15743: Script field in Questioneditor should be locked when XSS filtering is enabled for non superadmins

This issue affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update
15743	Bug reports	Survey editing	public	2020-01-20 14:53	2020-06-22 16:42

Reporter	p_teichmann	Assigned To	DenisChenu
Priority	normal	Severity	minor
Status	closed	Resolution	fixed
Product Version	4.0.x
Target Version	4.0.x	Fixed in Version	4.2.8

Summary	15743: Script field in Questioneditor should be locked when XSS filtering is enabled for non superadmins
Description	When XSS filtering is turned on all non superadmins should see a locked script field if they have the script field enabled.
Steps To Reproduce	Enable xss filtering globalsettings->security Create a User with permissions for surveys / not superadmin login with that user and enable script field in personal settings the script field should be locked
Additional Information	Create a locked status for the script field and add description or mouseover why it is locked
Tags	No tags attached.

Bug heat	2
Complete LimeSurvey version number (& build)	4.0.0
I will donate to the project if issue is resolved	No
Browser
Database type & version	not relevant
Server OS (if known)
Webserver software & version (if known)
PHP Version	not relevant

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2020-01-20 14:53	p_teichmann	New Issue
2020-01-20 14:53	p_teichmann	Status	new => assigned
2020-01-20 14:53	p_teichmann	Assigned To	=> cdorin
2020-02-22 21:20	cdorin	Assigned To	cdorin =>
2020-02-22 21:20	cdorin	Priority	none => normal
2020-02-22 21:20	cdorin	Status	assigned => confirmed
2020-02-24 07:45	DenisChenu	Note Added: 56157
2020-06-22 16:42	DenisChenu	Assigned To	=> DenisChenu
2020-06-22 16:42	DenisChenu	Status	confirmed => resolved
2020-06-22 16:42	DenisChenu	Resolution	open => fixed
2020-06-22 16:42	DenisChenu	Fixed in Version	=> 4.2.8
2020-06-22 16:42	DenisChenu	Status	resolved => closed

DenisChenu 2020-02-24 07:45 developer ~56157	https://github.com/LimeSurvey/LimeSurvey/commit/4774b1852a19dbca93b84ef439ed0f944c148201 https://github.com/LimeSurvey/LimeSurvey/commit/ae8a6cb8bbd31a337ebb9cbe5bddd0f7847b2c4c But : this settings must be removed ! There are no reason to hide it if you're allowed. It's not a user settings .... Why adding it ? Give me one good reason.