Dependency Graph

Dependency Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

This bug affects 1 person(s).
 14
IDProjectCategoryView StatusLast Update
15529Bug reportsPrint Viewpublic2020-01-31 17:12
Reporterzebluk Assigned Tocdorin  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version3.19.3 
Summary15529: Print answer wrongly includes hidden questions
Description

Printing answers (that is, saving in a PDF or QUEXMLPDF) includes hidden questions as well as equations that should not be revealed to user

Steps To Reproduce
  1. Put any hidden question in a survey
  2. Allow users to print answers
  3. Disable auto-redirection at the survey end
  4. Activate the survey
  5. Complete the survey
  6. On the last page, choose print answers
  7. Save in PDF or QUEXMLPDF
Additional Information

CODE FIX:

In application/models/SurveyDynamic.php line 779, there is a test meant to exclude hidden questions: $attributes['hidden'] === 1

However for some reason the attribute here is a string and the triple equal fails. Replace line 779 with: $attributes['hidden'] == 1

Solves the problem, but the real problem is probably in another layer returning a string instead of an integer.

Note: $attributes['hidden'] === "1" also solves the issue but it would probably not be consistent with future changes in the other layers, I recommend using == as a quick and somewhat more reliable fix

TagsNo tags attached.
Attached Files
Bug heat14
Complete LimeSurvey version number (& build)Tested on Demo (Version 3.19.3), Version 3.17.5+190604, and Version 3.17.16+190906
I will donate to the project if issue is resolvedNo
BrowserChrome 78.0.3904.87
Database type & versionUnknown
Server OS (if known)Linux
Webserver software & version (if known)
PHP Version7

Relationships

has duplicate 14922 new Hidden question attribute not available for printanwers_question.twig template 
related to 15783 closed Print answers : all is empty 

Activities

DenisChenu

DenisChenu

2020-01-28 09:09

developer   ~55491

This can lead to major data breach …
With Equation question for example …

DenisChenu

DenisChenu

2020-01-28 09:22

developer   ~55493

@cdorin : the fix is easy
https://github.com/LimeSurvey/LimeSurvey/pull/1378

ollehar

ollehar

2020-01-28 15:26

administrator   ~55504

Merged.

ollehar

ollehar

2020-01-28 15:26

administrator   ~55505

Please test (not Denis ;) ).

lime_release_bot

lime_release_bot

2020-01-28 17:44

administrator   ~55543

Fixed in Release 3.22.1+200129

Issue History

Date Modified Username Field Change
2019-11-05 06:15 zebluk New Issue
2019-11-05 06:15 zebluk File Added: limesurvey_survey_851999.lss
2019-11-05 07:05 DenisChenu Issue Monitored: DenisChenu
2019-11-14 22:01 cdorin Assigned To => cdorin
2019-11-14 22:01 cdorin Status new => assigned
2020-01-21 14:21 DenisChenu Relationship added has duplicate 14922
2020-01-28 09:09 DenisChenu File Added: survey_archive_printHidden.lsa
2020-01-28 09:09 DenisChenu File Added: Capture d’écran du 2020-01-28 09-02-20.png
2020-01-28 09:09 DenisChenu File Added: Capture d’écran du 2020-01-28 09-04-34.png
2020-01-28 09:09 DenisChenu Note Added: 55491
2020-01-28 09:22 DenisChenu Note Added: 55493
2020-01-28 12:10 cdorin Priority none => normal
2020-01-28 12:10 cdorin Steps to Reproduce Updated
2020-01-28 12:10 cdorin Additional Information Updated
2020-01-28 15:26 ollehar Note Added: 55504
2020-01-28 15:26 ollehar Status assigned => ready for testing
2020-01-28 15:26 ollehar Note Added: 55505
2020-01-28 17:44 lime_release_bot Note Added: 55543
2020-01-28 17:44 lime_release_bot Status ready for testing => closed
2020-01-28 17:44 lime_release_bot Resolution open => fixed
2020-01-31 17:12 DenisChenu Relationship added related to 15783
2021-08-02 18:01 guest Bug heat 12 => 14