14221: No XSS control when delete a token - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

252

ID	Project	Category	View Status	Date Submitted	Last Update

14221	Bug reports	Security	public	2018-11-06 22:49	2019-04-30 09:10

Reporter	DenisChenu	Assigned To	DenisChenu
Priority	none	Severity	minor
Status	closed	Resolution	fixed
Fixed in Version	3.15.x

Summary	14221: No XSS control when delete a token
Description	No CRSF control when deleting token : action is done only with GET param
Steps To Reproduce	On a survey, generate token (dummy) Depend on your link : replace /sa/browse/surveyid/{$surveyid} by /sa/deleteToken/sid/{$surveyid}/sItem/3 on another tab see white page Reload token list : token #3 disappear
Additional Information	This link can be everywhere : for reminder : all DB action must be CRSF controlled : only done with POST value
Tags	No tags attached.

Bug heat	252
Complete LimeSurvey version number (& build)	3.15.1 github
I will donate to the project if issue is resolved	No
Browser	not relevant
Database type & version	not relevant
Server OS (if known)	not relevant
Webserver software & version (if known)	not relevant
PHP Version	not relevant

User List	There are no users monitoring this issue.

DenisChenu 2018-11-11 19:08 developer ~49603	https://github.com/LimeSurvey/LimeSurvey/pull/1166

DenisChenu 2018-11-12 17:20 developer ~49618	Fix committed to master_fixDeleteResponse_urlget branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=28506

DenisChenu 2018-11-13 16:08 developer ~49631	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=28517

LimeSurvey: master_fixDeleteResponse_urlget ca51587e 2018-11-11 20:08 DenisChenu Details Diff	Fixed issue 14221: No XSS control when delete a token Dev: use POST for deletion in CButton Dev: todo : filter particpant Dev: todo : remove old buttons Dev: todo : move confirmGridAction to adminbasic	Affected Issues 14221
	mod - application/controllers/admin/participantsaction.php	Diff File
	mod - application/controllers/admin/responses.php	Diff File
	mod - application/controllers/admin/tokens.php	Diff File
	mod - application/models/SurveyDynamic.php	Diff File
	mod - application/models/TokenDynamic.php	Diff File
	mod - application/views/admin/responses/listResponses_view.php	Diff File
	mod - assets/packages/adminbasics/build/adminbasics.css	Diff File
	mod - assets/packages/adminbasics/build/adminbasics.min.css	Diff File
	mod - assets/packages/adminbasics/scss/grid.scss	Diff File
	mod - assets/scripts/admin/listresponse.js	Diff File
	mod - assets/scripts/admin/tokens.js	Diff File
LimeSurvey: master eee87c82 2018-11-13 17:08 DenisChenu Committer: GitHub Details Diff	Fixed issue 14222: When deleting a single response : all page is reloaded and current filter lost Fixed issue 14221: [security] No XSS control when delete a token	Affected Issues 14221, 14222
	mod - application/controllers/admin/participantsaction.php	Diff File
	mod - application/controllers/admin/responses.php	Diff File
	mod - application/controllers/admin/tokens.php	Diff File
	mod - application/helpers/admin/ajax_helper.php	Diff File
	mod - application/models/Participant.php	Diff File
	mod - application/models/SurveyDynamic.php	Diff File
	mod - application/models/TokenDynamic.php	Diff File
	mod - application/views/admin/participants/displayParticipants_view.php	Diff File
	mod - application/views/admin/responses/listResponses_view.php	Diff File
	mod - assets/packages/adminbasics/build/adminbasics.css	Diff File
	mod - assets/packages/adminbasics/build/adminbasics.debug.js	Diff File
	mod - assets/packages/adminbasics/build/adminbasics.js	Diff File
	mod - assets/packages/adminbasics/build/adminbasics.min.css	Diff File
	mod - assets/packages/adminbasics/build/adminbasics.min.js	Diff File
	add - assets/packages/adminbasics/scss/grid.scss	Diff File
	mod - assets/packages/adminbasics/scss/main.scss	Diff File
	mod - assets/packages/adminbasics/src/adminbasicsmain.js	Diff File
	add - assets/packages/adminbasics/src/components/gridAction.js	Diff File
	mod - assets/scripts/admin/tokens.js	Diff File

Date Modified	Username	Field	Change
2018-11-06 22:49	DenisChenu	New Issue
2018-11-06 22:49	DenisChenu	Relationship added	related to 14219
2018-11-06 22:55	DenisChenu	Relationship added	related to 14222
2018-11-09 19:24	DenisChenu	Assigned To	=> DenisChenu
2018-11-09 19:24	DenisChenu	Status	new => assigned
2018-11-11 19:08	DenisChenu	Note Added: 49603
2018-11-12 17:20	DenisChenu	Changeset attached	=> LimeSurvey master_fixDeleteResponse_urlget ca51587e
2018-11-12 17:20	DenisChenu	Note Added: 49618
2018-11-12 17:20	DenisChenu	Resolution	open => fixed
2018-11-13 16:08	DenisChenu	Changeset attached	=> LimeSurvey master eee87c82
2018-11-13 16:08	DenisChenu	Note Added: 49631
2018-11-15 12:58	DenisChenu	Status	assigned => resolved
2018-11-15 12:58	DenisChenu	Fixed in Version	=> 3.15.x
2019-04-30 09:10	c_schmitz	Status	resolved => closed

View Issue Details

Relationships

Users monitoring this issue

Activities

Related Changesets

Issue History

related to	14219	closed	DenisChenu	Unable to quick delete reponse with urlFormat to get
related to	14222	closed	DenisChenu	When deleting a single response : all page is reloaded and current filter lost