View Issue Details

This bug affects 1 person(s).
 10
IDProjectCategoryView StatusLast Update
09326Bug reportsImport/Exportpublic2014-12-29 15:33
Reporterkettner Assigned Toc_schmitz  
PrioritynormalSeveritycrash 
Status closedResolutionfixed 
Product Version2.05+ 
Fixed in Version2.05+ 
Summary09326: 500 Internal Server Error when copying and/or importing surveys with less rights than superadmin (superuser)
Description

Users are reporting error when trying to import and/or copy their surveys. Browser log shows 500 Internal Server Error, however normal users see just a blank white page when clicking on Import survey or Copy survey.

I was unable to reproduce the error until I changed rights to less than superadmin rights. In other words only superadmin can copy / import surveys successfully. Other rights setting generate 500 Internal Server Error

Steps To Reproduce

Make a new testing user with limited rights, however full rights enabling copying and importing surveys own surveys.

Create a new survey.

Export the survey.

Try to import / copy exported or existing survey.

Additional Information

Attached see .lss file trying to import.

TagsNo tags attached.
Attached Files
Bug heat10
Complete LimeSurvey version number (& build)205plus-build141020
I will donate to the project if issue is resolvedNo
BrowserMozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36
Database type & versionPostgreSQL 9.1.14
Server OS (if known)Ubuntu 12.04 LTS
Webserver software & version (if known)Apache/2.2.22 (Ubuntu)
PHP Version5.3.10-1ubuntu3.14

Users monitoring this issue

DenisChenu

Activities

DenisChenu

DenisChenu

2014-10-26 10:32

developer   ~30860

You have XSS security to on.

When importing with XSS : it take more memory.

Can you activate debug mode. Surely memory issue.

kettner

kettner

2014-10-26 16:49

reporter   ~30865

Yes, surely memory issue. I turned the debug mode on and tried to copy a survey:

Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 81 bytes) in /var/www/limesurvey/framework/vendors/htmlpurifier/HTMLPurifier.standalone.php on line 12216

When I deactivate XSS filtering, then the problem disappears for normal users. (XSS is always off for superadmin, this is the thing).

Well, is there any suggestion to solve the memory issue with XSS on?

DenisChenu

DenisChenu

2014-10-26 16:59

developer   ~30866

The code is here :
https://github.com/LimeSurvey/LimeSurvey/blob/master/application/core/LSYii_Validators.php#L102

But attention, we need a complete XSS filtering, not just filtering <script> ;)

kettner

kettner

2014-10-26 17:24

reporter   ~30867

Many thanks! Anyway, I doubled the memory_limit in config.php.
Problem seems to have disappeared. If no other notes, you may close the issue. :-)

DenisChenu

DenisChenu

2014-11-02 13:22

developer   ~30902

Memory issue

c_schmitz

c_schmitz

2014-11-10 12:48

administrator   ~30933

Version 2.05 Build 141110 released

mdekker

mdekker

2014-12-03 13:43

reporter   ~31148

When it needs more than double the size with xss on I think there is a problem. I succeeded as admin with 128mb, when doing it as a normal user 256mb was still not enough.

When placing gc_collect_cycles(); in the question and subquestion routines the memory stays even within a 32mb limit.

Don't have time to further investigate, but there is a serious leak somewhere.

DenisChenu

DenisChenu

2014-12-03 16:17

developer   ~31149

Last edited: 2014-12-03 16:20

@mdekker : with gc_collect_cycles : memory reduced for admin too ?

We force 5.3, then maybe it's a solution

PS: maybe there are some caching in memory for XSS too ?
PS2: zend.enable_gc is at On for me (default debian install) : can you provide your lss file for testing ?

c_schmitz

c_schmitz

2014-12-19 15:29

administrator   ~31310

I don't think that there is a leak. If it was then gc_collect_cycles() would NOT collect it.

Anyway, if there is a issue it is inside HTMLPurifier, so lets just call gc_collect_cycles() once after purify(). I checked and it does not really add any processing time.

c_schmitz

c_schmitz

2014-12-19 15:31

administrator   ~31311

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&amp;id=14765

c_schmitz

c_schmitz

2014-12-19 15:32

administrator   ~31312

Fix committed to 2.06 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&amp;id=14766

c_schmitz

c_schmitz

2014-12-29 15:33

administrator   ~31371

Version 2.05 Build 141229 released

Related Changesets

LimeSurvey: master 6bdd0679

2014-12-19 14:30:55

c_schmitz

Details Diff
Fixed issue 09326: High memory usage if non-superadmin imports survey with acivated XSS filter Affected Issues
09326
mod - application/core/LSYii_Validators.php Diff File

LimeSurvey: 2.06 5257b66d

2014-12-19 14:30:55

c_schmitz

Details Diff
Fixed issue 09326: High memory usage if non-superadmin imports survey with acivated XSS filter Affected Issues
09326
mod - application/core/LSYii_Validators.php Diff File

Issue History

Date Modified Username Field Change
2014-10-24 15:19 kettner New Issue
2014-10-24 15:19 kettner File Added: limesurvey_survey_179748.lss
2014-10-26 10:32 DenisChenu Note Added: 30860
2014-10-26 16:49 kettner Note Added: 30865
2014-10-26 16:59 DenisChenu Note Added: 30866
2014-10-26 17:24 kettner Note Added: 30867
2014-11-02 13:22 DenisChenu Note Added: 30902
2014-11-02 13:22 DenisChenu Status new => resolved
2014-11-02 13:22 DenisChenu Fixed in Version => 2.05+
2014-11-02 13:22 DenisChenu Resolution open => no change required
2014-11-02 13:22 DenisChenu Assigned To => DenisChenu
2014-11-10 12:48 c_schmitz Note Added: 30933
2014-11-10 12:48 c_schmitz Status resolved => closed
2014-12-03 13:43 mdekker Note Added: 31148
2014-12-03 13:43 mdekker Status closed => feedback
2014-12-03 13:43 mdekker Resolution no change required => reopened
2014-12-03 16:17 DenisChenu Note Added: 31149
2014-12-03 16:17 DenisChenu Note Edited: 31149
2014-12-03 16:20 DenisChenu Note Edited: 31149
2014-12-14 12:44 DenisChenu Issue Monitored: DenisChenu
2014-12-14 12:46 DenisChenu Assigned To DenisChenu =>
2014-12-14 12:47 DenisChenu Status feedback => acknowledged
2014-12-19 15:29 c_schmitz Note Added: 31310
2014-12-19 15:29 c_schmitz Assigned To => c_schmitz
2014-12-19 15:29 c_schmitz Status acknowledged => assigned
2014-12-19 15:31 c_schmitz Status assigned => resolved
2014-12-19 15:31 c_schmitz Resolution reopened => fixed
2014-12-19 15:31 c_schmitz Changeset attached => LimeSurvey master 6bdd0679
2014-12-19 15:31 c_schmitz Note Added: 31311
2014-12-19 15:32 c_schmitz Changeset attached => LimeSurvey 2.06 5257b66d
2014-12-19 15:32 c_schmitz Note Added: 31312
2014-12-29 15:33 c_schmitz Note Added: 31371
2014-12-29 15:33 c_schmitz Status resolved => closed
2021-08-04 04:09 guest Bug heat 8 => 10