View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 4
IDProjectCategoryView StatusDate SubmittedLast Update
11964Bug reportsAuthenticationpublic2016-11-29 16:072017-02-21 11:44
Reporterseancarlos Assigned ToLouisGac 
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version2.55.x 
Fixed in Version2.58.x 
Summary11964: token in Survey URL ignored when CAPTCHA is enabled; user must manually enter token
Description

If "Use CAPTCHA for survey access" is enabled and a user accesses the survey using a URL which contains their token, the token is ignored. The user is presented the capture form with the message "To participate in this restricted survey, you need a valid token.". They must then try to understand what a token is, find it in the URL, cut and paste it into the form. Easy for a technical user, impossible for a normal user :-).

Steps To Reproduce
  1. Create survey using tokens; require CAPTCHA to access survey
  2. Send invitation to a participant
  3. Use link to survey which includes token in URL to access survey
  4. Capture page will ask for a token, ignoring token in URL
Additional Information

Others have mentioned this problem in the forum and on IRC, for example https://www.limesurvey.org/irclogs/limesurvey/index.php?date=2016-11-23 but I could not find an existing bug report.

TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)2.56.1+161118
I will donate to the project if issue is resolvedYes
Browser Google Chrome 54.0.2840.100 (Official Build) (64-bit)
Database type & version260
Server OS (if known)Linux? (Dreamhost)
Webserver software & version (if known)Apache
PHP Version5.5

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2016-11-29 18:38

developer   ~42270

@LouisGac: seems you have added a function here : https://github.com/LimeSurvey/LimeSurvey/blob/master/application/helpers/frontend_helper.php#L1568

But you don't send this var to view : https://github.com/LimeSurvey/LimeSurvey/blob/master/application/helpers/frontend_helper.php#L1581
LouisGac

LouisGac

2016-12-05 10:32

developer   ~42356

good catch
LouisGac

LouisGac

2016-12-06 11:07

developer   ~42394

BTW, was olle ;-)
LouisGac

LouisGac

2016-12-06 11:10

developer   ~42396

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=21702

Related Changesets

LimeSurvey: master 6425d2a9

2016-12-06 12:09

LouisGac


Details Diff		 Fixed issue 11964: token in Survey URL ignored when CAPTCHA is enabled; user must manually enter token Affected Issues
11964
mod - application/helpers/frontend_helper.php Diff File

Issue History

Date Modified Username Field Change
2016-11-29 16:07 seancarlos New Issue
2016-11-29 18:29 DenisChenu Severity partial_block => minor
2016-11-29 18:29 DenisChenu Reproducibility have not tried => always
2016-11-29 18:38 DenisChenu Note Added: 42270
2016-11-30 13:56 c_schmitz Assigned To => LouisGac
2016-11-30 13:56 c_schmitz Status new => assigned
2016-12-05 10:32 LouisGac Note Added: 42356
2016-12-06 10:51 LouisGac Sticky Issue No => Yes
2016-12-06 11:07 LouisGac Note Added: 42394
2016-12-06 11:10 LouisGac Changeset attached => LimeSurvey master 6425d2a9
2016-12-06 11:10 LouisGac Note Added: 42396
2016-12-06 11:10 LouisGac Resolution open => fixed
2016-12-06 11:10 LouisGac Status assigned => resolved
2016-12-06 16:20 LouisGac Sticky Issue Yes => No
2017-02-21 11:44 c_schmitz Status resolved => closed
2017-02-21 11:44 c_schmitz Fixed in Version => 2.58.x