View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
11090Bug reportsSurvey participants (Tokens)public2016-04-30 11:192016-05-17 16:04
Reportermadflow Assigned Toc_schmitz  
PrioritynoneSeveritypartial_block 
Status closedResolutionfixed 
Product Version2.06+ 
Fixed in Version2.50.x 
Summary11090: Import sanitizes Tokens / Manual Entry does not
Description

If you create a token via the web interface, tokens like 'kb2n#t8i%po%qp' are valid.

If you import these tokens, they are sanitized with

Token::sanitizeToken($token)
// http://tinyurl.com/gn4lomf

and result in 'kb2nt8ipoqp' in the database. The user is not informed about this and there obviously the software yields different results how the user creates these token.

The expected behaviour is:

Preferred: Never sanititze! Just define a min/max length. There are use cases where the tokens are handed out to the participants and not emailed to them.

Szenario 1: Treat "invalid" tokens always the same (web interface, import) do not allow invalid tokens.

Szenario 2: Always sanitize the tokens - but inform the user.

Steps To Reproduce

Create the the token above via the webinterface or import it.

TagsNo tags attached.
Bug heat6
Complete LimeSurvey version number (& build)master
I will donate to the project if issue is resolvedNo
BrowserALL
Database type & versionALL
Server OS (if known)ALL
Webserver software & version (if known)ALL
PHP VersionALL

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2016-04-30 16:03

developer   ~38033

Hi, there are a bug + a feature request here. No ?
madflow

madflow

2016-04-30 17:02

reporter   ~38059

Last edited: 2016-04-30 17:02

@DenisChenu

Thanks for getting back to me on this. Well - I guess that they are treated differently and there is no info for the user is a bug.

The "Preferred" szenario is a feature request.

In my opinion there is no use in fixing a bug, that fosters "wrong" behaviour.
c_schmitz

c_schmitz

2016-05-17 16:04

administrator   ~38638

This is resolved in the latest version so it works consistently.
Allowed characters are [0-9][a-z][A-Z][_~]

Issue History

Date Modified Username Field Change
2016-04-30 11:19 madflow New Issue
2016-04-30 16:03 DenisChenu Note Added: 38033
2016-04-30 17:02 madflow Note Added: 38059
2016-04-30 17:02 madflow Note Edited: 38059
2016-05-17 16:04 c_schmitz Note Added: 38638
2016-05-17 16:04 c_schmitz Status new => closed
2016-05-17 16:04 c_schmitz Assigned To => c_schmitz
2016-05-17 16:04 c_schmitz Resolution open => fixed
2016-05-17 16:04 c_schmitz Fixed in Version => 2.5
2016-12-08 10:39 c_schmitz Category Tokens => Survey participants (Tokens)