Relationship Graph

Relationship Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

This bug affects 1 person(s).
 14
IDProjectCategoryView StatusLast Update
15529Bug reportsPrint Viewpublic2020-01-31 17:12
Reporterzebluk Assigned Tocdorin  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version3.19.3 
Summary15529: Print answer wrongly includes hidden questions
DescriptionPrinting answers (that is, saving in a PDF or QUEXMLPDF) includes hidden questions as well as equations that should not be revealed to user
Steps To Reproduce1. Put any hidden question in a survey
2. Allow users to print answers
3. Disable auto-redirection at the survey end
4. Activate the survey
5. Complete the survey
6. On the last page, choose print answers
7. Save in PDF or QUEXMLPDF
Additional InformationCODE FIX:

In application/models/SurveyDynamic.php line 779, there is a test meant to exclude hidden questions: $attributes['hidden'] === 1

However for some reason the attribute here is a string and the triple equal fails. Replace line 779 with: $attributes['hidden'] == 1

Solves the problem, but the real problem is probably in another layer returning a string instead of an integer.

Note: $attributes['hidden'] === "1" also solves the issue but it would probably not be consistent with future changes in the other layers, I recommend using == as a quick and somewhat more reliable fix
TagsNo tags attached.
Bug heat14
Complete LimeSurvey version number (& build)Tested on Demo (Version 3.19.3), Version 3.17.5+190604, and Version 3.17.16+190906
I will donate to the project if issue is resolvedNo
BrowserChrome 78.0.3904.87
Database type & versionUnknown
Server OS (if known)Linux
Webserver software & version (if known)
PHP Version7

Relationships

has duplicate 14922 new Hidden question attribute not available for printanwers_question.twig template 
related to 15783 closed Print answers : all is empty 

Activities

zebluk

zebluk

2019-11-05 06:15

reporter  

DenisChenu

DenisChenu

2020-01-28 09:09

developer   ~55491

This can lead to major data breach …
With Equation question for example …
DenisChenu

DenisChenu

2020-01-28 09:22

developer   ~55493

@cdorin : the fix is easy
https://github.com/LimeSurvey/LimeSurvey/pull/1378
ollehar

ollehar

2020-01-28 15:26

administrator   ~55504

Merged.
ollehar

ollehar

2020-01-28 15:26

administrator   ~55505

Please test (not Denis ;) ).
lime_release_bot

lime_release_bot

2020-01-28 17:44

administrator   ~55543

Fixed in Release 3.22.1+200129

Issue History

Date Modified Username Field Change
2019-11-05 06:15 zebluk New Issue
2019-11-05 06:15 zebluk File Added: limesurvey_survey_851999.lss
2019-11-05 07:05 DenisChenu Issue Monitored: DenisChenu
2019-11-14 22:01 cdorin Assigned To => cdorin
2019-11-14 22:01 cdorin Status new => assigned
2020-01-21 14:21 DenisChenu Relationship added has duplicate 14922
2020-01-28 09:09 DenisChenu File Added: survey_archive_printHidden.lsa
2020-01-28 09:09 DenisChenu File Added: Capture d’écran du 2020-01-28 09-02-20.png
2020-01-28 09:09 DenisChenu File Added: Capture d’écran du 2020-01-28 09-04-34.png
2020-01-28 09:09 DenisChenu Note Added: 55491
2020-01-28 09:22 DenisChenu Note Added: 55493
2020-01-28 12:10 cdorin Priority none => normal
2020-01-28 12:10 cdorin Steps to Reproduce Updated View Revisions
2020-01-28 12:10 cdorin Additional Information Updated View Revisions
2020-01-28 15:26 ollehar Note Added: 55504
2020-01-28 15:26 ollehar Status assigned => testing
2020-01-28 15:26 ollehar Note Added: 55505
2020-01-28 17:44 lime_release_bot Note Added: 55543
2020-01-28 17:44 lime_release_bot Status testing => closed
2020-01-28 17:44 lime_release_bot Resolution open => fixed
2020-01-31 17:12 DenisChenu Relationship added related to 15783
2021-08-02 18:01 guest Bug heat 12 => 14