LimeSurvey issue tracker
Registration

View Issue Details Jump to Notes ] Related Changesets ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
06536Bug reports[All Projects] Otherpublic2012-08-31 19:162012-09-28 08:42
Reporternwinter 
Assigned Toc_schmitz 
PrioritynormalSeveritymajor 
StatusclosedResolutionfixed 
Product Version1.92+ 
Target VersionFixed in Version2.00+ 
Summary06536: HTML editor converts special characters to html entities within equations
DescriptionStarting with build 120822, special characters that are within equations that are part of a question get converted by the equation editor to HTML entities, thus breaking the equation.
Steps To ReproduceCreate new equation question and insert content (in "Source" view):

{if(1<2,"less","more")}

Save question. Then edit question and save without modifying.

Additional InformationDoes not seem to occur under build number 120815
I will donate to the project if issue is resolved within 48 hrsYes
LimeSurvey build number OR git commit ID120822
Browser
Database & DB-Version155.5
Operating System (Server)Linux
Webserver software & versionApache/2.2.17 (Fedora)
PHP Version5.3.8
Attached Files

- Relationships
related to 06530closedDenisChenu Since latest update unable to upload documents in survey 
related to 06550closedDenisChenu Translation of 'Other:' comment mandatory for survey taking (And text is untranslatable) 
related to 06556closedDenisChenu 'Other:' comment mandatory with list (and condition on that question) hides entire group? 

-  Notes
User avatar (20615)
nwinter (reporter)
2012-08-31 19:38

Just discovered this only occurs when XSS is disabled. But in prior build this does not occur either way.
User avatar (20616)
nwinter (reporter)
2012-08-31 19:59

Problem appears to be with line 1248 of limesurvey/classes/expressions/ExpressionManager.php

In 120822 this line is:

$result = $this->sProcessStringContainingExpressionsHelper($result,$questionNum, $staticReplacement);

In 120815 it is:

$result = $this->sProcessStringContainingExpressionsHelper(htmlspecialchars_decode($result,ENT_QUOTES),$questionNum, $staticReplacement);


I've confirmed that the problem goes away when the older version of that line is substituted. Of course, I don't know why that line was changed in the 120822 build, so I don't know what might be broken with this "fix".
User avatar (20636)
TMSWhite (reporter)
2012-09-06 15:40

Since this is all related to an XSS fix, Carsten should take a look at is.
User avatar (20664)
c_schmitz (administrator)
2012-09-13 00:23

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=9483 [^]
User avatar (20665)
c_schmitz (administrator)
2012-09-13 00:30

Fix committed to Yii branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=9484 [^]
User avatar (20757)
nwinter (reporter)
2012-09-22 00:46

With Version 1.92+ Build 120919, quotes no longer get changed, but other HTML entities do. So, for example, < becomes < and so on...
User avatar (20758)
nwinter (reporter)
2012-09-22 00:46

(In my note just now, it should say that the less-than character becomes the html-entity for less-than; i.e., ampersand-lt-semicolon.
User avatar (20759)
nwinter (reporter)
2012-09-22 01:06

OK - sorry - I see now. When you hit the "Source" button, the characters are turned into HTML entities in the edit window. But they are OK when the equation gets stored/executed/etc.

I think.

- Related Changesets
LimeSurvey: master 8e1620c7
Timestamp: 2012-09-12 15:22:57
Author: c_schmitz
Committer: Carsten Schmitz
Details ] Diff ]
Fixed issue 06536: HTML editor converts special characters to html entities within equations
mod - admin/database.php Diff ] File ]
mod - admin/scripts/ckeditor.36/limesurvey-config.js Diff ] File ]
LimeSurvey: Yii 39f3bf3a
Timestamp: 2012-09-12 15:29:33
Author: c_schmitz
Committer: Carsten Schmitz
Details ] Diff ]
Fixed issue 06536: HTML editor converts special characters to html entities within equations
mod - application/config/config-defaults.php Diff ] File ]
mod - application/helpers/admin/htmleditor_helper.php Diff ] File ]
mod - scripts/admin/ckeditor-config.js Diff ] File ]

- Issue History
Date Modified Username Field Change
2012-08-31 19:16 nwinter New Issue
2012-08-31 19:38 nwinter Note Added: 20615
2012-08-31 19:59 nwinter Note Added: 20616
2012-09-01 19:31 TMSWhite Relationship added related to 06530
2012-09-06 15:29 Mazi Assigned To => TMSWhite
2012-09-06 15:29 Mazi Status new => assigned
2012-09-06 15:32 TMSWhite Assigned To TMSWhite => c_schmitz
2012-09-06 15:40 TMSWhite Note Added: 20636
2012-09-06 15:42 TMSWhite Relationship added related to 06423
2012-09-13 00:23 c_schmitz Changeset attached => LimeSurvey master 8e1620c7
2012-09-13 00:23 c_schmitz Note Added: 20664
2012-09-13 00:23 c_schmitz Resolution open => fixed
2012-09-13 00:30 c_schmitz Changeset attached => LimeSurvey Yii 39f3bf3a
2012-09-13 00:30 c_schmitz Note Added: 20665
2012-09-13 00:30 c_schmitz Status assigned => resolved
2012-09-13 00:30 c_schmitz Fixed in Version => 1.92+
2012-09-19 10:37 DenisChenu Relationship added related to 06550
2012-09-20 14:12 c_schmitz Status resolved => closed
2012-09-22 00:46 nwinter Note Added: 20757
2012-09-22 00:46 nwinter Status closed => feedback
2012-09-22 00:46 nwinter Resolution fixed => reopened
2012-09-22 00:46 nwinter Note Added: 20758
2012-09-22 00:46 nwinter Status feedback => assigned
2012-09-22 01:06 nwinter Note Added: 20759
2012-09-26 09:36 c_schmitz Status assigned => closed
2012-09-26 09:36 c_schmitz Resolution reopened => fixed
2012-09-26 09:36 c_schmitz Fixed in Version 1.92+ => 2.00+
2012-09-28 08:41 DenisChenu Relationship added parent of 06556
2012-09-28 08:41 DenisChenu Relationship deleted parent of 06556
2012-09-28 08:42 DenisChenu Relationship added related to 06556


Copyright © 2000 - 2014 MantisBT Team
Powered by Mantis Bugtracker