Dependency Graph

Dependency Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

This bug affects 1 person(s).
 252
IDProjectCategoryView StatusLast Update
15693Feature requestsSecuritypublic2021-03-07 21:55
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynoneSeverityfeature 
Status closedResolutionfixed 
Summary15693: Allow simple user to update script with XSS enable
Description

By default : question->script must be disabled for simple user if XSS is enable.
Then it can be great to allow question->script even if XSS is enable for this user.

Additional Information

https://github.com/LimeSurvey/LimeSurvey/pull/1358

TagsNo tags attached.
Attached Files
Bug heat252
Story point estimate
Users affected %

Relationships

related to 15690 closedDenisChenu Bug reports User with XSS enable can add/update scripts 
related to 15096 closedDenisChenu Feature requests XSS for super-admin too 
related to 15702 assignedDenisChenu Bug reports Script text field should be read-only when user is not allowed to add scripts 
related to 17028 closedDenisChenu Bug reports Script are not saved 

Activities

DenisChenu

DenisChenu

2020-01-07 17:30

developer   ~55141

And if we can disallow XSS for superadmin too : we need to allow question->script ONLY for superadmin too … : need another feature request ?

DenisChenu

DenisChenu

2020-01-13 09:12

developer   ~55216

https://github.com/LimeSurvey/LimeSurvey/pull/1366/files

DenisChenu

DenisChenu

2020-01-17 17:43

developer   ~55368

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=29408

DenisChenu

DenisChenu

2020-01-17 17:45

developer   ~55369

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=29409

DenisChenu

DenisChenu

2020-01-17 17:52

developer   ~55370

https://github.com/LimeSurvey/LimeSurvey/pull/1372

DenisChenu

DenisChenu

2020-01-22 09:47

developer   ~55425

PS : need this before https://bugs.limesurvey.org/view.php?id=15096

DenisChenu

DenisChenu

2020-01-28 15:02

developer   ~55498

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=29460

Related Changesets

LimeSurvey: master 96c06a9d

2020-01-17 17:43:00

DenisChenu

Details Diff
New feature 15693: Allow simple user to update script with XSS enable
Dec: add the settings and use it
Affected Issues
15693
mod - application/config/config-defaults.php Diff File
mod - application/core/LSWebUser.php Diff File
mod - application/views/admin/globalsettings/_security.php Diff File

LimeSurvey: master 97d8e349

2020-01-17 17:44:55

DenisChenu

Details Diff
Revert "New feature 15693: Allow simple user to update script with XSS enable"
Dev: bad push …
This reverts commit 96c06a9d93a4209e43c94eeac6d822ebf7aca760.
Affected Issues
15693
mod - application/config/config-defaults.php Diff File
mod - application/core/LSWebUser.php Diff File
mod - application/views/admin/globalsettings/_security.php Diff File

LimeSurvey: master ae8a6cb8

2020-01-28 15:02:48

DenisChenu


Committer: markusfluer Details Diff
New feature 15693: Allow simple user to update script with XSS enable (#1372) Affected Issues
15693
mod - application/config/config-defaults.php Diff File
mod - application/core/LSWebUser.php Diff File
mod - application/views/admin/globalsettings/_security.php Diff File

Issue History

Date Modified Username Field Change
2020-01-07 17:29 DenisChenu New Issue
2020-01-07 17:29 DenisChenu Relationship added related to 15690
2020-01-07 17:29 DenisChenu Relationship added related to 15096
2020-01-07 17:30 DenisChenu Note Added: 55141
2020-01-10 16:20 DenisChenu Relationship added related to 15702
2020-01-13 09:12 DenisChenu Note Added: 55216
2020-01-13 09:12 DenisChenu Assigned To => DenisChenu
2020-01-13 09:12 DenisChenu Status new => ready for testing
2020-01-13 09:13 DenisChenu File Added: Capture d’écran du 2020-01-13 09-13-05.png
2020-01-13 09:13 DenisChenu File Added: Capture d’écran du 2020-01-13 09-13-19.png
2020-01-13 14:35 DenisChenu Assigned To DenisChenu => ollehar
2020-01-17 15:42 DenisChenu Assigned To ollehar => DenisChenu
2020-01-17 15:42 DenisChenu Status ready for testing => assigned
2020-01-17 17:42 DenisChenu Summary Allow configure question script allowed => Allow simple user to update script with XSS enable
2020-01-17 17:43 DenisChenu Changeset attached => LimeSurvey master 96c06a9d
2020-01-17 17:43 DenisChenu Note Added: 55368
2020-01-17 17:43 DenisChenu Resolution open => fixed
2020-01-17 17:45 DenisChenu Changeset attached => LimeSurvey master 97d8e349
2020-01-17 17:45 DenisChenu Note Added: 55369
2020-01-17 17:52 DenisChenu Assigned To DenisChenu => cdorin
2020-01-17 17:52 DenisChenu Status assigned => ready for testing
2020-01-17 17:52 DenisChenu Note Added: 55370
2020-01-22 09:47 DenisChenu Note Added: 55425
2020-01-28 15:02 markusfluer Changeset attached => LimeSurvey master ae8a6cb8
2020-01-28 15:02 DenisChenu Note Added: 55498
2020-01-28 15:02 DenisChenu Assigned To cdorin => DenisChenu
2020-02-19 08:10 DenisChenu Status ready for testing => resolved
2020-02-19 08:10 DenisChenu Fixed in Version => 4.x.x
2021-01-29 09:08 DenisChenu Relationship added related to 17028
2021-03-07 21:55 c_schmitz Status resolved => closed