Dependency Graph

View IssueRelationship GraphVerticalShow Summary
Dependency Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
17028Bug reportsSurvey editingpublic2021-01-29 09:072021-12-07 14:54
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version4.4.0 
Fixed in Version5.x 
Summary17028: Script are not saved
Description

Even as super admin : sript on question are not saved

Steps To Reproduce

Log in as super admin,
Edit question
Show script,
add alert("XSS") in script part
Save and close: no saved

Additional Information

Remind :

  • Script must be readonly for some user (XSS+Disable question script)
  • User with XSS+Disable question script can not update script (with hacking HTML)
TagsNo tags attached.
Attached Files
Peek 29-01-2021 09-06.gif (968,196 bytes)
Bug heat6
Complete LimeSurvey version number (& build)4.4.0 github
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Relationships

Relationship GraphDependency Graph
related to 17027 closedollehar Bug reports Personal settings " Show script field: " to no throw error 
related to 15693 closedDenisChenu Feature requests Allow simple user to update script with XSS enable 
related to 17008 closedDenisChenu Bug reports Bad label and id in Question editor 

Activities

cdorin

cdorin

2021-01-29 09:52

reporter   ~61802

Weird. The fix got lost. Thx for report
DenisChenu

DenisChenu

2021-01-29 09:55

developer   ~61803

Last edited: 2021-11-19 11:15

Can you check with dev to merge https://github.com/LimeSurvey/LimeSurvey/pull/1729/files before …

(same place)
DenisChenu

DenisChenu

2021-11-19 11:15

developer   ~67441

Last edited: 2021-11-19 11:15

Script are saved but not « Set for all languages »
gabrieljenik

gabrieljenik

2021-12-07 14:54

manager   ~67730

I was looking for a version in which "Set for all languages" would work, but at the moment I could not find. Have this ever worked?

I wanted to see how it works. It is not clear to me if it is on the PHP side (save the base language in all languages), or on the client side (that the changes in the textarea are replicated in the others).

Issue History

Date Modified Username Field Change
2021-01-29 09:07 DenisChenu New Issue
2021-01-29 09:07 DenisChenu File Added: Peek 29-01-2021 09-06.gif
2021-01-29 09:07 DenisChenu Relationship added related to 17027
2021-01-29 09:08 DenisChenu Relationship added related to 15693
2021-01-29 09:52 cdorin Note Added: 61802
2021-01-29 09:52 cdorin Priority none => normal
2021-01-29 09:52 cdorin Status new => confirmed
2021-01-29 09:52 cdorin Sync to Zoho Project => |Yes|
2021-01-29 09:55 DenisChenu Note Added: 61803
2021-01-29 09:56 DenisChenu Relationship added related to 17008
2021-11-19 11:15 DenisChenu Assigned To => DenisChenu
2021-11-19 11:15 DenisChenu Status confirmed => closed
2021-11-19 11:15 DenisChenu Resolution open => fixed
2021-11-19 11:15 DenisChenu Fixed in Version => 5.x
2021-11-19 11:15 DenisChenu Note Added: 67441
2021-12-07 14:54 gabrieljenik Note Added: 67730
2021-12-07 14:54 gabrieljenik Bug heat 4 => 6