View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 4
IDProjectCategoryView StatusDate SubmittedLast Update
12254Bug reportsSurvey editingpublic2017-04-04 09:432017-05-22 17:39
ReporterDenisChenu Assigned Toc_schmitz  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Fixed in Version2.64.x 
Summary12254: CRSF issue on admion after testing a survey
Description

We have CRSF issue on admin part after testing a survey.

Steps To Reproduce

One example :

  1. Open a window on 'Browse response'
  2. Open a window on "Survey view"
  3. Launch a new test
  4. This open a new window, where you can do the survey
  5. Come back to 'Browse response'
  6. Try filter or oprder
  7. => Throw a CRSF issue
Additional Information

Child of https://github.com/LimeSurvey/LimeSurvey/commit/e30261b309fb361116dc880ce65cf8eaeaa72758

Maybe regenerateCSRFToken on resetAllSessionVariables [*] only if

  • User are not an admin (because then : CRSF already regenerated when log in)

I think some public user open multiple windows too, with this fix : public user see CRSF issue a lot more : i think we MUST improve error page .... see https://github.com/LimeSurvey/LimeSurvey/pull/605

*https://github.com/LimeSurvey/LimeSurvey/commit/e30261b309fb361116dc880ce65cf8eaeaa72758#diff-4f4265af29f654380fbda47407b84a09L1658

TagsNo tags attached.
Attached Files
Capture du 2017-04-04 09-40-45.png (81,739 bytes)   
Capture du 2017-04-04 09-40-45.png (81,739 bytes)   
Bug heat4
Complete LimeSurvey version number (& build)2.64.3
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2017-04-04 09:44

developer   ~43377

Last edited: 2017-04-04 09:45

There are a lot of other situation where an admin can open a form + a new survey.

Example "Welcome page construction improvement"

  • Open survey edit text
  • Click on test survey to see welcome page
  • Update welcome text and try to submit
c_schmitz

c_schmitz

2017-04-04 10:54

administrator   ~43380

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=22566
DenisChenu

DenisChenu

2017-04-04 11:04

developer   ~43381

Thanks :), but still a good idea to regenerate CRSF for public , no ?
c_schmitz

c_schmitz

2017-05-22 17:39

administrator   ~43679

Release 2.65.1 Build 170522

Related Changesets

LimeSurvey: master 21cec15d

2017-04-04 10:54:38

c_schmitz

Details Diff 		Fixed issue 12254: CSRF issue in admin after testing a survey Affected Issues
12254
mod - application/helpers/frontend_helper.php Diff File

Issue History

Date Modified Username Field Change
2017-04-04 09:43 DenisChenu New Issue
2017-04-04 09:43 DenisChenu Status new => assigned
2017-04-04 09:43 DenisChenu Assigned To => c_schmitz
2017-04-04 09:43 DenisChenu File Added: Capture du 2017-04-04 09-40-45.png
2017-04-04 09:44 DenisChenu Note Added: 43377
2017-04-04 09:45 DenisChenu Note Edited: 43377
2017-04-04 10:54 c_schmitz Changeset attached => LimeSurvey master 21cec15d
2017-04-04 10:54 c_schmitz Note Added: 43380
2017-04-04 10:54 c_schmitz Resolution open => fixed
2017-04-04 10:58 c_schmitz Status assigned => resolved
2017-04-04 10:58 c_schmitz Fixed in Version => 2.64.x
2017-04-04 11:04 DenisChenu Note Added: 43381
2017-05-22 17:39 c_schmitz Note Added: 43679
2017-05-22 17:39 c_schmitz Status resolved => closed
2019-11-01 17:25 c_schmitz Category Survey design => Survey editing