View Issue Details

IDProjectCategoryView StatusLast Update
15743Bug reportsSurvey editingpublic2020-06-22 16:42
Reporterp_teichmann Assigned ToDenisChenu  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version4.0.x 
Target Version4.0.xFixed in Version4.2.8 
Summary15743: Script field in Questioneditor should be locked when XSS filtering is enabled for non superadmins
Description

When XSS filtering is turned on all non superadmins should see a locked script field if they have the script field enabled.

Steps To Reproduce
  1. Enable xss filtering globalsettings->security
  2. Create a User with permissions for surveys / not superadmin
  3. login with that user and enable script field in personal settings
  4. the script field should be locked
Additional Information

Create a locked status for the script field and add description or mouseover why it is locked

TagsNo tags attached.
Complete LimeSurvey version number (& build)4.0.0
I will donate to the project if issue is resolvedNo
Browser
Database & DB-Versionnot relevant
Server OS (if known)
Webserver software & version (if known)
PHP Versionnot relevant

Activities

DenisChenu

DenisChenu

2020-02-24 07:45

developer   ~56157

https://github.com/LimeSurvey/LimeSurvey/commit/4774b1852a19dbca93b84ef439ed0f944c148201
https://github.com/LimeSurvey/LimeSurvey/commit/ae8a6cb8bbd31a337ebb9cbe5bddd0f7847b2c4c

But : this settings must be removed ! There are no reason to hide it if you're allowed. It's not a user settings ....

Why adding it ? Give me one good reason.

Issue History

Date Modified Username Field Change
2020-01-20 14:53 p_teichmann New Issue
2020-01-20 14:53 p_teichmann Status new => assigned
2020-01-20 14:53 p_teichmann Assigned To => cdorin
2020-02-22 21:20 cdorin Assigned To cdorin =>
2020-02-22 21:20 cdorin Priority none => normal
2020-02-22 21:20 cdorin Status assigned => confirmed
2020-02-24 07:45 DenisChenu Note Added: 56157
2020-06-22 16:42 DenisChenu Assigned To => DenisChenu
2020-06-22 16:42 DenisChenu Status confirmed => resolved
2020-06-22 16:42 DenisChenu Resolution open => fixed
2020-06-22 16:42 DenisChenu Fixed in Version => 4.2.8
2020-06-22 16:42 DenisChenu Status resolved => closed