedded single quotes). |
|
|
So, since this is only a problem if the user tries to edit the title or comment after first setting it, downgrading this to minor. |
 |
[{ "title":"this's a title","comment":"this 's a comment","size":"38.366","name":"complete%20main%20bedroom%2C%20last%20curtains%20on%20the%20way.jpg","filename":"fu_3hf8exhi4hq9u4n","ext":"jpg" },{ "title":"","comment":"","size":"38.366","name":"complete%20main%20bedroom%2C%20last%20curtains%20on%20the%20way.jpg","filename":"fu_cmekbk9c22cv577","ext":"jpg" }] In the above JSON record, both the comment and title have single quotes stored in them. The title is stored correctly but the comment has a single with an extra space in front of it. The problem is that if a person who has taken a survey and uploaded a file and then goes back to change/upload another file, the original files APPEAR to be missing (ie not displayed) even tho their record is in the database. In the sample.jpg attatched, the first image is in its own group as expected. The second group of two files looks blank but the database contains the record you see here. |
|
|
Oh and if the user then submits the survey with the 'missing images' then this is the resultant record in the database - slashes, extra spaces and then truncated at the first single quote. If he tries again, double slashes and so on... [{ \"title\":\"this |
 |
Diogo, are you still at this? |
|
|
Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=9158 |
|
|
Fix committed to Yii branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=9159 |
