12279: Folder permissions for uploading images into surveys

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

12279	Bug reports	Data Entry (non public)	public	2017-04-22 20:55	2017-09-21 15:05

Reporter	jeskiv	Assigned To	DenisChenu
Priority	none	Severity	minor
Status	closed	Resolution	fixed
Product Version	2.63.x
Fixed in Version	2.67.x

Summary	12279: Folder permissions for uploading images into surveys
Description	I had problems with uploading images into surveys (Edit question and from the WYSIWYG editor choose the image logo and then click "Browse server" which takes you to the KCFinder uploader). I was able to find a solution to the problems, but since I am not sure if it is a server issue or a bug, I was requested in limesurvey forum to post it as a bug: I was able to upload images to the server, but they would not show in the survey. I found out that this was due to KCFinder adds a .htaccess-file into the new upload/SURVEYID-folder it creates. By editing the third_party/kcfinder/conf/config.php and changing '_check4htaccess' to false I was able to prevent it from creating those .htaccess-files. KCFinder created the folder only with full owner permissions, no permissions for group or user. It was supposed to be 0755, but it actually created 0700-permissions. I found out that this was due to wrong umask-setting, and I was able to fix the issue by adding into the file third_party/kcfinder/core/class/uploader.php around the mkdir() commands (found at least in lines 285 and 306) the reset for umask: $old = umask(0); mkdir(); umask($old); After those lines the KCFinder creates the folder permissions correctly and viewing files works in surveys. I am running version 2.63.1 (build 170305) with Apache/2.2.22 (Debian), PHP Version 5.4.45-0+deb7u6 and PostgreSQL. I also tried to test this in Demo.limesurvey.org, but it throws error "You don't have permissions to browse server." when I click "Browse server". Although, it doesn't seem to be running the latest version either (its 2.64.0 atm).
Tags	No tags attached.

Bug heat	6
Complete LimeSurvey version number (& build)	2.63.1 (build 170305)
I will donate to the project if issue is resolved	No
Browser
Database type & version	PostgreSQL
Server OS (if known)	Debian
Webserver software & version (if known)	Apache/2.2.22
PHP Version	5.4.45-0

User List	There are no users monitoring this issue.

blocka 2017-09-07 03:53 reporter ~44399	I also just encountered this issue: "You don't have permissions to browse server". To resolve, I changed line 24 of /third_party/kcfinder/conf/config.php from: 'disabled' => true, to 'disabled' => false, And this resolved the issue. But I think this opens a security hole, so I'm not keen to do that. Running LS 2.67.3 v170728

blocka 2017-09-07 04:28 reporter ~44400	Okay, on more testing I have found steps to recreate issue (and interesting behaviour to work around issue): With line 24 of /third_party/kcfinder/conf/config.php set to => true I login to admin and go directly to survey->participants->invitations & reminders->Send email invitations Click image icon in editor, and then try to browse server -- I get the error "You don't have permissions to browse server" I return to survey summary page I select Survey properties->Email templates I click image icon in editor, and then try to browse server -- I am able to do this without an error I return to survey->participants->invitations & reminders->Send email invitations I click image icon in editor, and then try to browse server -- I am now able to do this without an error So it seems that if I go directly to Survey->participants->invitations & reminders->Send email invitations after login and try to browse server to upload image, that something must not be set and thus I cannot browse server.

DenisChenu 2017-09-08 12:05 developer ~44403	Confirm blocka issue (and find fix). At jeskiv : same issue or another one ?

DenisChenu 2017-09-08 12:15 developer ~44404	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=23852

DenisChenu 2017-09-08 12:16 developer ~44405	@jeskiv : please : see if this fix the issue. If yes, can close.

DenisChenu 2017-09-08 12:25 developer ~44406	PS : about umask : mkdir($this->config['uploadDir'], $this->config['dirPerms']); and third_party/kcfinder/conf/config.php: 'dirPerms' => 0755, Then : i think it's a server issue: http://php.net/manual/en/function.mkdir.php Your server use a bad umask. Fix it in your server You can do it in your config.php file , just add umask (0); at start. We CAN NOT add it for all server : because some server need umask at 020 for example .

blocka 2017-09-08 13:56 reporter ~44407	I've tested, and can confirm that the patch to tokens.php it has resolved the issue for me.

c_schmitz 2017-09-21 15:05 administrator ~44435	Version 2.70.0 released

LimeSurvey: master efd9d654 2017-09-08 12:15:47 DenisChenu Details Diff	Fixed issue 12279 : Unable to upload image when send invitation Dev: quick fix (copy/paste) Dev: unsure it's fix original issue, but fix comment		Affected Issues 12279
	mod - application/controllers/admin/tokens.php		Diff File

Date Modified	Username	Field	Change
2017-04-22 20:55	jeskiv	New Issue
2017-09-07 03:53	blocka	Note Added: 44399
2017-09-07 04:28	blocka	Note Added: 44400
2017-09-08 12:05	DenisChenu	Note Added: 44403
2017-09-08 12:15	DenisChenu	Changeset attached	=> LimeSurvey master efd9d654
2017-09-08 12:15	DenisChenu	Note Added: 44404
2017-09-08 12:15	DenisChenu	Assigned To	=> DenisChenu
2017-09-08 12:15	DenisChenu	Resolution	open => fixed
2017-09-08 12:16	DenisChenu	Status	new => feedback
2017-09-08 12:16	DenisChenu	Note Added: 44405
2017-09-08 12:25	DenisChenu	Note Added: 44406
2017-09-08 13:56	blocka	Note Added: 44407
2017-09-12 17:37	DenisChenu	Status	feedback => resolved
2017-09-12 17:37	DenisChenu	Fixed in Version	=> 2.67.x
2017-09-21 15:05	c_schmitz	Note Added: 44435
2017-09-21 15:05	c_schmitz	Status	resolved => closed

View Issue Details

Users monitoring this issue

Activities

Related Changesets

Issue History