| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 10213 | Bug reports | Survey participants (Tokens) | public | 2016-01-08 17:08 | 2016-01-22 08:54 |
| Reporter | wingman123 | Assigned To | |||
| Priority | high | Severity | crash | ||
| Status | closed | Resolution | fixed | ||
| Product Version | 2.06+ | ||||
| Summary | 10213: Lime2.5RC6 Cannot initialize token table | ||||
| Description | Within Lime2.5RC6 I cannot initialize a token table. I've tried on Postgres and Mysql. Clicking Initialize refreshes the same page but doesn't carry out the action, might be a simple fix | ||||
| Steps To Reproduce | Use Lime2.5RC6 with Postgres or mysql
| ||||
| Tags | No tags attached. | ||||
| Bug heat | 6 | ||||
| Complete LimeSurvey version number (& build) | Lime2.5 RC6 - 28549d50b1a | ||||
| I will donate to the project if issue is resolved | No | ||||
| Browser | Chrome, Firefox | ||||
| Database type & version | Postgres 9.4.4, MySQLVer 14.14 Distrib 5.6.27 | ||||
| Server OS (if known) | Mac OSX 10.11 | ||||
| Webserver software & version (if known) | Apache/2.4.16 | ||||
| PHP Version | 5.6.13 | ||||
 |
Bug appears to have occured in this commit Not sure if intentional. Looking into it further |
|
|
if (Yii::app()->request->getPost('createtable') == "Y") // Update table, must be CRSF controlled The offending line. But im not sure if there was going to be some other logic change in order to utilize a POST instead of a GET. A temp fix is reverting to (Yii::app()->request->getQuery('createtable') == "Y") // |
 |
There was a security fix for 2.06 : table updating managing MUST be CRSF token. We must send POST here, and not GET |
|
|
Ok that makes sense, so the request should be modified to work with POST then |
 |
Fix committed to 2.5 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=16835 |
|
|
thanks for reporting. |
