View Issue Details

This bug affects 1 person(s).
 4
IDProjectCategoryView StatusLast Update
09470Bug reportsSurvey participants (Tokens)public2015-06-12 12:41
Reporterc_schmitz Assigned Toc_schmitz  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version2.05+ 
Target Version2.06+Fixed in Version2.06+ 
Summary09470: Problems with case-sensitive tokens
Description

When using tokens it is possible to enter a survey that has a token named 'Test' with the token key 'test'. When interruping and resuming the survey and using 'Test' the second time you get all kinds of weird behaviour and error messages.

Additional Information

The underlying problem is that MSSQL and MySQL do not check the token in a case-sensitive way in a query. Postgres does.

There are three ways to approach this problem:

1.) Make the particular column in the token & survey table case-sensitive by using the correct collation. Downsides are: it is DB specific, needs a DB upgrade, and might have unintended side-effects.

2.) On survey start select for matching records and case-compare to get the real token ID. Then instead of the token key in the survey table there would be a token ID in the future. Downsides are: Lost compatibility to old surveys, complicated upgrade conversion (error-prone), application-wide code changes

3.) Only allow lowercase token keys. Downside: Lots of checks on every insert, limiting user options

TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)9gh56tzj
I will donate to the project if issue is resolvedNo
Browser
Database type & version.
Server OS (if known).
Webserver software & version (if known).
PHP Version.

Users monitoring this issue

There are no users monitoring this issue.

Activities

c_schmitz

c_schmitz

2015-01-23 11:15

administrator   ~31481

I think option 1 is the best option though a bit complicated.

DenisChenu

DenisChenu

2015-03-04 12:11

developer   ~31758

Last edited: 2015-03-04 12:12

For 2 , with another issue (same for admin user).
I test after directly : $oUser->username==$username

See line 94 of Authdb.php
https://github.com/LimeSurvey/LimeSurvey/commit/07a2bad77ba6e8b2e3b6ffb8657c627f97b00712#diff-ef50a7f8e0aa263c0b90eb3a8ef44df3R97

Think this can be done before update SQL really. (and must be done ;) )

c_schmitz

c_schmitz

2015-05-11 23:03

administrator   ~32168

Fix committed to 2.06 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=15166

c_schmitz

c_schmitz

2015-05-12 10:33

administrator   ~32175

Fix committed to 2.06 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=15167

DenisChenu

DenisChenu

2015-05-12 10:36

developer   ~32176

Thanks :)
Maybe need to do same for AuthDB ?

c_schmitz

c_schmitz

2015-06-12 12:41

administrator   ~32322

2.06 Build 150612 released

Related Changesets

LimeSurvey: 2.06 086dfa7a

2015-05-11 21:03:40

c_schmitz

Details Diff
Fixed issue 09470: Problems with case-sensitive token
Dev Tokens are now case-sensitive
Dev Raised DBVersion to 181
Affected Issues
09470
mod - application/config/version.php Diff File
mod - application/core/db/MssqlSchema.php Diff File
mod - application/helpers/admin/activate_helper.php Diff File
mod - application/helpers/update/updatedb_helper.php Diff File
mod - application/models/Token.php Diff File
mod - installer/sql/create-mssql.sql Diff File
mod - installer/sql/create-mysql.sql Diff File
mod - installer/sql/create-pgsql.sql Diff File

LimeSurvey: 2.06 2e22fe50

2015-05-12 08:32:57

c_schmitz

Details Diff
Fixed issue 09470: Problems with case-sensitive token
Dev Adjusted collation of response table token field too to prevent JOIN problems
Affected Issues
09470
mod - application/helpers/admin/activate_helper.php Diff File
mod - application/helpers/update/updatedb_helper.php Diff File

Issue History

Date Modified Username Field Change
2015-01-23 11:14 c_schmitz New Issue
2015-01-23 11:14 c_schmitz Status new => assigned
2015-01-23 11:14 c_schmitz Assigned To => c_schmitz
2015-01-23 11:15 c_schmitz Note Added: 31481
2015-03-04 12:11 DenisChenu Note Added: 31758
2015-03-04 12:12 DenisChenu Note Edited: 31758
2015-05-11 23:03 c_schmitz Changeset attached => LimeSurvey 2.06 086dfa7a
2015-05-11 23:03 c_schmitz Note Added: 32168
2015-05-11 23:03 c_schmitz Resolution open => fixed
2015-05-11 23:04 c_schmitz Status assigned => resolved
2015-05-11 23:04 c_schmitz Fixed in Version => 2.06+
2015-05-12 10:33 c_schmitz Changeset attached => LimeSurvey 2.06 2e22fe50
2015-05-12 10:33 c_schmitz Note Added: 32175
2015-05-12 10:36 DenisChenu Note Added: 32176
2015-06-12 12:41 c_schmitz Note Added: 32322
2015-06-12 12:41 c_schmitz Status resolved => closed
2016-12-08 10:39 c_schmitz Category Tokens => Survey participants (Tokens)