View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 20
IDProjectCategoryView StatusDate SubmittedLast Update
10827Bug reportsSurvey takingpublic2016-03-24 13:482019-03-15 11:55
ReporterDenisChenu Assigned ToDenisChenu  
PrioritylowSeveritypartial_block 
Status closedResolutionfixed 
Product Version2.50.x 
Summary10827: Whole answers must be filtered before try to save in DB
Description

Actually : we filter date and number, but whole must be filtered for pg

Steps To Reproduce

I send a survey with js doing the HTML update

But example:
numeric : 1234567890123456789012345678901234567890 : break DECIMAL(30.10)
checkbox value to YYYY : break too

Additional Information

Nevers think user can not try to hack ;)

TagsNo tags attached.
Attached Files
limesurvey_survey_brokeDB.lss (16,103 bytes)
Bug heat20
Complete LimeSurvey version number (& build)160324
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & versionPostgreSQL 9.1.20
Server OS (if known)debian7/linux
Webserver software & version (if known)apache
PHP VersionPHP Version 5.4

Relationships

Relationship GraphDependency Graph
parent of 11933 closedDenisChenu No em tip in question 
related to 10840 closedollehar DB issue in susrvey : system is broken 
related to 14649 closedDenisChenu CDbException when a "default answer" option is not compatible with a question type 

Users monitoring this issue

There are no users monitoring this issue.

Activities

LouisGac

LouisGac

2016-03-24 15:49

developer   ~36791

I don't really understand the "hack" thing
DenisChenu

DenisChenu

2016-03-24 16:02

developer   ~36792

Use firebug to set "value" of any radio to MoreThan5

Hack : hack HTML code
DenisChenu

DenisChenu

2016-03-25 17:42

developer   ~36813

Project :
Validate ALL answer about the DB type, leave $_SESSION, set to null in DB.

In _validateQUestion : then we can return error when click next/submit. A "default sentence" for whole question: "your answer is invalid." or "Your answer is not valid." ? Or another sentence ?
Think i do the same for date too.
DenisChenu

DenisChenu

2016-03-25 18:13

developer   ~36814

_validateQUetsion don't validate user submitted question directly ....
LouisGac

LouisGac

2016-05-25 16:43

developer   ~38869

This will not be fix in 2.5.
It will be done in Question Objects, when we'll have question objects handling themselves their own validation.
DenisChenu

DenisChenu

2016-09-12 12:46

developer   ~40757

Resolved in https://github.com/LimeSurvey/LimeSurvey/pull/533
LouisGac

LouisGac

2016-09-12 14:05

developer   ~40759

+1
c_schmitz

c_schmitz

2016-09-20 10:48

administrator   ~40838

Version 2.52 Build 160920 released
DenisChenu

DenisChenu

2016-10-27 02:30

developer   ~41576

Not merged .... touch to EM at this point in a minor version .... glups ...

Move to 3.0
But

  • POSTED value need complete filter + error for user
  • not posted value (set by Equation for example) need "silently fixed" only and simple fix (for example : single choice allow [:alphanum:]{0,5}
DenisChenu

DenisChenu

2016-11-09 17:36

developer   ~41821

Fix committed to develop branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=21320
c_schmitz

c_schmitz

2017-07-21 17:08

administrator   ~44142

Version 3.0.0-beta.1 released

Related Changesets

LimeSurvey: develop 6c7c30d1

2016-11-09 17:34:30

DenisChenu

Details Diff 		Fixed issue 10827: Whole answers must be filtered before try to save in DB
Dev: redo https://github.com/LimeSurvey/LimeSurvey/pull/533
Dev: use another view for tip : biggest (it's really an error) + dismissable (no js system)		 Affected Issues
10827
mod - application/helpers/expressions/em_manager_helper.php Diff File
add - application/views/survey/system/questionhelp/error-tip.php Diff File

Issue History

Date Modified Username Field Change
2016-03-24 13:48 DenisChenu New Issue
2016-03-24 14:10 DenisChenu File Added: limesurvey_survey_brokeDB.lss
2016-03-24 15:49 LouisGac Note Added: 36791
2016-03-24 16:02 DenisChenu Note Added: 36792
2016-03-24 16:02 DenisChenu Steps to Reproduce Updated
2016-03-25 17:41 DenisChenu Assigned To => DenisChenu
2016-03-25 17:41 DenisChenu Status new => assigned
2016-03-25 17:42 DenisChenu Note Added: 36813
2016-03-25 18:13 DenisChenu Note Added: 36814
2016-03-30 14:28 DenisChenu Relationship added related to 10840
2016-05-17 13:23 c_schmitz Priority none => low
2016-05-25 16:43 LouisGac Note Added: 38869
2016-05-25 16:43 LouisGac Status assigned => resolved
2016-05-25 16:43 LouisGac Resolution open => won't fix
2016-05-25 17:19 DenisChenu Status resolved => closed
2016-05-25 17:19 DenisChenu Assigned To DenisChenu => LouisGac
2016-05-25 17:19 DenisChenu Fixed in Version => 2.5
2016-09-01 18:05 c_schmitz Assigned To LouisGac =>
2016-09-01 18:05 c_schmitz Status closed => feedback
2016-09-01 18:05 c_schmitz Resolution won't fix => reopened
2016-09-01 18:05 c_schmitz Assigned To => c_schmitz
2016-09-01 18:05 c_schmitz Status feedback => new
2016-09-01 18:05 c_schmitz Assigned To c_schmitz =>
2016-09-01 18:06 c_schmitz Fixed in Version 2.50.x =>
2016-09-01 18:10 DenisChenu Assigned To => DenisChenu
2016-09-01 18:10 DenisChenu Status new => assigned
2016-09-12 12:46 DenisChenu Note Added: 40757
2016-09-12 12:46 DenisChenu Status assigned => resolved
2016-09-12 12:46 DenisChenu Resolution reopened => fixed
2016-09-12 14:05 LouisGac Note Added: 40759
2016-09-20 10:48 c_schmitz Note Added: 40838
2016-09-20 10:48 c_schmitz Status resolved => closed
2016-10-27 02:30 DenisChenu Status closed => feedback
2016-10-27 02:30 DenisChenu Resolution fixed => reopened
2016-10-27 02:30 DenisChenu Note Added: 41576
2016-10-27 02:30 DenisChenu Status feedback => new
2016-10-27 02:30 DenisChenu Target Version => 3.0
2016-10-27 02:30 DenisChenu Status new => assigned
2016-11-09 17:36 DenisChenu Changeset attached => LimeSurvey develop 6c7c30d1
2016-11-09 17:36 DenisChenu Note Added: 41821
2016-11-09 17:36 DenisChenu Status assigned => resolved
2016-11-09 17:36 DenisChenu Resolution reopened => fixed
2016-11-09 17:36 DenisChenu Fixed in Version => 3.0
2016-11-21 18:46 DenisChenu Relationship added parent of 11933
2017-07-21 17:08 c_schmitz Note Added: 44142
2017-07-21 17:08 c_schmitz Status resolved => closed
2019-03-14 12:23 DenisChenu Relationship added related to 14649
2019-03-15 11:55 DenisChenu View Status private => public