Relationship Graph
View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
15200 | Bug reports | Other | public | 2019-08-27 23:10 | 2019-08-30 20:11 |
Reporter | renatocron | Assigned To | c_schmitz | ||
Priority | none | Severity | partial_block | ||
Status | closed | Resolution | duplicate | ||
Product Version | 3.17.x | ||||
Fixed in Version | 3.17.x | ||||
Summary | 15200: Unable to submit token first time it loaded on Safari (Iphone and MacOS) | ||||
Description | Hello, I'm upgraded from 3.15.6.190108 to v3.17.9 (and then v3.17.13) because of a lot of security bugfixs and but I now started getting "Please use the LimeSurvey navigation buttons or index. It appears you attempted" when I try to submit the survey for the first time it loaded on that session/device. It happens with all surveys I have, even if there's a required field or not, but it's always on the first page that the message is shown. So far, only was able to reproduce it on Safari browser (both desktop and on iPhone). If Chrome is used, it works as expected, even on IOS. On Safari desktop, sometimes I even need to submit it multiple times to get rid of the message. So, could be my theme messing with the things after the upgrade? To figure that out, I created a new survey, with just one question group, and only one text question, activated and closed it, changed the setting "Enable token-based response persistence: I found this on the forum: It's looks it's the same issue, but I was not able to reproduce when testing with my phone on using my survey. (Samsung browser UA: "Mozilla/5.0 (Linux; Android 8.0.0; ZE553KL Build/OPR1.170623.026) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/9.4 Chrome/67.0.3396.87 Mobile Safari/537.36" not tested on a Samsung smartphone though) So, I read it, and found a thing called "Ajax Mode": I turned off Ajax Mode, I was so happy to disabled it and crossed my fingers, but did not solved the issue :S I also tried disabling csrf and change the session to the database. Still nothing. I tried this survey file I put here on 3.15.6+190108 (old testing container I had) and it worked, but this version is too old (but maybe I may use it anyway and just cherry pick the issues I found) For now, I will try to reproduce it on 3.15.6.190108 (as I did not had tested it on that version) | ||||
Steps To Reproduce | Use the survey included on this, activate and close it. Insert a token. | ||||
Additional Information |
-- doing the same using Google Chrome:
| ||||
Tags | No tags attached. | ||||
Attached Files | |||||
Bug heat | 6 | ||||
Complete LimeSurvey version number (& build) | Version 3.17.13+190824 | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | Safari | ||||
Database type & version | Postgresql 10.6 | ||||
Server OS (if known) | Linux docker php | ||||
Webserver software & version (if known) | apache/php7 | ||||
PHP Version | 7.2 | ||||
So, I tested on all those versions: And then I upgraded to 3.17.10+190821.tar.gz and then, the bug lives! Changes from 3.17.9 (build 190731) to 3.17.10 (build 190821) August 21, 2019 I will try manually revert the "cannot save questions anymore" commit to see if the issue is gone (also, "exit and clear survey entrys" is visible at the last page still) |
|
3.17.9 is working (I checked my backup did eailer today, and I was running 3.7.10 on production, not 3.17.9 as cited on the first post, I must have been confused by the release notes and copied the "from" instead of "To") For now, I will use 3.17.9 as it schema is compatible with 3.7.10 and show no errors (but right now I'm testing on Safari on MacOS because I don't have an iphone to test, I was using one of my coworker). Also, never mind my comment on "exit and clear survey entrys" as it is only on the "endmessage" page ! "cannot save questions anymore" has nothing to do with the issue, it's on the admin. |
|
Maybe something related to security ? To have the «Please use the LimeSurvey navigation buttons or index. …» alert : checking if Can you check disabling a lot of security in Safari (if it's possible) ? We must fix in all condition, but sometimes it's more a browser issue (case of Samsung : clearly a browser issue …) |
|
I can see two calls to get the starting page: GET /lime/index.php/366148?token=275__wwqfg9bduj&lang=pt-BR&newtest=Y HTTP/1.1" 200 4786 "https://same.domain.com/questionarios/?responder-proxima=1" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Mobile/15E148 Safari/604.1" "-" **** this is strange, but also happen on Chrome, so I dunno That is the reason, because every call with 'newtest=Y' will create a new session and the old CRSF token will not be valid anymore. |
|
@c_schmitz : strangely it's not an issue with CRSF here :) only with LEMpostKey |
|
Hello! I captured that log when running with Aajax =Y on setup. That second request does not happen when disabled (but the message issue keep nevertheless) I found this checkIfUseBrowserNav() on application/helpers/SurveyRuntimeHelper.php, between current master (973959b0566) and 3.17.7 it's running the same code. Know know this, I changed the error message to include what differs from what. When the first page load, I got LEMpostKey=382532362, "Please use the survey navigation buttons or index. It appears you attempted to use the browser back button to re-submit a page. 382532362 != 107537746" And this page (with the popup) also had the same LEMpostKey=382532362 input value, and the post succeeded. I need find a way to log everytime LEMpostKey get set, because maybe it's not only on function run() line 431 (setting to mt_rand()) |
|
Fun little note: If I reuse the token, even if after using others, it does not show the message (same browser session): update lime_tokens_366148 set completed='N', token='111_metataro', usesleft='1';
update lime_tokens_366148 set completed='N', token='111_metataro', usesleft='1';
|
|
Please check out https://bugs.limesurvey.org/view.php?id=15212 for a quick solution. |
|
Thank you, I will apply and test it, but only on Tuesday , now I'm without any MacOS/Iphone |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2019-08-27 23:10 | renatocron | New Issue | |
2019-08-27 23:10 | renatocron | File Added: limesurvey_survey_366148.lss | |
2019-08-28 00:17 | renatocron | Note Added: 53313 | |
2019-08-28 00:41 | renatocron | Note Added: 53314 | |
2019-08-28 08:30 | DenisChenu | Note Added: 53316 | |
2019-08-28 10:36 | c_schmitz | Note Added: 53320 | |
2019-08-28 10:37 | c_schmitz | Note Edited: 53320 | |
2019-08-28 11:36 | DenisChenu | Note Added: 53324 | |
2019-08-28 14:06 | renatocron | Note Added: 53328 | |
2019-08-28 14:10 | renatocron | Note Added: 53329 | |
2019-08-30 19:46 | c_schmitz | Relationship added | duplicate of 15212 |
2019-08-30 19:46 | c_schmitz | Assigned To | => c_schmitz |
2019-08-30 19:46 | c_schmitz | Status | new => closed |
2019-08-30 19:46 | c_schmitz | Resolution | open => duplicate |
2019-08-30 19:46 | c_schmitz | Fixed in Version | => 3.17.x |
2019-08-30 19:47 | c_schmitz | Note Added: 53369 | |
2019-08-30 20:11 | renatocron | Note Added: 53370 |