 |
I can't reproduce with included survey and last GIT version. Upload HTML source of a test and eml file. |
 |
Instead of the full Purifier shebang, can't you just strip Javascript? There is a function in common_helper for that. |
|
|
stripJavascript don't strip : onload, onhover .... etc ... And if a question text are < p > not closed tag Alternative is to strip tags when construction table. |
 |
Just so we are clear, the issue is not with stripping anything from the survey questions, the issue is with the insertion of a '!' character at a random place in the email text. Since this is only within an email and it is from the questions answered by the user, there is very little chance that there is any kind of malicious code in there, intentional or not. Thus, the cleanest solution for us is to simply not call HTMLPurifier at all. We simply cannot afford to have any random characters in our emails, and attempting to strip them out after the fact would be extremely difficult. |
|
|
Uploaded the PDF, Outlook, and text versions of the questionnaire answers for your review. There are 2 ! characters inserted in 2 different places in the file as well as a random space character breaking up the word "Server". That makes 3 random characters inserted into the email, not including ones we might not be able to see. |
|
|
Strange in text : there are ! in a class ???? |
|
|
If there are any special characters in the question text, why would removing the call to HTMLPurifier not make the email text appear strange? Again, removing the call to HTMLPurifier fixes the problem, and leaving it in causes these random characters to appear. The problem is in HTMLPurifier. Please can you look there to see how the characters could be inserted? Note also that it does the inserts at random, which means the exact same survey answered in the exact same manner will have the ! character(s) inserted at different places. |
|
|
For the reason of HTML purifier : http://bugs.limesurvey.org/view.php?id=9201 encode user answer PS: AND i can not reproduce the problem. Don't find how exactly the problem happen don't fix the problem really. |
|
|
Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=14904 |
|
|
Fix committed to 2.06 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=14905 |
|
|
I really don't find how you can have ! in your table. But using strip_tags is more secure and speed. HTML is not really needed in response table. |
|
|
I understand you are having problem reproducing the problem, but I do not understand your comment "Don't find how exactly the problem happen don't fix the problem really." Then you apply a fix? What fix did you apply if you say, as I think you are saying, that my fix does not fix the problem? I have provided proof that the problem is in HTMLPurifier by providing samples of the email and survey when it is in. When it is removed, the random characters disappear. How does this not fix the problem? |
|
|
@gtrudel : The last fix fix the issue : no htmlPurifier, but strip_tags. But if you have an issue for this , i don't understand why you don't have issue elsewhere. Again : i can't reproduce the htmlPurifier 'bug' and there is no report of such bug in html purifier website (or i don't find it). I think it can be due to a configuration in your server somewhere. |
|
|
I doubt the problem has to do with our server config, since removal of the call to HTMLPurifier solves the problem. The issue, plain and simple, is the code in HTMLPurifier is inserting random characters into the email text. Solution is either to remove the call to HTMLPurifier altogether (which we have done, and works perfectly), or else make the fix to HTMLPurifier so it does not insert the characters in the first place. |
|
|
Hi You have some ! in your email. Issue is fixed in next release with strip_tags PS: Maybe you use LimeSUrvey like this : only send to admin user and no complex HTML in your question. But some user have : Big picture, array, vidéo etc .... in question text, and sometimes email is send to 10 or more other users. |
|
|
Why would you want to apply strip_tags (or HTMLPurifier) to survey questions and answers being sent in an email to the survey respondent in the first place? I know what they do and what they are for, but it does not make sense (to me) in this context. Can you please explain? |
|
|
PS: Maybe you use LimeSUrvey like this : only send to admin user and no complex HTML in your question. But some user have : Big picture, array, vidéo[*] etc .... in question text, and sometimes email is send to 10 or more other users. PS2: you can create a new plugin using afterSurveySubmit if you need.
|
|
|
Response to PS: There is no complex HTML in our questions, apart from perhaps the validation of email addresses and phone numbers. We do not have the ability for users to enter any multimedia: they are very simple questions (i.e. text, select list, radio button) which you would see if you were to open up the survey or any of the supplied attachments. We are only sending the email to the admin user. Response to PS2: We have no need of a custom plug in after SurveySubmit: the current code works fine (minus the HTMLPurifier call). |
|
|
Hello Grant, in case you did not notice - most of us are busy with LimeSurvey in our spare time as volunteers. So if we do not match your expectations for free bug fixing support (for a free product), there is no need to be rude here. Sometimes the implications of procedures are wider than the average user/coder can see, there is obviously a reason why we originally implemented the HTML purifier (the corresponding issue is linked to the issue , btw). Questions and answers can contain unwanted tags inserted by an admin/survey participant. HTMLPurifier is a very complex 3rd party library. It relies heavily on PHP/system close functions. That it won't work properly with your system and cannot reproduced with ours could still be tied to your system, for example to your specifc PHP version which (for example) may have a bug in one of these functions. Anyway, I think considering our efforts to help you for free on an issue nobody but you can reproduce (and several team members tried here) I think a respectful and polite communication is key component here. |
|
|
Hello c_schmitz (sorry, but I do not know your name), We are on the same team here: trying to make LimeSurvey into a better product for all, and I hope some of my comments may help towards that end. For us, the insertion of random characters into the respondents survey had to be fixed, and the removal of the call to HTMLPurifier solved it. This may or may not help others: as you say, it could be a server issue or something related to our particular setup. It also never happens in the same manner twice. In the end, we could not see the value in keeping the call to it or to anything else that would change the questions or answers, so we are keeping it out. We, like you, are also busy and cannot afford the time and effort it takes to find out exactly why this is occurring and therefore, this easy fix was applied. Again, my apologies for any rudeness on my part, or any sign of disrespect. I hope we can continue to work together on this and other issues for the benefit of others. Thank you for your time and attention! |
|
|
Version 2.05 Build 150211 released |
- Anonymous
