View Issue Details

This bug affects 1 person(s).
 252
IDProjectCategoryView StatusLast Update
15693Feature requestsSecuritypublic2021-03-07 21:55
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynoneSeverityfeature 
Status closedResolutionfixed 
Fixed in Version4.x.x 
Summary15693: Allow simple user to update script with XSS enable
DescriptionBy default : question->script **must** be disabled for simple user if XSS is enable.
Then it can be great to allow question->script even if XSS is enable for this user.
Additional Informationhttps://github.com/LimeSurvey/LimeSurvey/pull/1358
TagsNo tags attached.
Bug heat252

Relationships

related to 15690 closedDenisChenu Bug reports User with XSS enable can add/update scripts 
related to 15096 closedDenisChenu Feature requests XSS for super-admin too 
related to 15702 assignedDenisChenu Bug reports Script text field should be read-only when user is not allowed to add scripts 
related to 17028 closedDenisChenu Bug reports Script are not saved 

Users monitoring this issue

User List There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2020-01-07 17:30

developer   ~55141

And if we can disallow XSS for superadmin too : we need to allow question->script ONLY for superadmin too … : need another feature request ?
DenisChenu

DenisChenu

2020-01-13 09:12

developer   ~55216

https://github.com/LimeSurvey/LimeSurvey/pull/1366/files
DenisChenu

DenisChenu

2020-01-13 09:13

developer  

DenisChenu

DenisChenu

2020-01-17 17:43

developer   ~55368

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=29408
DenisChenu

DenisChenu

2020-01-17 17:45

developer   ~55369

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=29409
DenisChenu

DenisChenu

2020-01-17 17:52

developer   ~55370

https://github.com/LimeSurvey/LimeSurvey/pull/1372
DenisChenu

DenisChenu

2020-01-22 09:47

developer   ~55425

PS : need this before https://bugs.limesurvey.org/view.php?id=15096
DenisChenu

DenisChenu

2020-01-28 15:02

developer   ~55498

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=29460

Related Changesets

LimeSurvey: master 96c06a9d

2020-01-17 17:43:00

DenisChenu

Details Diff
New feature 15693: Allow simple user to update script with XSS enable
Dec: add the settings and use it
Affected Issues
15693
mod - application/config/config-defaults.php Diff File
mod - application/core/LSWebUser.php Diff File
mod - application/views/admin/globalsettings/_security.php Diff File

LimeSurvey: master 97d8e349

2020-01-17 17:44:55

DenisChenu

Details Diff
Revert "New feature 15693: Allow simple user to update script with XSS enable"
Dev: bad push …
This reverts commit 96c06a9d93a4209e43c94eeac6d822ebf7aca760.
Affected Issues
15693
mod - application/config/config-defaults.php Diff File
mod - application/core/LSWebUser.php Diff File
mod - application/views/admin/globalsettings/_security.php Diff File

LimeSurvey: master ae8a6cb8

2020-01-28 15:02:48

DenisChenu


Committer: markusfluer Details Diff
New feature 15693: Allow simple user to update script with XSS enable (#1372) Affected Issues
15693
mod - application/config/config-defaults.php Diff File
mod - application/core/LSWebUser.php Diff File
mod - application/views/admin/globalsettings/_security.php Diff File

Issue History

Date Modified Username Field Change
2020-01-07 17:29 DenisChenu New Issue
2020-01-07 17:29 DenisChenu Relationship added related to 15690
2020-01-07 17:29 DenisChenu Relationship added related to 15096
2020-01-07 17:30 DenisChenu Note Added: 55141
2020-01-10 16:20 DenisChenu Relationship added related to 15702
2020-01-13 09:12 DenisChenu Note Added: 55216
2020-01-13 09:12 DenisChenu Assigned To => DenisChenu
2020-01-13 09:12 DenisChenu Status new => testing
2020-01-13 09:13 DenisChenu File Added: Capture d’écran du 2020-01-13 09-13-05.png
2020-01-13 09:13 DenisChenu File Added: Capture d’écran du 2020-01-13 09-13-19.png
2020-01-13 14:35 DenisChenu Assigned To DenisChenu => ollehar
2020-01-17 15:42 DenisChenu Assigned To ollehar => DenisChenu
2020-01-17 15:42 DenisChenu Status testing => assigned
2020-01-17 17:42 DenisChenu Summary Allow configure question script allowed => Allow simple user to update script with XSS enable
2020-01-17 17:43 DenisChenu Changeset attached => LimeSurvey master 96c06a9d
2020-01-17 17:43 DenisChenu Note Added: 55368
2020-01-17 17:43 DenisChenu Resolution open => fixed
2020-01-17 17:45 DenisChenu Changeset attached => LimeSurvey master 97d8e349
2020-01-17 17:45 DenisChenu Note Added: 55369
2020-01-17 17:52 DenisChenu Assigned To DenisChenu => cdorin
2020-01-17 17:52 DenisChenu Status assigned => testing
2020-01-17 17:52 DenisChenu Note Added: 55370
2020-01-22 09:47 DenisChenu Note Added: 55425
2020-01-28 15:02 markusfluer Changeset attached => LimeSurvey master ae8a6cb8
2020-01-28 15:02 DenisChenu Note Added: 55498
2020-01-28 15:02 DenisChenu Assigned To cdorin => DenisChenu
2020-02-19 08:10 DenisChenu Status testing => resolved
2020-02-19 08:10 DenisChenu Fixed in Version => 4.x.x
2021-01-29 09:08 DenisChenu Relationship added related to 17028
2021-03-07 21:55 c_schmitz Status resolved => closed