View Issue Details

This bug affects 1 person(s).
 4
IDProjectCategoryView StatusLast Update
14681Bug reportsImport/Exportpublic2020-03-02 16:58
Reporterdatamunger Assigned To 
PrioritynoneSeverityminor 
Status closedResolutionopen 
Product Version3.15.x 
Summary14681: Attribute values beginning with a "<"-sign are omitted during SPSS export
Description

When using the functionality SPSS-export to export survey results, attributes are usually exported as string variables. If the string begins with a "<" (less-than) sign, the result is omitted for that case.

Steps To Reproduce

Create a survey with participant list, assign an attribute, give the attribute a string value beginning with "<", fill in the surveys, then export the responses for SPSS.

The .dat file will have empty cells where the "<" should be, and the resulting .sav file will show these cells as missing values.

TagsNo tags attached.
Attached Files
Bug heat4
Complete LimeSurvey version number (& build)3.15.6+190108
I will donate to the project if issue is resolvedNo
Browserall browsers
Database type & versionunknown
Server OS (if known)
Webserver software & version (if known)
PHP Versionunknown

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2019-03-26 09:50

developer   ~51128

Usage of < in HTML is a bad idea : use &lt;

datamunger

datamunger

2019-03-27 15:21

reporter   ~51174

Thanks for the tip, @DenisChenu! I will be sure to pay attention to this.

But isn't part of the purpose of the Limesurvey Backend to transform "normal" user input into HTML Code?

As in, if I enter the character "<" into any web form as an end user, it should be transformed into as < for all intents and purposes, because that's the correct way to express the character in code.
If LimeSurvey doesn't do this transformation, which is a bug.

datamunger

datamunger

2019-03-27 15:39

reporter   ~51175

Case in point - it should be transformed into [html]<[/html]

datamunger

datamunger

2019-03-27 15:41

reporter   ~51176

[code]<[/code]

datamunger

datamunger

2019-03-27 15:42

reporter   ~51177

I give up. Any instructions on how to format, edit or delete notes in this board?

DenisChenu

DenisChenu

2019-03-27 16:04

developer   ~51178

But isn't part of the purpose of the Limesurvey Backend to transform "normal" user input into HTML Code?

Use a non super-admin account user : XSS security fix this.
I have a Feature request somewhere to enable XSS security for super-admin too.

datamunger

datamunger

2019-04-01 08:49

reporter   ~51231

OK, now that I understand that it is tied to the super-admin user, it actually makes more sense, thank you.
Could you point me towards your feature request? I can't seem to find by searching for "XSS" or "super-admin" it in the tracker.

datamunger

datamunger

2019-04-01 11:45

reporter   ~51235

So I've been tinkering with some dummy data, and it doesn't seem like we've really found the root of the problem yet.

I used a non-super-administrator account (actually I don't even have a super-admin account) and the problem remains. Any other ideas what could be the cause?

DenisChenu

DenisChenu

2019-04-01 11:49

developer   ~51236

You set answer to &lt; and it's don't fix the issue ? Let me check

datamunger

datamunger

2019-04-01 11:52

reporter   ~51237

Sorry, I wasn't clear. I was referring to this:

"But isn't part of the purpose of the Limesurvey Backend to transform "normal" user input into HTML Code?"
"Use a non super-admin account user : XSS security fix this."

I thought with a non super-admin, I would be able to use "<" normally, or did I misunderstand?

DenisChenu

DenisChenu

2019-04-01 11:56

developer   ~51238

Seems OK ? Else : please send an lss and the syntax file

survey_598327_SPSS_data_file.dat (57 bytes)   
'1','01-01-1980 00:00:00','1','en','1926246443','A2',
survey_598327_SPSS_syntax_file.sps (969 bytes)   
*$Rev: 121017 $ all 2.
SET UNICODE=ON.
SHOW LOCALE.
PRESERVE LOCALE.
SET LOCALE='en_UK'.
GET DATA
 /TYPE=TXT
 /FILE='survey_598327_SPSS_data_file.dat'
 /DELCASE=LINE
 /DELIMITERS=","
 /QUALIFIER="'"
 /ARRANGEMENT=DELIMITED
 /FIRSTCASE=1
 /IMPORTCASE=ALL
 /VARIABLES=
 V1 F7
 V2 DATETIME23.2
 V3 F7
 V4 A20
 V5 A31
 V6 A2.
CACHE.
EXECUTE.
*Define Variable Properties.
VARIABLE LABELS V1 "id".
VARIABLE LABELS V2 "submitdate".
VARIABLE LABELS V3 "lastpage".
VARIABLE LABELS V4 "startlanguage".
VARIABLE LABELS V5 "Seed".
VARIABLE LABELS V6 "A first example question. Please answer this question:".
*Define Value labels.
VALUE LABELS  V6
 "A1" "< 1"
 "A2" "< 10"
 "A3" "< 100"
 "A4" "< 1000".
RENAME VARIABLE ( V1 = id ).
RENAME VARIABLE ( V2 = submitdate ).
RENAME VARIABLE ( V3 = lastpage ).
RENAME VARIABLE ( V4 = startlanguage ).
* Variable name was incorrect and was changed from  to q_ .
RENAME VARIABLE ( V5 = q_ ).
RENAME VARIABLE ( V6 = Q00 ).
RESTORE LOCALE.
DenisChenu

DenisChenu

2019-04-01 12:07

developer   ~51241

Last edited: 2019-04-01 12:07

You don't misunderstand, and just check with XSS security to ON and a non super-admin user < 10 is set to &lt; 10

datamunger

datamunger

2019-04-01 14:42

reporter   ~51244

OK, thanks!

This doesn't work for older surveys, but I sucessfully tested it with a dummy survey with my own account and will instruct my colleagues to test it with their accounts as well.

datamunger

datamunger

2019-04-01 15:10

reporter   ~51245

We'll be working with <code><</code> from now on, but thanks again for the input.
Please let me know if you can find the feature request for XSS-security for super-administrators.

datamunger

datamunger

2019-04-01 15:12

reporter   ~51246

We'll be working with your suggestion to substitute &lt;

Issue History

Date Modified Username Field Change
2019-03-22 17:56 datamunger New Issue
2019-03-22 17:56 datamunger Issue generated from: 14311
2019-03-26 09:50 DenisChenu Note Added: 51128
2019-03-27 15:21 datamunger Note Added: 51174
2019-03-27 15:39 datamunger Note Added: 51175
2019-03-27 15:41 datamunger Note Added: 51176
2019-03-27 15:42 datamunger Note Added: 51177
2019-03-27 16:04 DenisChenu Note Added: 51178
2019-04-01 08:49 datamunger Note Added: 51231
2019-04-01 11:45 datamunger Note Added: 51235
2019-04-01 11:49 DenisChenu Note Added: 51236
2019-04-01 11:52 datamunger Note Added: 51237
2019-04-01 11:56 DenisChenu File Added: limesurvey_survey_598327.lss
2019-04-01 11:56 DenisChenu File Added: survey_598327_SPSS_data_file.dat
2019-04-01 11:56 DenisChenu File Added: survey_598327_SPSS_syntax_file.sps
2019-04-01 11:56 DenisChenu Note Added: 51238
2019-04-01 11:56 DenisChenu Severity partial_block => minor
2019-04-01 12:07 DenisChenu Note Added: 51241
2019-04-01 12:07 DenisChenu Note Edited: 51241
2019-04-01 14:42 datamunger Note Added: 51244
2019-04-01 15:10 datamunger Note Added: 51245
2019-04-01 15:12 datamunger Note Added: 51246
2020-03-02 16:58 c_schmitz Status new => closed