View Issue Details

This bug affects 1 person(s).
 10
IDProjectCategoryView StatusLast Update
16166Bug reportsSurvey takingpublic2020-04-28 10:12
Reportertigurr Assigned ToDenisChenu  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version4.1.16 
Summary16166: Survey taking/editing: Uploaded pictures not showing up
Description

When having a picture in a survey, the picture does not show up. If I browse the location manually (e.g. https://limesurvey.domain.local/upload/surveys/xxxx//Anschluesse.jpeg) I get an internal server error from apache and the logs contain:

[Tue Apr 21 11:41:40.858300 2020] [core:alert] [pid 6937:tid 140103843944192] [client 10.132.151.34:57764] /var/www/limesurvey.domain.local/htdocs/upload/surveys/.htaccess: deny not allowed in <FilesMatch> context

upload/surveys/.htaccess has the same content like on git master https://github.com/LimeSurvey/LimeSurvey/blob/master/upload/surveys/.htaccess

<FilesMatch "^fu_[a-z0-9]*$">
deny from all
</FilesMatch>

This is on apache 2.4.43. Commenting out the FilesMatch section allows the attached file to display correctly.

TagsNo tags attached.
Bug heat10
Complete LimeSurvey version number (& build)Version 4.1.17+200414
I will donate to the project if issue is resolvedNo
Browser
Database type & versionMariaDB 10.4.10
Server OS (if known)
Webserver software & version (if known)
PHP Version7.3.11

Users monitoring this issue

There are no users monitoring this issue.

Activities

ollehar

ollehar

2020-04-21 13:05

administrator   ~57286

What's the git history of the .access file?

tigurr

tigurr

2020-04-21 13:36

reporter   ~57287

I use release tarballs, not git. I've opened a pull request with a fix: https://github.com/LimeSurvey/LimeSurvey/pull/1408

ollehar

ollehar

2020-04-21 13:40

administrator   ~57288

Thank you, I'll ask Denis to review your changes.

DenisChenu

DenisChenu

2020-04-21 15:59

developer   ~57291

Tested on Apache/2.4.25 (Debian) without any change : seems OK for an image, fu_XXX is disable.

What version of apache broke ?

I like to have clean documentation :) when search for deny not allowed in + apache or +FileMatch : i see more AllowOverride advice.

tigurr

tigurr

2020-04-21 16:11

reporter   ~57292

Like stated in my initial problem description this is on 2.4.43, it however should affect any apache 2.4 without mod_access_compat loaded. I've AllowOverride AuthConfig Indexes FileInfo, that's also the first thing I checked before noticing that the .htaccess actually only contains legacy code. There are even old comments about this on GitHub: https://github.com/LimeSurvey/LimeSurvey/commit/b687776875ca8d6799dceeb5941a0cc5c952fbdb#comments

tigurr

tigurr

2020-04-21 16:25

reporter   ~57293

I have to correct myself regarding the AllowOverride statement, <FilesMatch>-directive actually requires AllowOverride All which I was indeed missing: https://httpd.apache.org/docs/2.4/mod/core.html#filesmatch.

DenisChenu

DenisChenu

2020-04-21 16:27

developer   ~57294

without mod_access_compat loaded

:+1: right

Maybe Require all denied are the best option ? apache 2.4 needed

@ollehar : can we force to apache 2.4 ? OK according to https://github.com/LimeSurvey/LimeSurvey/#minimal

guest

guest

2020-04-22 10:23

viewer   ~57303

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&amp;id=29921

lime_release_bot

lime_release_bot

2020-04-28 10:12

administrator   ~57421

Fixed in Release 4.2.0+200422

Related Changesets

LimeSurvey: master fa4022f6

2020-04-22 10:23:42

tigurr


Committer: GitHub Details Diff
Fixed issue 16166: Survey taking/editing uploaded pictures not showing up (#1408)

Dev: Allow .htaccess to also work with apache 2.4 syntax.
Affected Issues
16166
mod - upload/surveys/.htaccess Diff File

Issue History

Date Modified Username Field Change
2020-04-21 11:58 tigurr New Issue
2020-04-21 13:05 ollehar Note Added: 57286
2020-04-21 13:36 tigurr Note Added: 57287
2020-04-21 13:40 ollehar Note Added: 57288
2020-04-21 15:53 DenisChenu Assigned To => DenisChenu
2020-04-21 15:53 DenisChenu Status new => assigned
2020-04-21 15:59 DenisChenu Note Added: 57291
2020-04-21 16:11 tigurr Note Added: 57292
2020-04-21 16:25 tigurr Note Added: 57293
2020-04-21 16:27 DenisChenu Note Added: 57294
2020-04-22 10:23 tigurr Changeset attached => LimeSurvey master fa4022f6
2020-04-22 10:23 guest Note Added: 57303
2020-04-22 10:24 ollehar Status assigned => resolved
2020-04-22 10:24 ollehar Resolution open => fixed
2020-04-28 10:12 lime_release_bot Note Added: 57421
2020-04-28 10:12 lime_release_bot Status resolved => closed