View Issue Details

This bug affects 1 person(s).
 8
IDProjectCategoryView StatusLast Update
14291Bug reportsComfortUpdatepublic2020-12-30 19:27
ReporterMazi Assigned Toc_schmitz  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version3.14.x 
Target Version3.16.xFixed in Version3.22.13 
Summary14291: CSRF 400 server error when entering update key
Description

When adding a ComfortUpdate key for the first time I often get a "400: Falsche Anfrage. The CSRF token could not be verified." error after having entered the key, see attached screenshot.
Once you go back to the main admin page and start the updater again with the key now already being set, everything works as expected.

Steps To Reproduce

Set up an older 3.x system like 3.14.
Run the updater and enter a new ComfortUpdate key.
When saving the mentioned error shows up.

TagsNo tags attached.
Attached Files
update_error.PNG (52,781 bytes)   
update_error.PNG (52,781 bytes)   
Bug heat8
Complete LimeSurvey version number (& build)3.14.9+180917
I will donate to the project if issue is resolvedNo
BrowserChrome
Database type & versionMySQL 5.0
Server OS (if known)Debian 4.9
Webserver software & version (if known)Apache 2
PHP Version5.6.38

Users monitoring this issue

There are no users monitoring this issue.

Activities

Mazi

Mazi

2019-09-30 10:06

updater   ~53741

@cdorin, this is still an issue with the latest Version 3.17.17+190918. Can you reproduce?

Mazi

Mazi

2020-01-21 15:17

updater   ~55409

Last edited: 2020-04-14 18:11

@cdorin, I just faced the same issue with a new system when trying to update from LS4 RC 14 to LS 4.01, see screen shot. The error shows up after having entered a ComfortUpdate key for validation.
This is the full error message:
"you have an error, or a notice, inside your local installation of limesurvey. See :
{"success":false,"message":"The CSRF token could not be verified.","error":{"code":400,"type":"CHttpException","errorCode":0,"message":"The CSRF token could not be verified.","file":"\/var\/www\/vhosts\/my-system.host\/dsc.my-system.host\/ls4download\/framework\/web\/CHttpRequest.php","line":1375,"trace":"#0 \/var\/www\/vhosts\/my-system.host\/dsc.my-system.host\/ls4download\/framework\/base\/CComponent.php(561): CHttpRequest->validateCsrfToken(Object(CEvent))\n#1 \/var\/www\/vhosts\/my-system.host\/dsc.my-system.host\/ls4download\/framework\/base\/CApplication.php(212): CComponent->raiseEvent('onbeginrequest', Object(CEvent))\n#2 \/var\/www\/vhosts\/my-system.host\/dsc.my-system.host\/ls4download\/framework\/base\/CApplication.php(183): CApplication->onBeginRequest(Object(CEvent))\n#3 \/var\/www\/vhosts\/my-system.host\/dsc.my-system.host\/ls4download\/index.php(195): CApplication->run()\n#4 {main}","traces":[{"file":"\/var\/www\/vhosts\/my-system.host\/dsc.my-system.host\/ls4download\/framework\/base\/CComponent.php","line":561,"function":"validateCsrfToken","class":"CHttpRequest","type":"->","args":[{"sender":{"defaultController":"surveys","layout":"main","controllerMap":[],"catchAllRequest":null,"controllerNamespace":null,"name":"LimeSurvey","charset":"UTF-8","sourceLanguage":"en_us","localeClass":"LSYii_Locale","preload":["log"],"behaviors":[]},"handled":false,"params":null}]},{"file":"\/var\/www\/vhosts\/my-system.host\/dsc.my-system.host\/ls4download\/framework\/base\/CApplication.php","line":212,"function":"raiseEvent","class":"CComponent","type":"->","args":["onbeginrequest",{"sender":{"defaultController":"surveys","layout":"main","controllerMap":[],"catchAllRequest":null,"controllerNamespace":null,"name":"LimeSurvey","charset":"UTF-8","sourceLanguage":"en_us","localeClass":"LSYii_Locale","preload":["log"],"behaviors":[]},"handled":false,"params":null}]},{"file":"\/var\/www\/vhosts\/my-system.host\/dsc.my-system.host\/ls4download\/framework\/base\/CApplication.php","line":183,"function":"onBeginRequest","class":"CApplication","type":"->","args":[{"sender":{"defaultController":"surveys","layout":"main","controllerMap":[],"catchAllRequest":null,"controllerNamespace":null,"name":"LimeSurvey","charset":"UTF-8","sourceLanguage":"en_us","localeClass":"LSYii_Locale","preload":["log"],"behaviors":[]},"handled":false,"params":null}]},{"file":"\/var\/www\/vhosts\/my-system.host\/dsc.my-system.host\/ls4download\/index.php","line":195,"function":"run","class":"CApplication","type":"->","args":[]}]}}"

Please also assign this ticket to someone else since Louis has left.

image.png (213,896 bytes)
Mazi

Mazi

2020-04-06 14:39

updater   ~56975

Last edited: 2020-04-14 18:11

This is still an issue at latest 3.22.12 version.

c_schmitz

c_schmitz

2020-04-09 19:42

administrator   ~57061

Last edited: 2020-04-14 18:11

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=29821

lime_release_bot

lime_release_bot

2020-04-14 12:53

administrator   ~57118

Last edited: 2020-04-14 18:11

Fixed in Release 4.1.17+200414

cdorin

cdorin

2020-12-30 19:27

reporter   ~61363

fixed in 4.4.0 rc1

Related Changesets

LimeSurvey: master 3a6182ad

2020-04-09 19:41:35

c_schmitz

Details Diff
Fixed issue 14291: CSRF 400 server error after entering update key Affected Issues
14291
mod - application/views/admin/update/_ajaxVariables.php Diff File
mod - assets/scripts/admin/comfortupdate/buildComfortButtons.js Diff File
mod - assets/scripts/admin/comfortupdate/displayComfortStep.js Diff File

Issue History

Date Modified Username Field Change
2018-11-27 10:31 Mazi New Issue
2018-11-27 10:31 Mazi Status new => assigned
2018-11-27 10:31 Mazi Assigned To => LouisGac
2018-11-27 10:31 Mazi File Added: update_error.PNG
2019-09-30 10:06 Mazi Note Added: 53741
2020-01-21 15:17 Mazi File Added: image.png
2020-01-21 15:17 Mazi Note Added: 55409
2020-01-21 15:17 Mazi Note Edited: 55409
2020-03-14 16:26 c_schmitz Assigned To LouisGac =>
2020-03-14 16:26 c_schmitz Status assigned => new
2020-03-16 18:22 cdorin Priority none => normal
2020-03-16 18:22 cdorin Status new => confirmed
2020-03-16 18:22 cdorin Description Updated
2020-03-16 18:22 cdorin Steps to Reproduce Updated
2020-03-30 22:28 cdorin Zoho Sprints => |Yes|
2020-03-30 22:28 swendrich Zoho Sprints ID => 14469000000018073
2020-04-06 14:39 Mazi Note Added: 56975
2020-04-09 19:42 c_schmitz Changeset attached => LimeSurvey master 3a6182ad
2020-04-09 19:42 c_schmitz Note Added: 57061
2020-04-09 19:42 c_schmitz Assigned To => c_schmitz
2020-04-09 19:42 c_schmitz Resolution open => fixed
2020-04-09 19:44 c_schmitz Status confirmed => resolved
2020-04-09 19:44 c_schmitz Fixed in Version => 3.22.13
2020-04-14 12:53 lime_release_bot Zoho Sprints Yes => |Yes|
2020-04-14 12:53 lime_release_bot Note Added: 57118
2020-04-14 12:53 lime_release_bot Status resolved => closed
2020-04-14 18:10 swendrich Zoho Sprints Yes => |Yes|
2020-04-14 18:10 swendrich Status closed => resolved
2020-04-14 18:11 swendrich Zoho Sprints Yes => |Yes|
2020-12-30 19:27 cdorin Note Added: 61363
2020-12-30 19:27 cdorin Status resolved => closed