View Issue Details

IDProjectCategoryView StatusLast Update
15507Bug reports[All Projects] Survey takingpublic2019-11-13 13:29
ReporterGuernseyResearch Assigned To 
PrioritynoneSeveritymajor 
Status newResolutionopen 
Product Version3.19.2 
Target VersionFixed in Version 
Summary15507: Cannot upload file (Note: LS 3.19.3 )
Description

Error when attempting to upload a file into an active survey. New install on a new server.

Steps To Reproduce

New install of LS 3.19.3 on a new file server running PHP Version 7.3.9 with file support enabled.
Used a previous survey and have added a NEW question to be sure the question itself was not corrupt.

active survey to test:
https://grquestions.com/ask/index.php/831819?lang=en

enter "YES", and "VERY well" to bypass the first two questions to get to the upload question. I have added a Test question. At first I allow all standard extensions, but have now set it so that only allows png file entry. It will properly report incorrect extension, but will not upload files with the proper extension. Error reported is:

"Sorry, unable to check extension of this file type %s."

This then blocks the survey from moving further.

TagsNo tags attached.
Complete LimeSurvey version number (& build) LimeSurvey Version 3.19.3+191023
I will donate to the project if issue is resolvedNo
BrowserFirefox, but tried others
Database & DB-Version mysql 5.0.12
Server OS (if known) Apache/2.4.41
Webserver software & version (if known)
PHP Version7.3.9

Activities

Mazi

Mazi

2019-11-01 09:13

partner   ~54303

Is that system running a Linux or Microsoft OS?

It sounds similar to https://bugs.limesurvey.org/view.php?id=15331

GuernseyResearch

GuernseyResearch

2019-11-01 14:11

reporter   ~54323

Linux system. I cannot access above link.
Reviewed similar bug reports and checked files and loaded extensions.

cdorin

cdorin

2019-11-03 16:05

manager   ~54351

Can't reproduce it on my system. The only difference is the php version (i use 7.3.8)

GuernseyResearch

GuernseyResearch

2019-11-04 18:57

reporter   ~54393

I did a complete fresh install from a fresh download and used a new database. I set ALL files and directories to 777 to ensure there was no permissions problem. It fails with PHP 7.3.9

This was working fine with 7.3.4. We are going to see if we can back off the PHP to the previous version and test again.

DenisChenu

DenisChenu

2019-11-05 07:03

developer   ~54394

Last edited: 2019-11-05 07:03

View 2 revisions

@cdorin : a workaround bug for all of ths bug can be adding a php, config security_check_filetype to true by default. But if user need it … he can disable it.

PS : assign this one to me if you want this workaround fix …

GuernseyResearch

GuernseyResearch

2019-11-05 19:56

reporter   ~54414

OK - we have determined this is a security issue with the new server. This is documented in issue 14621 which you are working on.

We are operational, but feel this security issue needs to be resolved. Can you please notify us when an update that fixes this is available?

GuernseyResearch

GuernseyResearch

2019-11-05 19:56

reporter   ~54415

You may close this ticket

Mazi

Mazi

2019-11-05 21:56

partner   ~54416

@GuernseyResearch, what exact security issue or setting are you referring to?

DenisChenu

DenisChenu

2019-11-06 12:04

developer   ~54424

@GuernseyResearch : i'm interested too why https://bugs.limesurvey.org/view.php?id=14621 can fix some information ?

GuernseyResearch

GuernseyResearch

2019-11-06 17:20

reporter   ~54444

In moving to our new server we enabled more security for our mail and website. It appears that Limesurvey needs access to files outside its space and that causes the file upload to fail.
• The fix was to remove the PHP open-basedir setting, and also remove the upload_tmp_dir setting
• Even if upload_tmp_dir was set below open_basedir the upload still failed

Our Limesurvey (version 3 and beta 4) are now working, but the server does not have the currently recommended enhanced security.

DenisChenu

DenisChenu

2019-11-06 17:30

developer   ~54445

Limesurvey needs access to files outside its space

Not really , upload_tmp_dir maybe …

GuernseyResearch

GuernseyResearch

2019-11-06 17:36

reporter   ~54447

even if I set the permissions to EVERY file and directory within the /limesurvey directory to 777 the upload would fail.

Issue History

Date Modified Username Field Change
2019-10-31 21:18 GuernseyResearch New Issue
2019-11-01 09:13 Mazi Note Added: 54303
2019-11-01 14:11 GuernseyResearch Note Added: 54323
2019-11-03 16:05 cdorin Note Added: 54351
2019-11-04 18:57 GuernseyResearch Note Added: 54393
2019-11-05 07:03 DenisChenu Note Added: 54394
2019-11-05 07:03 DenisChenu Note Edited: 54394 View Revisions
2019-11-05 19:56 GuernseyResearch Note Added: 54414
2019-11-05 19:56 GuernseyResearch Note Added: 54415
2019-11-05 21:56 Mazi Note Added: 54416
2019-11-06 12:04 DenisChenu Note Added: 54424
2019-11-06 17:20 GuernseyResearch Note Added: 54444
2019-11-06 17:30 DenisChenu Note Added: 54445
2019-11-06 17:36 GuernseyResearch Note Added: 54447