View Issue Details

IDProjectCategoryView StatusLast Update
14989Bug reports[All Projects] _ Unknownpublic2019-07-15 12:21
ReporterLimesurveyGIAL Assigned ToDenisChenu  
PrioritynoneSeverityblock 
Status resolvedResolutionduplicate 
Product Version3.17.x 
Target VersionFixed in Version3.17.x 
Summary14989: Problem can't upload file
Description

We can't upload file for question file type (no matter the type and size).

Error message : Sorry, file type (extension : ) is not allowed!

Steps To Reproduce

Upload a file for question type file

TagsNo tags attached.
Complete LimeSurvey version number (& build)Version 3.17.5+190604
I will donate to the project if issue is resolvedNo
Browser
Database & DB-Version10.2.10-MariaDB
Server OS (if known)
Webserver software & version (if known)
PHP Version7.2.2

Relationships

duplicate of 15002 closedDenisChenu Cannot upload any file type in file upload question 
child of 14708 resolvedDenisChenu Upload files question type does not actually check file type 

Activities

LimesurveyGIAL

LimesurveyGIAL

2019-06-18 09:18

reporter  

Capture.PNG (11,785 bytes)
Capture.PNG (11,785 bytes)
cdorin

cdorin

2019-06-24 16:36

manager   ~52511

The extension of your file is wrong. Not sure if I understand the name of the file. Anyway, there is no extension. Please change it accordingly.

LimesurveyGIAL

LimesurveyGIAL

2019-06-25 11:07

reporter   ~52523

Hello cdorin, I made a lot of test with different file extension .jpg .png and the problem is already present. It's a bug. See ticket of a person with the same problem: https://bugs.limesurvey.org/view.php?id=15002.

LimesurveyGIAL

LimesurveyGIAL

2019-06-25 11:07

reporter   ~52524

Hello cdorin, I made a lot of test with different file extension .jpg .png and the problem is already present. It's a bug. See ticket of a person with the same problem: https://bugs.limesurvey.org/view.php?id=15002.

DenisChenu

DenisChenu

2019-06-25 11:13

developer   ~52526

Please :

  1. Server OS
  2. Webserver software & version
  3. PHP version
  4. PHP info

Maybe something related to server issue.

DenisChenu

DenisChenu

2019-06-25 11:13

developer   ~52527

And activated debug mode too.

DenisChenu

DenisChenu

2019-06-25 12:43

developer   ~52536

PS : i think this can be ahppen if MIME is set but is invalid … or magic.mime is empty

Maybe in this case :

  1. debug>1 : throw an error
  2. Log it as error but return true (disable security check)

PS : disabling security check on a server where magic.mime is invalid still a big security issue …

LimesurveyGIAL

LimesurveyGIAL

2019-06-25 13:26

reporter   ~52540

Hello DenisChenu,

Here the informations :

  1. Server OS : Windows Server 2012R2
  2. Webserver : IIS 8
  3. PHP version : 7.2.2
  4. PHP info : See PDF

Thank you



screencapture-forms-brussels-be-index-php-2019-06-25-13_19_59-min.png (924,299 bytes)
mayrhofer01

mayrhofer01

2019-06-26 11:12

reporter   ~52560

Here is our information

  1. Server OS : SUSE Linux Enterprise Server 12 SP3
  2. Webserver : Apache/2.4.23 (Linux/SUSE)
  3. PHP version : 7.0.7
  4. PHP info : cannot be disclosed
DenisChenu

DenisChenu

2019-06-26 19:10

developer   ~52574

For quick fix, comment this part : https://github.com/LimeSurvey/LimeSurvey/blob/ff061148dcc44d9e07000276c046e82bbed737af/application/controllers/UploaderController.php#L179-L189

I can understand for Windows Server 2012R2 & IIS 8, i can test. But really not with SUSE Linux Apache …

rbaier

rbaier

2019-06-27 10:52

reporter   ~52585

Commenting L179-L189 seems to be not sufficient. We had to comment L169-L177 also (SUSE Linux Apache).
Another fix would be to replace "UploaderController.php" in LS317.5 by its antecessor from LS3.17.3.

DenisChenu

DenisChenu

2019-06-27 11:30

developer   ~52587

Commenting L169-L177 : you don't check any extension …

Then this disable extesnsion check …

I'm sure you have another issue than the windows issue …

DenisChenu

DenisChenu

2019-06-27 11:31

developer   ~52588

And since https://github.com/LimeSurvey/LimeSurvey/commit/d3eb007e64e9f17d69604440a7890f9f0b628b16#diff-3ed25382e366372eb8dcb56fba058992 is a security fix for some server or some user …

DenisChenu

DenisChenu

2019-06-27 19:27

developer   ~52601

@LimesurveyGIAL

Another question, because i just check with

  1. Windows Server 2016
  2. IIS
  3. PHP Version 7.2.12

And it work good …

When you choose a logo with fruity or vanilla : did it shown in public survey ?
Because it use same function …

Else : what is your include_path (sorry, but the file is bigger than can i look … with firefox , you can save the HTML file (update it to remove some information) and send the HTML here. Then i can search inside directly).
I search to know if i can find broken mime or not b…

See my phpinfo (i update real domain name by example)



phpinfo().html (93,725 bytes)
DenisChenu

DenisChenu

2019-06-27 19:32

developer   ~52602

@LimesurveyGal : Seems you don't have fileinfo support ?

Can you check php.ini for php_fileinfo.dll ? And uncomment ? (i don't remind to uncomment on my system …)

Windows users must include the bundled php_fileinfo.dll DLL file in php.ini to enable this extension.

https://www.php.net/manual/en/fileinfo.installation.php

DenisChenu

DenisChenu

2019-06-28 09:41

developer   ~52609

Please : check with : https://github.com/LimeSurvey/LimeSurvey/pull/1301

rbaier

rbaier

2019-06-28 10:36

reporter   ~52612

Thanks for pointing to "php7-fileinfo" !
So far, the module "php7-fileinfo" was not installed on our LimeSurvey server (SUSE Linux Apache).
It did not seem necessary before LS3.17.5.

After installation of "php7-fileinfo" file upload is now possible without any problems.

DenisChenu

DenisChenu

2019-06-28 10:46

developer   ~52615

This extension is enabled by default as of PHP 5.3.0.

:). I added it at manual https://manual.limesurvey.org/Installation_-_LimeSurvey_CE#Make_sure_you_can_use_LimeSurvey_on_your_website

Ned to be added in checker (like other common extension)

DenisChenu

DenisChenu

2019-07-15 12:21

developer   ~52880

https://github.com/LimeSurvey/LimeSurvey/commit/83e348a4fa816d3f95a5ce9ebf4f58114e76341e

Issue History

Date Modified Username Field Change
2019-06-18 09:18 LimesurveyGIAL New Issue
2019-06-18 09:18 LimesurveyGIAL File Added: Capture.PNG
2019-06-24 16:36 cdorin Assigned To => cdorin
2019-06-24 16:36 cdorin Status new => closed
2019-06-24 16:36 cdorin Resolution open => no change required
2019-06-24 16:36 cdorin Note Added: 52511
2019-06-25 11:07 LimesurveyGIAL Note Added: 52523
2019-06-25 11:07 LimesurveyGIAL Status closed => feedback
2019-06-25 11:07 LimesurveyGIAL Resolution no change required => reopened
2019-06-25 11:07 LimesurveyGIAL Note Added: 52524
2019-06-25 11:11 DenisChenu Relationship added duplicate of 15002
2019-06-25 11:12 DenisChenu Assigned To cdorin => DenisChenu
2019-06-25 11:13 DenisChenu Note Added: 52526
2019-06-25 11:13 DenisChenu Note Added: 52527
2019-06-25 12:43 DenisChenu Note Added: 52536
2019-06-25 13:26 LimesurveyGIAL File Added: screencapture-forms-brussels-be-index-php-2019-06-25-13_19_59-min.png
2019-06-25 13:26 LimesurveyGIAL Note Added: 52540
2019-06-25 13:26 LimesurveyGIAL Status feedback => assigned
2019-06-26 11:12 mayrhofer01 Note Added: 52560
2019-06-26 19:08 DenisChenu Relationship added child of 14708
2019-06-26 19:10 DenisChenu Note Added: 52574
2019-06-27 10:52 rbaier Note Added: 52585
2019-06-27 11:30 DenisChenu Note Added: 52587
2019-06-27 11:31 DenisChenu Note Added: 52588
2019-06-27 19:27 DenisChenu File Added: phpinfo().html
2019-06-27 19:27 DenisChenu Note Added: 52601
2019-06-27 19:32 DenisChenu Note Added: 52602
2019-06-28 09:41 DenisChenu Note Added: 52609
2019-06-28 10:36 rbaier Note Added: 52612
2019-06-28 10:46 DenisChenu Note Added: 52615
2019-07-15 12:21 DenisChenu Status assigned => resolved
2019-07-15 12:21 DenisChenu Resolution reopened => duplicate
2019-07-15 12:21 DenisChenu Fixed in Version => 3.17.x
2019-07-15 12:21 DenisChenu Note Added: 52880