View Issue Details

IDProjectCategoryView StatusLast Update
15743Bug reportsSurvey editingpublic2020-02-24 07:45
Reporterp_teichmann Assigned To 
PrioritynormalSeverityminor 
Status confirmedResolutionopen 
Product Version4.0.x 
Target Version4.0.x 
Summary15743: Script field in Questioneditor should be locked when XSS filtering is enabled for non superadmins
Description

When XSS filtering is turned on all non superadmins should see a locked script field if they have the script field enabled.

Steps To Reproduce
  1. Enable xss filtering globalsettings->security
  2. Create a User with permissions for surveys / not superadmin
  3. login with that user and enable script field in personal settings
  4. the script field should be locked
Additional Information

Create a locked status for the script field and add description or mouseover why it is locked

TagsNo tags attached.
Complete LimeSurvey version number (& build)4.0.0
I will donate to the project if issue is resolvedNo
Browser
Database & DB-Versionnot relevant
Server OS (if known)
Webserver software & version (if known)
PHP Versionnot relevant

Activities

DenisChenu

DenisChenu

2020-02-24 07:45

developer   ~56157

https://github.com/LimeSurvey/LimeSurvey/commit/4774b1852a19dbca93b84ef439ed0f944c148201
https://github.com/LimeSurvey/LimeSurvey/commit/ae8a6cb8bbd31a337ebb9cbe5bddd0f7847b2c4c

But : this settings must be removed ! There are no reason to hide it if you're allowed. It's not a user settings ....

Why adding it ? Give me one good reason.

Issue History

Date Modified Username Field Change
2020-01-20 14:53 p_teichmann New Issue
2020-01-20 14:53 p_teichmann Status new => assigned
2020-01-20 14:53 p_teichmann Assigned To => cdorin
2020-02-22 21:20 cdorin Assigned To cdorin =>
2020-02-22 21:20 cdorin Priority none => normal
2020-02-22 21:20 cdorin Status assigned => confirmed
2020-02-24 07:45 DenisChenu Note Added: 56157