View Issue Details

This bug affects 1 person(s).
 6
IDProjectCategoryView StatusLast Update
16247Bug reportsPluginspublic2020-05-26 12:44
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version4.2.2 
Summary16247: Launch console can create new security.php file
Description

Using https://gitlab.com/SondagesPro/coreAndTools/checkKeys plugin, i see this create a new security.php file before any other action of plugin happen.
If not launched in LimeSurvey directory (for this server)

Steps To Reproduce

Have a token enable syurvey with encrypted firstname/lastname

On server with command
php /home/xxxxx/public_html/test/application/commands/console.php plugin --target=zzzzz
(no plugin needed)

Try to see the token table
Receive error about Sodium

Additional Information
cd /home/xxxxx/public_html/test/
php application/commands/console.php plugin --target=zzzzz

No issue
php public_html/test/application/commands/console.php plugin --target=zzzzz

issue for one server (not mine …)

TagsNo tags attached.
Bug heat6
Complete LimeSurvey version number (& build)4.2.2+200504
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & version5.6.47
Server OS (if known)linux el7.centos - cpanel 86.0 (build 18)
Webserver software & version (if known)apache 2.4.43
PHP Version7.3.17

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2020-05-08 13:42

developer   ~57630

My first fix was disable update of existing config is already here.

DenisChenu

DenisChenu

2020-05-20 14:07

developer   ~57957

Error: Call to undefined function gT() in /home/martinasurvey/public_html/test/application/core/LSSodium.php:129 …

I fix it … need common_helper

ollehar

ollehar

2020-05-20 14:23

administrator   ~57959

We need proper step-by-step introduction to reproduce.

DenisChenu

DenisChenu

2020-05-20 14:29

developer   ~57960

I didn't know what server needed to have the issue

php /home/xxxxx/public_html/test/application/commands/console.php plugin --target=zzzzz

No need plugin , just launch console but not inside limesurvey directory

DenisChenu

DenisChenu

2020-05-20 14:33

developer   ~57962

Last edited: 2020-05-20 14:43

cpanel version 86.0 (build 21)

php default is 5.6.40
php7 by /opt/cpanel/ea-php73/root/usr/bin/php

/opt/cpanel/ea-php73/root/usr/bin/php /home/web/public_html/test/application/commands/console.php plugin index --target=plugin

replace security.php

cd /home/web/public_html/test/
/opt/cpanel/ea-php73/root/usr/bin/php application/commands/console.php plugin index --target=plugin

is OK

No need plugin, replaced before event happen

DenisChenu

DenisChenu

2020-05-20 14:35

developer   ~57963

And after have always (and can revert …)

500: Erro interno do servidor
Wrong decryption key! Decryption key has changed since this data were last saved, so data can't be decrypted.
Please consult our manual at https://manual.limesurvey.org/Data_encryption#Errors.

Since old file are not backuped …

DenisChenu

DenisChenu

2020-05-20 14:41

developer   ~57964

SodiumException.html (38,491 bytes)   
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>SodiumException</title>

<style type="text/css">
/*<![CDATA[*/
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-size:100%;vertical-align:baseline;background:transparent;margin:0;padding:0;}
body{line-height:1;}
ol,ul{list-style:none;}
blockquote,q{quotes:none;}
blockquote:before,blockquote:after,q:before,q:after{content:none;}
:focus{outline:0;}
ins{text-decoration:none;}
del{text-decoration:line-through;}
table{border-collapse:collapse;border-spacing:0;}

body {
	font: normal 9pt "Verdana";
	color: #000;
	background: #fff;
}

h1 {
	font: normal 18pt "Verdana";
	color: #f00;
	margin-bottom: .5em;
}

h2 {
	font: normal 14pt "Verdana";
	color: #800000;
	margin-bottom: .5em;
}

h3 {
	font: bold 11pt "Verdana";
}

pre {
	font: normal 11pt Menlo, Consolas, "Lucida Console", Monospace;
}

pre span.error {
	display: block;
	background: #fce3e3;
}

pre span.ln {
	color: #999;
	padding-right: 0.5em;
	border-right: 1px solid #ccc;
}

pre span.error-ln {
	font-weight: bold;
}

.container {
	margin: 1em 4em;
}

.version {
	color: gray;
	font-size: 8pt;
	border-top: 1px solid #aaa;
	padding-top: 1em;
	margin-bottom: 1em;
}

.message {
	color: #000;
	padding: 1em;
	font-size: 11pt;
	background: #f3f3f3;
	-webkit-border-radius: 10px;
	-moz-border-radius: 10px;
	border-radius: 10px;
	margin-bottom: 1em;
	line-height: 160%;
}

.source {
	margin-bottom: 1em;
}

.code pre {
	background-color: #ffe;
	margin: 0.5em 0;
	padding: 0.5em;
	line-height: 125%;
	border: 1px solid #eee;
}

.source .file {
	margin-bottom: 1em;
	font-weight: bold;
}

.traces {
	margin: 2em 0;
}

.trace {
	margin: 0.5em 0;
	padding: 0.5em;
}

.trace.app {
	border: 1px dashed #c00;
}

.trace .number {
	text-align: right;
	width: 2em;
	padding: 0.5em;
}

.trace .content {
	padding: 0.5em;
}

.trace .plus,
.trace .minus {
	display:inline;
	vertical-align:middle;
	text-align:center;
	border:1px solid #000;
	color:#000;
	font-size:10px;
	line-height:10px;
	margin:0;
	padding:0 1px;
	width:10px;
	height:10px;
}

.trace.collapsed .minus,
.trace.expanded .plus,
.trace.collapsed pre {
	display: none;
}

.trace-file {
	cursor: pointer;
	padding: 0.2em;
}

.trace-file:hover {
	background: #f0ffff;
}
/*]]>*/
</style>
</head>

<body>
<div class="container">
	<h1>SodiumException</h1>

	<p class="message">
		Wrong decryption key! Decryption key has changed since this data were 
last saved, so data can't be decrypted. Please consult our manual at 
https://manual.limesurvey.org/Data_encryption#Errors.	</p>

	<div class="source">
		<p class="file">/mnt/data/shnoulle/nginx/www/master/application/core/LSSodium.php(112)</p>
		<div class="code"><pre><span class="ln">100</span>     /**
<span class="ln">101</span>      * 
<span class="ln">102</span>      * Decrypt encrypted string.
<span class="ln">103</span>      * @param string $sEncryptedString Encrypted string to decrypt
<span class="ln">104</span>      * @param bool $bReturnFalseIfError false by default. If TRUE, return false in case of error (bad decryption). Else, return given $encryptedInput value
<span class="ln">105</span>      * @return string Return decrypted value (string or unsezialized object) if suceeded. Return FALSE if an error occurs (bad password/salt given) or inpyt encryptedString
<span class="ln">106</span>      */
<span class="ln">107</span>     public function decrypt($sEncryptedString, $bReturnFalseIfError=false){     
<span class="ln">108</span>         if ($this-&gt;bLibraryExists === true){
<span class="ln">109</span>             if (!empty($sEncryptedString) &amp;&amp; $sEncryptedString != 'null'){
<span class="ln">110</span>                 $plaintext = ParagonIE_Sodium_Compat::crypto_sign_open(base64_decode($sEncryptedString), $this-&gt;sEncryptionPublicKey);
<span class="ln">111</span>                 if ($plaintext === false){
<span class="error"><span class="ln error-ln">112</span>                     throw new SodiumException(sprintf(gT("Wrong decryption key! Decryption key has changed since this data were last saved, so data can't be decrypted. Please consult our manual at %s.", 'unescaped'), 'https://manual.limesurvey.org/Data_encryption#Errors'));
</span><span class="ln">113</span>                 } else {
<span class="ln">114</span>                     return $plaintext;
<span class="ln">115</span>                 }
<span class="ln">116</span>             }
<span class="ln">117</span>         } else {
<span class="ln">118</span>             return $sEncryptedString;
<span class="ln">119</span>         }
<span class="ln">120</span> 
<span class="ln">121</span>     }    
<span class="ln">122</span>  
<span class="ln">123</span>     /**
<span class="ln">124</span>      * 
</pre></div>	</div>

	<div class="traces">
		<h2>Stack Trace</h2>
				<table style="width:100%;">
						<tbody><tr class="trace app expanded">
			<td class="number">
				#0			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/models/LSActiveRecord.php(425): <strong>LSSodium</strong>-&gt;<strong>decrypt</strong>()				</div>

				<div class="code"><pre><span class="ln">420</span>                 }
<span class="ln">421</span>             }
<span class="ln">422</span>         } else {
<span class="ln">423</span>             $attributes = $this-&gt;encryptAttributeValues($this-&gt;attributes, true, false);
<span class="ln">424</span>             foreach ($attributes as $key =&gt; $attribute) {
<span class="error"><span class="ln error-ln">425</span>                 $this-&gt;$key = $sodium-&gt;$action($attribute);
</span><span class="ln">426</span>             }
<span class="ln">427</span>         }
<span class="ln">428</span>     }
<span class="ln">429</span>     /**
<span class="ln">430</span>      * Function to show encryption symbol in gridview attribute header if value ois encrypted
</pre></div>			</td>
		</tr>
						<tr class="trace app expanded">
			<td class="number">
				#1			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/models/LSActiveRecord.php(335): <strong>LSActiveRecord</strong>-&gt;<strong>decryptEncryptAttributes</strong>()				</div>

				<div class="code"><pre><span class="ln">330</span>             $sodium = Yii::app()-&gt;sodium;
<span class="ln">331</span> 
<span class="ln">332</span>             return $sodium-&gt;decrypt($value);
<span class="ln">333</span>         } else {
<span class="ln">334</span>             // decrypt attributes
<span class="error"><span class="ln error-ln">335</span>             $this-&gt;decryptEncryptAttributes('decrypt');
</span><span class="ln">336</span> 
<span class="ln">337</span>             return $this;
<span class="ln">338</span>         }
<span class="ln">339</span>     }
<span class="ln">340</span> 
</pre></div>			</td>
		</tr>
						<tr class="trace app expanded">
			<td class="number">
				#2			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/core/LSCActiveDataProvider.php(59): <strong>LSActiveRecord</strong>-&gt;<strong>decrypt</strong>()				</div>

				<div class="code"><pre><span class="ln">54</span>         
<span class="ln">55</span>         // decryption
<span class="ln">56</span>         if ($this-&gt;model-&gt;bEncryption){
<span class="ln">57</span>             foreach ($data as $row){
<span class="ln">58</span>                 if (!empty($row)){
<span class="error"><span class="ln error-ln">59</span>                     $row-&gt;decrypt();
</span><span class="ln">60</span>                 }
<span class="ln">61</span> 
<span class="ln">62</span>                 // decrypt all related models
<span class="ln">63</span>                 foreach ($row-&gt;relations() as $key =&gt; $related){
<span class="ln">64</span>                     if ($row-&gt;hasRelated($key) &amp;&amp; !is_null($row-&gt;$key)){
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#3			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CDataProvider.php(168): <strong>LSCActiveDataProvider</strong>-&gt;<strong>fetchData</strong>()				</div>

				<div class="code"><pre><span class="ln">163</span>      * @return array the list of data items currently available in this data provider.
<span class="ln">164</span>      */
<span class="ln">165</span>     public function getData($refresh=false)
<span class="ln">166</span>     {
<span class="ln">167</span>         if($this-&gt;_data===null || $refresh)
<span class="error"><span class="ln error-ln">168</span>             $this-&gt;_data=$this-&gt;fetchData();
</span><span class="ln">169</span>         return $this-&gt;_data;
<span class="ln">170</span>     }
<span class="ln">171</span> 
<span class="ln">172</span>     /**
<span class="ln">173</span>      * Sets the data items for this provider.
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#4			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/zii/widgets/CBaseListView.php(125): <strong>CDataProvider</strong>-&gt;<strong>getData</strong>()				</div>

				<div class="code"><pre><span class="ln">120</span>     public function init()
<span class="ln">121</span>     {
<span class="ln">122</span>         if($this-&gt;dataProvider===null)
<span class="ln">123</span>             throw new CException(Yii::t('zii','The "dataProvider" property cannot be empty.'));
<span class="ln">124</span> 
<span class="error"><span class="ln error-ln">125</span>         $this-&gt;dataProvider-&gt;getData();
</span><span class="ln">126</span> 
<span class="ln">127</span>         if(isset($this-&gt;htmlOptions['id']))
<span class="ln">128</span>             $this-&gt;id=$this-&gt;htmlOptions['id'];
<span class="ln">129</span>         else
<span class="ln">130</span>             $this-&gt;htmlOptions['id']=$this-&gt;id;
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#5			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/zii/widgets/grid/CGridView.php(339): <strong>CBaseListView</strong>-&gt;<strong>init</strong>()				</div>

				<div class="code"><pre><span class="ln">334</span>      * Initializes the grid view.
<span class="ln">335</span>      * This method will initialize required property values and instantiate {@link columns} objects.
<span class="ln">336</span>      */
<span class="ln">337</span>     public function init()
<span class="ln">338</span>     {
<span class="error"><span class="ln error-ln">339</span>         parent::init();
</span><span class="ln">340</span> 
<span class="ln">341</span>         if(empty($this-&gt;updateSelector))
<span class="ln">342</span>             throw new CException(Yii::t('zii','The property updateSelector should be defined.'));
<span class="ln">343</span>         if(empty($this-&gt;filterSelector))
<span class="ln">344</span>             throw new CException(Yii::t('zii','The property filterSelector should be defined.'));
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#6			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/extensions/bootstrap/widgets/TbGridView.php(44): <strong>CGridView</strong>-&gt;<strong>init</strong>()				</div>

				<div class="code"><pre><span class="ln">39</span>     /**
<span class="ln">40</span>      * Initializes the widget.
<span class="ln">41</span>      */
<span class="ln">42</span>     public function init()
<span class="ln">43</span>     {
<span class="error"><span class="ln error-ln">44</span>         parent::init();
</span><span class="ln">45</span>         $classes = array('table');
<span class="ln">46</span>         if (isset($this-&gt;type) &amp;&amp; !empty($this-&gt;type)) {
<span class="ln">47</span>             if (is_string($this-&gt;type)) {
<span class="ln">48</span>                 $this-&gt;type = explode(' ', $this-&gt;type);
<span class="ln">49</span>             }
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#7			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CBaseController.php(147): <strong>TbGridView</strong>-&gt;<strong>init</strong>()				</div>

				<div class="code"><pre><span class="ln">142</span>      * @return CWidget the fully initialized widget instance.
<span class="ln">143</span>      */
<span class="ln">144</span>     public function createWidget($className,$properties=array())
<span class="ln">145</span>     {
<span class="ln">146</span>         $widget=Yii::app()-&gt;getWidgetFactory()-&gt;createWidget($this,$className,$properties);
<span class="error"><span class="ln error-ln">147</span>         $widget-&gt;init();
</span><span class="ln">148</span>         return $widget;
<span class="ln">149</span>     }
<span class="ln">150</span> 
<span class="ln">151</span>     /**
<span class="ln">152</span>      * Creates a widget and executes it.
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#8			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CBaseController.php(181): <strong>CBaseController</strong>-&gt;<strong>createWidget</strong>()				</div>

				<div class="code"><pre><span class="ln">176</span>             }
<span class="ln">177</span>             return ob_get_clean();
<span class="ln">178</span>         }
<span class="ln">179</span>         else
<span class="ln">180</span>         {
<span class="error"><span class="ln error-ln">181</span>             $widget=$this-&gt;createWidget($className,$properties);
</span><span class="ln">182</span>             $widget-&gt;run();
<span class="ln">183</span>             return $widget;
<span class="ln">184</span>         }
<span class="ln">185</span>     }
<span class="ln">186</span> 
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#9			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/views/admin/token/browse.php(48): <strong>CBaseController</strong>-&gt;<strong>widget</strong>()				</div>

				<div class="code"><pre><span class="ln">43</span>                                 array('class'=&gt;'changePageSize form-control', 'style'=&gt;'display: inline; width: auto'))),
<span class="ln">44</span>                         'itemsCssClass' =&gt;'table-striped',
<span class="ln">45</span>                         'columns' =&gt; $model-&gt;attributesForGrid,
<span class="ln">46</span>                         'ajaxUpdate' =&gt; 'token-grid',
<span class="ln">47</span>                         'ajaxType'=&gt;'POST',
<span class="error"><span class="ln error-ln">48</span>                         'afterAjaxUpdate' =&gt; 'onUpdateTokenGrid'
</span><span class="ln">49</span>                     ));
<span class="ln">50</span>                 ?&gt;
<span class="ln">51</span>             &lt;/div&gt;
<span class="ln">52</span>         &lt;/div&gt;
<span class="ln">53</span> 
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#10			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CBaseController.php(126): <strong>require</strong>()				</div>

				<div class="code"><pre><span class="ln">121</span>             $data=$_data_;
<span class="ln">122</span>         if($_return_)
<span class="ln">123</span>         {
<span class="ln">124</span>             ob_start();
<span class="ln">125</span>             ob_implicit_flush(false);
<span class="error"><span class="ln error-ln">126</span>             require($_viewFile_);
</span><span class="ln">127</span>             return ob_get_clean();
<span class="ln">128</span>         }
<span class="ln">129</span>         else
<span class="ln">130</span>             require($_viewFile_);
<span class="ln">131</span>     }
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#11			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CBaseController.php(95): <strong>CBaseController</strong>-&gt;<strong>renderInternal</strong>()				</div>

				<div class="code"><pre><span class="ln">090</span>     {
<span class="ln">091</span>         $widgetCount=count($this-&gt;_widgetStack);
<span class="ln">092</span>         if(($renderer=Yii::app()-&gt;getViewRenderer())!==null &amp;&amp; $renderer-&gt;fileExtension==='.'.CFileHelper::getExtension($viewFile))
<span class="ln">093</span>             $content=$renderer-&gt;renderFile($this,$viewFile,$data,$return);
<span class="ln">094</span>         else
<span class="error"><span class="ln error-ln">095</span>             $content=$this-&gt;renderInternal($viewFile,$data,$return);
</span><span class="ln">096</span>         if(count($this-&gt;_widgetStack)===$widgetCount)
<span class="ln">097</span>             return $content;
<span class="ln">098</span>         else
<span class="ln">099</span>         {
<span class="ln">100</span>             $widget=end($this-&gt;_widgetStack);
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#12			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(872): <strong>CBaseController</strong>-&gt;<strong>renderFile</strong>()				</div>

				<div class="code"><pre><span class="ln">867</span>      */
<span class="ln">868</span>     public function renderPartial($view,$data=null,$return=false,$processOutput=false)
<span class="ln">869</span>     {
<span class="ln">870</span>         if(($viewFile=$this-&gt;getViewFile($view))!==false)
<span class="ln">871</span>         {
<span class="error"><span class="ln error-ln">872</span>             $output=$this-&gt;renderFile($viewFile,$data,true);
</span><span class="ln">873</span>             if($processOutput)
<span class="ln">874</span>                 $output=$this-&gt;processOutput($output);
<span class="ln">875</span>             if($return)
<span class="ln">876</span>                 return $output;
<span class="ln">877</span>             else
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#13			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/controllers/AdminController.php(240): <strong>CController</strong>-&gt;<strong>renderPartial</strong>()				</div>

				<div class="code"><pre><span class="ln">235</span>             }
<span class="ln">236</span> 
<span class="ln">237</span>           }
<span class="ln">238</span>         }
<span class="ln">239</span> 
<span class="error"><span class="ln error-ln">240</span>         return parent::renderPartial($view,$data,$return,$processOutput);
</span><span class="ln">241</span>      }
<span class="ln">242</span> 
<span class="ln">243</span>     /**
<span class="ln">244</span>      * Routes all the actions to their respective places
<span class="ln">245</span>      *
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#14			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/core/Survey_Common_Action.php(274): <strong>AdminController</strong>-&gt;<strong>renderPartial</strong>()				</div>

				<div class="code"><pre><span class="ln">269</span>         $content = "";
<span class="ln">270</span> 
<span class="ln">271</span>         foreach ($aViewUrls as $sViewKey =&gt; $viewUrl) {
<span class="ln">272</span>             if (empty($sViewKey) || !in_array($sViewKey, array('message', 'output'))) {
<span class="ln">273</span>                 if (is_numeric($sViewKey)) {
<span class="error"><span class="ln error-ln">274</span>                     $content .= Yii::app()-&gt;getController()-&gt;renderPartial($sViewPath.$viewUrl, $aData, true);
</span><span class="ln">275</span>                 } elseif (is_array($viewUrl)) {
<span class="ln">276</span>                     foreach ($viewUrl as $aSubData) {
<span class="ln">277</span>                         $aSubData = array_merge($aData, $aSubData);
<span class="ln">278</span>                         $content .= Yii::app()-&gt;getController()-&gt;renderPartial($sViewPath.$sViewKey, $aSubData, true);
<span class="ln">279</span>                     }
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#15			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/core/Survey_Common_Action.php(357): <strong>Survey_Common_Action</strong>-&gt;<strong>renderCentralContents</strong>()				</div>

				<div class="code"><pre><span class="ln">352</span> 
<span class="ln">353</span> 
<span class="ln">354</span>         } else {
<span class="ln">355</span>             $renderFile = $basePath.'/'.$sRenderFile;
<span class="ln">356</span>         }
<span class="error"><span class="ln error-ln">357</span>         $content = $this-&gt;renderCentralContents($sAction, $aViewUrls, $aData);
</span><span class="ln">358</span>         $out = $this-&gt;renderInternal($renderFile, ['content' =&gt; $content, 'aData' =&gt; $aData], true);
<span class="ln">359</span> 
<span class="ln">360</span>         App()-&gt;getClientScript()-&gt;render($out);
<span class="ln">361</span>         echo $out;
<span class="ln">362</span>     }
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#16			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/controllers/admin/tokens.php(2605): <strong>Survey_Common_Action</strong>-&gt;<strong>_renderWrappedTemplate</strong>()				</div>

				<div class="code"><pre><span class="ln">2600</span>     {
<span class="ln">2601</span>         $aData['imageurl'] = App()-&gt;getConfig('adminimageurl');
<span class="ln">2602</span>         $aData['display']['menu_bars'] = false;
<span class="ln">2603</span>         $aData['subaction'] = gT('Survey participants');
<span class="ln">2604</span>         $aData['topBar']['type'] = 'tokens';
<span class="error"><span class="ln error-ln">2605</span>         parent::_renderWrappedTemplate($sAction, $aViewUrls, $aData, $sRenderFile);
</span><span class="ln">2606</span>     }
<span class="ln">2607</span> 
<span class="ln">2608</span>     /**
<span class="ln">2609</span>      * @return string SQL condition
<span class="ln">2610</span>      */
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#17			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/controllers/admin/tokens.php(375): <strong>tokens</strong>-&gt;<strong>_renderWrappedTemplate</strong>()				</div>

				<div class="code"><pre><span class="ln">370</span>             Yii::app()-&gt;user-&gt;setState('pageSizeTokenView', (int) $_POST['pageSizeTokenView']);
<span class="ln">371</span>         }
<span class="ln">372</span> 
<span class="ln">373</span>         $aData['massiveAction'] = App()-&gt;getController()-&gt;renderPartial('/admin/token/massive_actions/_selector', $aData, true, false);
<span class="ln">374</span> 
<span class="error"><span class="ln error-ln">375</span>         $this-&gt;_renderWrappedTemplate('token', array('browse'), $aData);
</span><span class="ln">376</span>     }
<span class="ln">377</span> 
<span class="ln">378</span>     /**
<span class="ln">379</span>      * The fields with a value "lskeep" will not be updated
<span class="ln">380</span>      */
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#18			</td>
			<td class="content">
				<div class="trace-file">
										&nbsp;unknown(0): <strong>tokens</strong>-&gt;<strong>browse</strong>()				</div>

							</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#19			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/actions/CAction.php(109): <strong>ReflectionMethod</strong>-&gt;<strong>invokeArgs</strong>()				</div>

				<div class="code"><pre><span class="ln">104</span>             elseif($param-&gt;isDefaultValueAvailable())
<span class="ln">105</span>                 $ps[]=$param-&gt;getDefaultValue();
<span class="ln">106</span>             else
<span class="ln">107</span>                 return false;
<span class="ln">108</span>         }
<span class="error"><span class="ln error-ln">109</span>         $method-&gt;invokeArgs($object,$ps);
</span><span class="ln">110</span>         return true;
<span class="ln">111</span>     }
<span class="ln">112</span> }
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#20			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/core/Survey_Common_Action.php(86): <strong>CAction</strong>-&gt;<strong>runWithParamsInternal</strong>()				</div>

				<div class="code"><pre><span class="ln">81</span>             $oMethod = new ReflectionMethod($this, $sDefault);
<span class="ln">82</span>         }
<span class="ln">83</span> 
<span class="ln">84</span>         // We're all good to go, let's execute it
<span class="ln">85</span>         // runWithParamsInternal would automatically get the parameters of the method and populate them as required with the params
<span class="error"><span class="ln error-ln">86</span>         return parent::runWithParamsInternal($this, $oMethod, $params);
</span><span class="ln">87</span>     }
<span class="ln">88</span> 
<span class="ln">89</span>     /**
<span class="ln">90</span>      * Some functions have different parameters, which are just an alias of the
<span class="ln">91</span>      * usual parameters we're getting in the url. This function just populates
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#21			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(308): <strong>Survey_Common_Action</strong>-&gt;<strong>runWithParams</strong>()				</div>

				<div class="code"><pre><span class="ln">303</span>     {
<span class="ln">304</span>         $priorAction=$this-&gt;_action;
<span class="ln">305</span>         $this-&gt;_action=$action;
<span class="ln">306</span>         if($this-&gt;beforeAction($action))
<span class="ln">307</span>         {
<span class="error"><span class="ln error-ln">308</span>             if($action-&gt;runWithParams($this-&gt;getActionParams())===false)
</span><span class="ln">309</span>                 $this-&gt;invalidActionParams($action);
<span class="ln">310</span>             else
<span class="ln">311</span>                 $this-&gt;afterAction($action);
<span class="ln">312</span>         }
<span class="ln">313</span>         $this-&gt;_action=$priorAction;
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#22			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(286): <strong>CController</strong>-&gt;<strong>runAction</strong>()				</div>

				<div class="code"><pre><span class="ln">281</span>      * @see runAction
<span class="ln">282</span>      */
<span class="ln">283</span>     public function runActionWithFilters($action,$filters)
<span class="ln">284</span>     {
<span class="ln">285</span>         if(empty($filters))
<span class="error"><span class="ln error-ln">286</span>             $this-&gt;runAction($action);
</span><span class="ln">287</span>         else
<span class="ln">288</span>         {
<span class="ln">289</span>             $priorAction=$this-&gt;_action;
<span class="ln">290</span>             $this-&gt;_action=$action;
<span class="ln">291</span>             CFilterChain::create($this,$action,$filters)-&gt;run();
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#23			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(265): <strong>CController</strong>-&gt;<strong>runActionWithFilters</strong>()				</div>

				<div class="code"><pre><span class="ln">260</span>         {
<span class="ln">261</span>             if(($parent=$this-&gt;getModule())===null)
<span class="ln">262</span>                 $parent=Yii::app();
<span class="ln">263</span>             if($parent-&gt;beforeControllerAction($this,$action))
<span class="ln">264</span>             {
<span class="error"><span class="ln error-ln">265</span>                 $this-&gt;runActionWithFilters($action,$this-&gt;filters());
</span><span class="ln">266</span>                 $parent-&gt;afterControllerAction($this,$action);
<span class="ln">267</span>             }
<span class="ln">268</span>         }
<span class="ln">269</span>         else
<span class="ln">270</span>             $this-&gt;missingAction($actionID);
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#24			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/controllers/AdminController.php(180): <strong>CController</strong>-&gt;<strong>run</strong>()				</div>

				<div class="code"><pre><span class="ln">175</span>         }
<span class="ln">176</span> 
<span class="ln">177</span>         $this-&gt;runModuleController($action);
<span class="ln">178</span> 
<span class="ln">179</span> 
<span class="error"><span class="ln error-ln">180</span>         return parent::run($action);
</span><span class="ln">181</span>     }
<span class="ln">182</span> 
<span class="ln">183</span>     /**
<span class="ln">184</span>      * Starting with LS4, 3rd party developper can extends any of the LimeSurve controllers.
<span class="ln">185</span>      *
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#25			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CWebApplication.php(282): <strong>AdminController</strong>-&gt;<strong>run</strong>()				</div>

				<div class="code"><pre><span class="ln">277</span>         {
<span class="ln">278</span>             list($controller,$actionID)=$ca;
<span class="ln">279</span>             $oldController=$this-&gt;_controller;
<span class="ln">280</span>             $this-&gt;_controller=$controller;
<span class="ln">281</span>             $controller-&gt;init();
<span class="error"><span class="ln error-ln">282</span>             $controller-&gt;run($actionID);
</span><span class="ln">283</span>             $this-&gt;_controller=$oldController;
<span class="ln">284</span>         }
<span class="ln">285</span>         else
<span class="ln">286</span>             throw new CHttpException(404,Yii::t('yii','Unable to resolve the request "{route}".',
<span class="ln">287</span>                 array('{route}'=&gt;$route===''?$this-&gt;defaultController:$route)));
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#26			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CWebApplication.php(141): <strong>CWebApplication</strong>-&gt;<strong>runController</strong>()				</div>

				<div class="code"><pre><span class="ln">136</span>             foreach(array_splice($this-&gt;catchAllRequest,1) as $name=&gt;$value)
<span class="ln">137</span>                 $_GET[$name]=$value;
<span class="ln">138</span>         }
<span class="ln">139</span>         else
<span class="ln">140</span>             $route=$this-&gt;getUrlManager()-&gt;parseUrl($this-&gt;getRequest());
<span class="error"><span class="ln error-ln">141</span>         $this-&gt;runController($route);
</span><span class="ln">142</span>     }
<span class="ln">143</span> 
<span class="ln">144</span>     /**
<span class="ln">145</span>      * Registers the core application components.
<span class="ln">146</span>      * This method overrides the parent implementation by registering additional core components.
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#27			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/base/CApplication.php(185): <strong>CWebApplication</strong>-&gt;<strong>processRequest</strong>()				</div>

				<div class="code"><pre><span class="ln">180</span>     public function run()
<span class="ln">181</span>     {
<span class="ln">182</span>         if($this-&gt;hasEventHandler('onBeginRequest'))
<span class="ln">183</span>             $this-&gt;onBeginRequest(new CEvent($this));
<span class="ln">184</span>         register_shutdown_function(array($this,'end'),0,false);
<span class="error"><span class="ln error-ln">185</span>         $this-&gt;processRequest();
</span><span class="ln">186</span>         if($this-&gt;hasEventHandler('onEndRequest'))
<span class="ln">187</span>             $this-&gt;onEndRequest(new CEvent($this));
<span class="ln">188</span>     }
<span class="ln">189</span> 
<span class="ln">190</span>     /**
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#28			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/index.php(182): <strong>CApplication</strong>-&gt;<strong>run</strong>()				</div>

				<div class="code"><pre><span class="ln">177</span> require_once APPPATH . 'core/LSYii_Application' . EXT;
<span class="ln">178</span> 
<span class="ln">179</span> $config = require_once(APPPATH . 'config/internal' . EXT);
<span class="ln">180</span> 
<span class="ln">181</span> Yii::$enableIncludePath = false;
<span class="error"><span class="ln error-ln">182</span> Yii::createApplication('LSYii_Application', $config)-&gt;run();
</span><span class="ln">183</span> 
<span class="ln">184</span> /* End of file index.php */
<span class="ln">185</span> /* Location: ./index.php */
</pre></div>			</td>
		</tr>
				</tbody></table>
	</div>

	<div class="version">
		2020-05-20 12:41:20 nginx/1.18.0 <a href="http://www.yiiframework.com/">Yii Framework</a>/1.1.22-dev	</div>
</div>

<script type="text/javascript">
/*<![CDATA[*/
var traceReg = new RegExp("(^|\\s)trace-file(\\s|$)");
var collapsedReg = new RegExp("(^|\\s)collapsed(\\s|$)");

var e = document.getElementsByTagName("div");
for(var j=0,len=e.length;j<len;j++){
	if(traceReg.test(e[j].className)){
		e[j].onclick = function(){
			var trace = this.parentNode.parentNode;
			if(collapsedReg.test(trace.className))
				trace.className = trace.className.replace("collapsed", "expanded");
			else
				trace.className = trace.className.replace("expanded", "collapsed");
		}
	}
}
/*]]>*/
</script>



<div id="grammalecte_menu_main_button_shadow_host" style="width: 0px; height: 0px;"></div></body><script src="SodiumException_fichiers/api.js"></script></html>
SodiumException.html (38,491 bytes)   
DenisChenu

DenisChenu

2020-05-20 15:51

developer   ~57967

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&amp;id=29983

lime_release_bot

lime_release_bot

2020-05-26 12:44

administrator   ~58030

Fixed in Release 4.2.5+200526

Related Changesets

LimeSurvey: master a977829e

2020-05-20 15:51:49

DenisChenu


Committer: GitHub Details Diff
Fixed issue 16247: Launch console can create new security.php file (#1424)

Dev: Throw exception if file already exist
Dev: Read real default directory in ConsoleApplication
Dev: since use gT for exception : need common_helper
Dev: identation only on 3 new lines
Affected Issues
16247
mod - application/commands/PluginCommand.php Diff File
mod - application/core/ConsoleApplication.php Diff File
mod - application/core/LSSodium.php Diff File

Issue History

Date Modified Username Field Change
2020-05-08 13:41 DenisChenu New Issue
2020-05-08 13:42 DenisChenu Note Added: 57630
2020-05-08 13:52 ollehar Product Version => 4.2.2
2020-05-20 14:07 DenisChenu Note Added: 57957
2020-05-20 14:23 ollehar Note Added: 57959
2020-05-20 14:29 DenisChenu Note Added: 57960
2020-05-20 14:33 DenisChenu Note Added: 57962
2020-05-20 14:34 DenisChenu Note Edited: 57962
2020-05-20 14:35 DenisChenu Note Added: 57963
2020-05-20 14:41 DenisChenu Steps to Reproduce Updated
2020-05-20 14:41 DenisChenu Note Added: 57964
2020-05-20 14:41 DenisChenu File Added: Capture d’écran du 2020-05-20 14-41-11.png
2020-05-20 14:41 DenisChenu File Added: SodiumException.html
2020-05-20 14:43 DenisChenu Steps to Reproduce Updated
2020-05-20 14:43 DenisChenu Additional Information Updated
2020-05-20 14:43 DenisChenu Note Edited: 57962
2020-05-20 15:51 DenisChenu Changeset attached => LimeSurvey master a977829e
2020-05-20 15:51 DenisChenu Note Added: 57967
2020-05-20 15:51 DenisChenu Assigned To => DenisChenu
2020-05-20 15:51 DenisChenu Resolution open => fixed
2020-05-20 16:14 ollehar Status new => resolved
2020-05-26 12:44 lime_release_bot Note Added: 58030
2020-05-26 12:44 lime_release_bot Status resolved => closed