16247: Launch console can create new security.php file - LimeSurvey bugs and feature requests

This issue affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update
16247	Bug reports	Plugins	public	2020-05-08 13:41	2020-05-26 12:44

Reporter	DenisChenu	Assigned To	DenisChenu
Priority	none	Severity	minor
Status	closed	Resolution	fixed
Product Version	4.2.2

Summary	16247: Launch console can create new security.php file
Description	Using https://gitlab.com/SondagesPro/coreAndTools/checkKeys plugin, i see this create a new security.php file before any other action of plugin happen. If not launched in LimeSurvey directory (for this server)
Steps To Reproduce	Have a token enable syurvey with encrypted firstname/lastname On server with command `php /home/xxxxx/public_html/test/application/commands/console.php plugin --target=zzzzz` (no plugin needed) Try to see the token table Receive error about Sodium
Additional Information	`cd /home/xxxxx/public_html/test/ php application/commands/console.php plugin --target=zzzzz` No issue `php public_html/test/application/commands/console.php plugin --target=zzzzz` issue for one server (not mine …)
Tags	No tags attached.

Bug heat	6
Complete LimeSurvey version number (& build)	4.2.2+200504
I will donate to the project if issue is resolved	No
Browser	not relevant
Database type & version	5.6.47
Server OS (if known)	linux el7.centos - cpanel 86.0 (build 18)
Webserver software & version (if known)	apache 2.4.43
PHP Version	7.3.17

User List	There are no users monitoring this issue.

DenisChenu 2020-05-08 13:42 developer ~57630	My first fix was disable update of existing config is already here.

DenisChenu 2020-05-20 14:07 developer ~57957	Error: Call to undefined function gT() in /home/martinasurvey/public_html/test/application/core/LSSodium.php:129 … I fix it … need common_helper

ollehar 2020-05-20 14:23 administrator ~57959	We need proper step-by-step introduction to reproduce.

DenisChenu 2020-05-20 14:29 developer ~57960	I didn't know what server needed to have the issue php /home/xxxxx/public_html/test/application/commands/console.php plugin --target=zzzzz No need plugin , just launch console but not inside limesurvey directory

DenisChenu 2020-05-20 14:33 developer ~57962 Last edited: 2020-05-20 14:43	cpanel version 86.0 (build 21) php default is 5.6.40 php7 by /opt/cpanel/ea-php73/root/usr/bin/php `/opt/cpanel/ea-php73/root/usr/bin/php /home/web/public_html/test/application/commands/console.php plugin index --target=plugin` replace security.php `cd /home/web/public_html/test/ /opt/cpanel/ea-php73/root/usr/bin/php application/commands/console.php plugin index --target=plugin` is OK No need plugin, replaced before event happen

DenisChenu 2020-05-20 14:35 developer ~57963	And after have always (and can revert …) 500: Erro interno do servidor Wrong decryption key! Decryption key has changed since this data were last saved, so data can't be decrypted. Please consult our manual at https://manual.limesurvey.org/Data_encryption#Errors. Since old file are not backuped …

DenisChenu 2020-05-20 14:41 developer ~57964	Capture d’écran du 2020-05-20 14-41-11.png (46,167 bytes) Capture d’écran du 2020-05-20 14-41-11.png (46,167 bytes) SodiumException.html (38,491 bytes) <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>SodiumException</title> <style type="text/css"> /<![CDATA[/ html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-size:100%;vertical-align:baseline;background:transparent;margin:0;padding:0;} body{line-height:1;} ol,ul{list-style:none;} blockquote,q{quotes:none;} blockquote:before,blockquote:after,q:before,q:after{content:none;} :focus{outline:0;} ins{text-decoration:none;} del{text-decoration:line-through;} table{border-collapse:collapse;border-spacing:0;} body { font: normal 9pt "Verdana"; color: #000; background: #fff; } h1 { font: normal 18pt "Verdana"; color: #f00; margin-bottom: .5em; } h2 { font: normal 14pt "Verdana"; color: #800000; margin-bottom: .5em; } h3 { font: bold 11pt "Verdana"; } pre { font: normal 11pt Menlo, Consolas, "Lucida Console", Monospace; } pre span.error { display: block; background: #fce3e3; } pre span.ln { color: #999; padding-right: 0.5em; border-right: 1px solid #ccc; } pre span.error-ln { font-weight: bold; } .container { margin: 1em 4em; } .version { color: gray; font-size: 8pt; border-top: 1px solid #aaa; padding-top: 1em; margin-bottom: 1em; } .message { color: #000; padding: 1em; font-size: 11pt; background: #f3f3f3; -webkit-border-radius: 10px; -moz-border-radius: 10px; border-radius: 10px; margin-bottom: 1em; line-height: 160%; } .source { margin-bottom: 1em; } .code pre { background-color: #ffe; margin: 0.5em 0; padding: 0.5em; line-height: 125%; border: 1px solid #eee; } .source .file { margin-bottom: 1em; font-weight: bold; } .traces { margin: 2em 0; } .trace { margin: 0.5em 0; padding: 0.5em; } .trace.app { border: 1px dashed #c00; } .trace .number { text-align: right; width: 2em; padding: 0.5em; } .trace .content { padding: 0.5em; } .trace .plus, .trace .minus { display:inline; vertical-align:middle; text-align:center; border:1px solid #000; color:#000; font-size:10px; line-height:10px; margin:0; padding:0 1px; width:10px; height:10px; } .trace.collapsed .minus, .trace.expanded .plus, .trace.collapsed pre { display: none; } .trace-file { cursor: pointer; padding: 0.2em; } .trace-file:hover { background: #f0ffff; } /]]>/ </style> </head> <body> <div class="container"> <h1>SodiumException</h1> <p class="message"> Wrong decryption key! Decryption key has changed since this data were last saved, so data can't be decrypted. Please consult our manual at https://manual.limesurvey.org/Data_encryption#Errors. </p> <div class="source"> <p class="file">/mnt/data/shnoulle/nginx/www/master/application/core/LSSodium.php(112)</p> <div class="code"><pre><span class="ln">100</span> /** <span class="ln">101</span> * <span class="ln">102</span> * Decrypt encrypted string. <span class="ln">103</span> * @param string $sEncryptedString Encrypted string to decrypt <span class="ln">104</span> * @param bool $bReturnFalseIfError false by default. If TRUE, return false in case of error (bad decryption). Else, return given $encryptedInput value <span class="ln">105</span> * @return string Return decrypted value (string or unsezialized object) if suceeded. Return FALSE if an error occurs (bad password/salt given) or inpyt encryptedString <span class="ln">106</span> / <span class="ln">107</span> public function decrypt($sEncryptedString, $bReturnFalseIfError=false){ <span class="ln">108</span> if ($this->bLibraryExists === true){ <span class="ln">109</span> if (!empty($sEncryptedString) && $sEncryptedString != 'null'){ <span class="ln">110</span> $plaintext = ParagonIE_Sodium_Compat::crypto_sign_open(base64_decode($sEncryptedString), $this->sEncryptionPublicKey); <span class="ln">111</span> if ($plaintext === false){ <span class="error"><span class="ln error-ln">112</span> throw new SodiumException(sprintf(gT("Wrong decryption key! Decryption key has changed since this data were last saved, so data can't be decrypted. Please consult our manual at %s.", 'unescaped'), 'https://manual.limesurvey.org/Data_encryption#Errors')); </span><span class="ln">113</span> } else { <span class="ln">114</span> return $plaintext; <span class="ln">115</span> } <span class="ln">116</span> } <span class="ln">117</span> } else { <span class="ln">118</span> return $sEncryptedString; <span class="ln">119</span> } <span class="ln">120</span> <span class="ln">121</span> } <span class="ln">122</span> <span class="ln">123</span> /* <span class="ln">124</span> * </pre></div> </div> <div class="traces"> <h2>Stack Trace</h2> <table style="width:100%;"> <tbody><tr class="trace app expanded"> <td class="number"> #0 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/models/LSActiveRecord.php(425): <strong>LSSodium</strong>-><strong>decrypt</strong>() </div> <div class="code"><pre><span class="ln">420</span> } <span class="ln">421</span> } <span class="ln">422</span> } else { <span class="ln">423</span> $attributes = $this->encryptAttributeValues($this->attributes, true, false); <span class="ln">424</span> foreach ($attributes as $key => $attribute) { <span class="error"><span class="ln error-ln">425</span> $this->$key = $sodium->$action($attribute); </span><span class="ln">426</span> } <span class="ln">427</span> } <span class="ln">428</span> } <span class="ln">429</span> /** <span class="ln">430</span> * Function to show encryption symbol in gridview attribute header if value ois encrypted </pre></div> </td> </tr> <tr class="trace app expanded"> <td class="number"> #1 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/models/LSActiveRecord.php(335): <strong>LSActiveRecord</strong>-><strong>decryptEncryptAttributes</strong>() </div> <div class="code"><pre><span class="ln">330</span> $sodium = Yii::app()->sodium; <span class="ln">331</span> <span class="ln">332</span> return $sodium->decrypt($value); <span class="ln">333</span> } else { <span class="ln">334</span> // decrypt attributes <span class="error"><span class="ln error-ln">335</span> $this->decryptEncryptAttributes('decrypt'); </span><span class="ln">336</span> <span class="ln">337</span> return $this; <span class="ln">338</span> } <span class="ln">339</span> } <span class="ln">340</span> </pre></div> </td> </tr> <tr class="trace app expanded"> <td class="number"> #2 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/core/LSCActiveDataProvider.php(59): <strong>LSActiveRecord</strong>-><strong>decrypt</strong>() </div> <div class="code"><pre><span class="ln">54</span> <span class="ln">55</span> // decryption <span class="ln">56</span> if ($this->model->bEncryption){ <span class="ln">57</span> foreach ($data as $row){ <span class="ln">58</span> if (!empty($row)){ <span class="error"><span class="ln error-ln">59</span> $row->decrypt(); </span><span class="ln">60</span> } <span class="ln">61</span> <span class="ln">62</span> // decrypt all related models <span class="ln">63</span> foreach ($row->relations() as $key => $related){ <span class="ln">64</span> if ($row->hasRelated($key) && !is_null($row->$key)){ </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #3 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CDataProvider.php(168): <strong>LSCActiveDataProvider</strong>-><strong>fetchData</strong>() </div> <div class="code"><pre><span class="ln">163</span> * @return array the list of data items currently available in this data provider. <span class="ln">164</span> / <span class="ln">165</span> public function getData($refresh=false) <span class="ln">166</span> { <span class="ln">167</span> if($this->_data===null \|\| $refresh) <span class="error"><span class="ln error-ln">168</span> $this->_data=$this->fetchData(); </span><span class="ln">169</span> return $this->_data; <span class="ln">170</span> } <span class="ln">171</span> <span class="ln">172</span> /* <span class="ln">173</span> * Sets the data items for this provider. </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #4 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/zii/widgets/CBaseListView.php(125): <strong>CDataProvider</strong>-><strong>getData</strong>() </div> <div class="code"><pre><span class="ln">120</span> public function init() <span class="ln">121</span> { <span class="ln">122</span> if($this->dataProvider===null) <span class="ln">123</span> throw new CException(Yii::t('zii','The "dataProvider" property cannot be empty.')); <span class="ln">124</span> <span class="error"><span class="ln error-ln">125</span> $this->dataProvider->getData(); </span><span class="ln">126</span> <span class="ln">127</span> if(isset($this->htmlOptions['id'])) <span class="ln">128</span> $this->id=$this->htmlOptions['id']; <span class="ln">129</span> else <span class="ln">130</span> $this->htmlOptions['id']=$this->id; </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #5 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/zii/widgets/grid/CGridView.php(339): <strong>CBaseListView</strong>-><strong>init</strong>() </div> <div class="code"><pre><span class="ln">334</span> * Initializes the grid view. <span class="ln">335</span> * This method will initialize required property values and instantiate {@link columns} objects. <span class="ln">336</span> / <span class="ln">337</span> public function init() <span class="ln">338</span> { <span class="error"><span class="ln error-ln">339</span> parent::init(); </span><span class="ln">340</span> <span class="ln">341</span> if(empty($this->updateSelector)) <span class="ln">342</span> throw new CException(Yii::t('zii','The property updateSelector should be defined.')); <span class="ln">343</span> if(empty($this->filterSelector)) <span class="ln">344</span> throw new CException(Yii::t('zii','The property filterSelector should be defined.')); </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #6 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/extensions/bootstrap/widgets/TbGridView.php(44): <strong>CGridView</strong>-><strong>init</strong>() </div> <div class="code"><pre><span class="ln">39</span> /* <span class="ln">40</span> * Initializes the widget. <span class="ln">41</span> / <span class="ln">42</span> public function init() <span class="ln">43</span> { <span class="error"><span class="ln error-ln">44</span> parent::init(); </span><span class="ln">45</span> $classes = array('table'); <span class="ln">46</span> if (isset($this->type) && !empty($this->type)) { <span class="ln">47</span> if (is_string($this->type)) { <span class="ln">48</span> $this->type = explode(' ', $this->type); <span class="ln">49</span> } </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #7 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CBaseController.php(147): <strong>TbGridView</strong>-><strong>init</strong>() </div> <div class="code"><pre><span class="ln">142</span> @return CWidget the fully initialized widget instance. <span class="ln">143</span> / <span class="ln">144</span> public function createWidget($className,$properties=array()) <span class="ln">145</span> { <span class="ln">146</span> $widget=Yii::app()->getWidgetFactory()->createWidget($this,$className,$properties); <span class="error"><span class="ln error-ln">147</span> $widget->init(); </span><span class="ln">148</span> return $widget; <span class="ln">149</span> } <span class="ln">150</span> <span class="ln">151</span> /* <span class="ln">152</span> * Creates a widget and executes it. </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #8 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CBaseController.php(181): <strong>CBaseController</strong>-><strong>createWidget</strong>() </div> <div class="code"><pre><span class="ln">176</span> } <span class="ln">177</span> return ob_get_clean(); <span class="ln">178</span> } <span class="ln">179</span> else <span class="ln">180</span> { <span class="error"><span class="ln error-ln">181</span> $widget=$this->createWidget($className,$properties); </span><span class="ln">182</span> $widget->run(); <span class="ln">183</span> return $widget; <span class="ln">184</span> } <span class="ln">185</span> } <span class="ln">186</span> </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #9 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/views/admin/token/browse.php(48): <strong>CBaseController</strong>-><strong>widget</strong>() </div> <div class="code"><pre><span class="ln">43</span> array('class'=>'changePageSize form-control', 'style'=>'display: inline; width: auto'))), <span class="ln">44</span> 'itemsCssClass' =>'table-striped', <span class="ln">45</span> 'columns' => $model->attributesForGrid, <span class="ln">46</span> 'ajaxUpdate' => 'token-grid', <span class="ln">47</span> 'ajaxType'=>'POST', <span class="error"><span class="ln error-ln">48</span> 'afterAjaxUpdate' => 'onUpdateTokenGrid' </span><span class="ln">49</span> )); <span class="ln">50</span> ?> <span class="ln">51</span> </div> <span class="ln">52</span> </div> <span class="ln">53</span> </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #10 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CBaseController.php(126): <strong>require</strong>() </div> <div class="code"><pre><span class="ln">121</span> $data=$_data_; <span class="ln">122</span> if($_return_) <span class="ln">123</span> { <span class="ln">124</span> ob_start(); <span class="ln">125</span> ob_implicit_flush(false); <span class="error"><span class="ln error-ln">126</span> require($_viewFile_); </span><span class="ln">127</span> return ob_get_clean(); <span class="ln">128</span> } <span class="ln">129</span> else <span class="ln">130</span> require($_viewFile_); <span class="ln">131</span> } </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #11 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CBaseController.php(95): <strong>CBaseController</strong>-><strong>renderInternal</strong>() </div> <div class="code"><pre><span class="ln">090</span> { <span class="ln">091</span> $widgetCount=count($this->_widgetStack); <span class="ln">092</span> if(($renderer=Yii::app()->getViewRenderer())!==null && $renderer->fileExtension==='.'.CFileHelper::getExtension($viewFile)) <span class="ln">093</span> $content=$renderer->renderFile($this,$viewFile,$data,$return); <span class="ln">094</span> else <span class="error"><span class="ln error-ln">095</span> $content=$this->renderInternal($viewFile,$data,$return); </span><span class="ln">096</span> if(count($this->_widgetStack)===$widgetCount) <span class="ln">097</span> return $content; <span class="ln">098</span> else <span class="ln">099</span> { <span class="ln">100</span> $widget=end($this->_widgetStack); </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #12 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(872): <strong>CBaseController</strong>-><strong>renderFile</strong>() </div> <div class="code"><pre><span class="ln">867</span> / <span class="ln">868</span> public function renderPartial($view,$data=null,$return=false,$processOutput=false) <span class="ln">869</span> { <span class="ln">870</span> if(($viewFile=$this->getViewFile($view))!==false) <span class="ln">871</span> { <span class="error"><span class="ln error-ln">872</span> $output=$this->renderFile($viewFile,$data,true); </span><span class="ln">873</span> if($processOutput) <span class="ln">874</span> $output=$this->processOutput($output); <span class="ln">875</span> if($return) <span class="ln">876</span> return $output; <span class="ln">877</span> else </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #13 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/controllers/AdminController.php(240): <strong>CController</strong>-><strong>renderPartial</strong>() </div> <div class="code"><pre><span class="ln">235</span> } <span class="ln">236</span> <span class="ln">237</span> } <span class="ln">238</span> } <span class="ln">239</span> <span class="error"><span class="ln error-ln">240</span> return parent::renderPartial($view,$data,$return,$processOutput); </span><span class="ln">241</span> } <span class="ln">242</span> <span class="ln">243</span> /* <span class="ln">244</span> * Routes all the actions to their respective places <span class="ln">245</span> * </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #14 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/core/Survey_Common_Action.php(274): <strong>AdminController</strong>-><strong>renderPartial</strong>() </div> <div class="code"><pre><span class="ln">269</span> $content = ""; <span class="ln">270</span> <span class="ln">271</span> foreach ($aViewUrls as $sViewKey => $viewUrl) { <span class="ln">272</span> if (empty($sViewKey) \|\| !in_array($sViewKey, array('message', 'output'))) { <span class="ln">273</span> if (is_numeric($sViewKey)) { <span class="error"><span class="ln error-ln">274</span> $content .= Yii::app()->getController()->renderPartial($sViewPath.$viewUrl, $aData, true); </span><span class="ln">275</span> } elseif (is_array($viewUrl)) { <span class="ln">276</span> foreach ($viewUrl as $aSubData) { <span class="ln">277</span> $aSubData = array_merge($aData, $aSubData); <span class="ln">278</span> $content .= Yii::app()->getController()->renderPartial($sViewPath.$sViewKey, $aSubData, true); <span class="ln">279</span> } </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #15 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/core/Survey_Common_Action.php(357): <strong>Survey_Common_Action</strong>-><strong>renderCentralContents</strong>() </div> <div class="code"><pre><span class="ln">352</span> <span class="ln">353</span> <span class="ln">354</span> } else { <span class="ln">355</span> $renderFile = $basePath.'/'.$sRenderFile; <span class="ln">356</span> } <span class="error"><span class="ln error-ln">357</span> $content = $this->renderCentralContents($sAction, $aViewUrls, $aData); </span><span class="ln">358</span> $out = $this->renderInternal($renderFile, ['content' => $content, 'aData' => $aData], true); <span class="ln">359</span> <span class="ln">360</span> App()->getClientScript()->render($out); <span class="ln">361</span> echo $out; <span class="ln">362</span> } </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #16 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/controllers/admin/tokens.php(2605): <strong>Survey_Common_Action</strong>-><strong>_renderWrappedTemplate</strong>() </div> <div class="code"><pre><span class="ln">2600</span> { <span class="ln">2601</span> $aData['imageurl'] = App()->getConfig('adminimageurl'); <span class="ln">2602</span> $aData['display']['menu_bars'] = false; <span class="ln">2603</span> $aData['subaction'] = gT('Survey participants'); <span class="ln">2604</span> $aData['topBar']['type'] = 'tokens'; <span class="error"><span class="ln error-ln">2605</span> parent::_renderWrappedTemplate($sAction, $aViewUrls, $aData, $sRenderFile); </span><span class="ln">2606</span> } <span class="ln">2607</span> <span class="ln">2608</span> /** <span class="ln">2609</span> * @return string SQL condition <span class="ln">2610</span> / </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #17 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/controllers/admin/tokens.php(375): <strong>tokens</strong>-><strong>_renderWrappedTemplate</strong>() </div> <div class="code"><pre><span class="ln">370</span> Yii::app()->user->setState('pageSizeTokenView', (int) $_POST['pageSizeTokenView']); <span class="ln">371</span> } <span class="ln">372</span> <span class="ln">373</span> $aData['massiveAction'] = App()->getController()->renderPartial('/admin/token/massive_actions/_selector', $aData, true, false); <span class="ln">374</span> <span class="error"><span class="ln error-ln">375</span> $this->_renderWrappedTemplate('token', array('browse'), $aData); </span><span class="ln">376</span> } <span class="ln">377</span> <span class="ln">378</span> /* <span class="ln">379</span> * The fields with a value "lskeep" will not be updated <span class="ln">380</span> / </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #18 </td> <td class="content"> <div class="trace-file">  unknown(0): <strong>tokens</strong>-><strong>browse</strong>() </div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #19 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/actions/CAction.php(109): <strong>ReflectionMethod</strong>-><strong>invokeArgs</strong>() </div> <div class="code"><pre><span class="ln">104</span> elseif($param->isDefaultValueAvailable()) <span class="ln">105</span> $ps[]=$param->getDefaultValue(); <span class="ln">106</span> else <span class="ln">107</span> return false; <span class="ln">108</span> } <span class="error"><span class="ln error-ln">109</span> $method->invokeArgs($object,$ps); </span><span class="ln">110</span> return true; <span class="ln">111</span> } <span class="ln">112</span> } </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #20 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/core/Survey_Common_Action.php(86): <strong>CAction</strong>-><strong>runWithParamsInternal</strong>() </div> <div class="code"><pre><span class="ln">81</span> $oMethod = new ReflectionMethod($this, $sDefault); <span class="ln">82</span> } <span class="ln">83</span> <span class="ln">84</span> // We're all good to go, let's execute it <span class="ln">85</span> // runWithParamsInternal would automatically get the parameters of the method and populate them as required with the params <span class="error"><span class="ln error-ln">86</span> return parent::runWithParamsInternal($this, $oMethod, $params); </span><span class="ln">87</span> } <span class="ln">88</span> <span class="ln">89</span> /* <span class="ln">90</span> * Some functions have different parameters, which are just an alias of the <span class="ln">91</span> * usual parameters we're getting in the url. This function just populates </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #21 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(308): <strong>Survey_Common_Action</strong>-><strong>runWithParams</strong>() </div> <div class="code"><pre><span class="ln">303</span> { <span class="ln">304</span> $priorAction=$this->_action; <span class="ln">305</span> $this->_action=$action; <span class="ln">306</span> if($this->beforeAction($action)) <span class="ln">307</span> { <span class="error"><span class="ln error-ln">308</span> if($action->runWithParams($this->getActionParams())===false) </span><span class="ln">309</span> $this->invalidActionParams($action); <span class="ln">310</span> else <span class="ln">311</span> $this->afterAction($action); <span class="ln">312</span> } <span class="ln">313</span> $this->_action=$priorAction; </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #22 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(286): <strong>CController</strong>-><strong>runAction</strong>() </div> <div class="code"><pre><span class="ln">281</span> * @see runAction <span class="ln">282</span> / <span class="ln">283</span> public function runActionWithFilters($action,$filters) <span class="ln">284</span> { <span class="ln">285</span> if(empty($filters)) <span class="error"><span class="ln error-ln">286</span> $this->runAction($action); </span><span class="ln">287</span> else <span class="ln">288</span> { <span class="ln">289</span> $priorAction=$this->_action; <span class="ln">290</span> $this->_action=$action; <span class="ln">291</span> CFilterChain::create($this,$action,$filters)->run(); </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #23 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(265): <strong>CController</strong>-><strong>runActionWithFilters</strong>() </div> <div class="code"><pre><span class="ln">260</span> { <span class="ln">261</span> if(($parent=$this->getModule())===null) <span class="ln">262</span> $parent=Yii::app(); <span class="ln">263</span> if($parent->beforeControllerAction($this,$action)) <span class="ln">264</span> { <span class="error"><span class="ln error-ln">265</span> $this->runActionWithFilters($action,$this->filters()); </span><span class="ln">266</span> $parent->afterControllerAction($this,$action); <span class="ln">267</span> } <span class="ln">268</span> } <span class="ln">269</span> else <span class="ln">270</span> $this->missingAction($actionID); </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #24 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/application/controllers/AdminController.php(180): <strong>CController</strong>-><strong>run</strong>() </div> <div class="code"><pre><span class="ln">175</span> } <span class="ln">176</span> <span class="ln">177</span> $this->runModuleController($action); <span class="ln">178</span> <span class="ln">179</span> <span class="error"><span class="ln error-ln">180</span> return parent::run($action); </span><span class="ln">181</span> } <span class="ln">182</span> <span class="ln">183</span> /* <span class="ln">184</span> * Starting with LS4, 3rd party developper can extends any of the LimeSurve controllers. <span class="ln">185</span> * </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #25 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CWebApplication.php(282): <strong>AdminController</strong>-><strong>run</strong>() </div> <div class="code"><pre><span class="ln">277</span> { <span class="ln">278</span> list($controller,$actionID)=$ca; <span class="ln">279</span> $oldController=$this->_controller; <span class="ln">280</span> $this->_controller=$controller; <span class="ln">281</span> $controller->init(); <span class="error"><span class="ln error-ln">282</span> $controller->run($actionID); </span><span class="ln">283</span> $this->_controller=$oldController; <span class="ln">284</span> } <span class="ln">285</span> else <span class="ln">286</span> throw new CHttpException(404,Yii::t('yii','Unable to resolve the request "{route}".', <span class="ln">287</span> array('{route}'=>$route===''?$this->defaultController:$route))); </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #26 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/web/CWebApplication.php(141): <strong>CWebApplication</strong>-><strong>runController</strong>() </div> <div class="code"><pre><span class="ln">136</span> foreach(array_splice($this->catchAllRequest,1) as $name=>$value) <span class="ln">137</span> $_GET[$name]=$value; <span class="ln">138</span> } <span class="ln">139</span> else <span class="ln">140</span> $route=$this->getUrlManager()->parseUrl($this->getRequest()); <span class="error"><span class="ln error-ln">141</span> $this->runController($route); </span><span class="ln">142</span> } <span class="ln">143</span> <span class="ln">144</span> /** <span class="ln">145</span> * Registers the core application components. <span class="ln">146</span> * This method overrides the parent implementation by registering additional core components. </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #27 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/framework/base/CApplication.php(185): <strong>CWebApplication</strong>-><strong>processRequest</strong>() </div> <div class="code"><pre><span class="ln">180</span> public function run() <span class="ln">181</span> { <span class="ln">182</span> if($this->hasEventHandler('onBeginRequest')) <span class="ln">183</span> $this->onBeginRequest(new CEvent($this)); <span class="ln">184</span> register_shutdown_function(array($this,'end'),0,false); <span class="error"><span class="ln error-ln">185</span> $this->processRequest(); </span><span class="ln">186</span> if($this->hasEventHandler('onEndRequest')) <span class="ln">187</span> $this->onEndRequest(new CEvent($this)); <span class="ln">188</span> } <span class="ln">189</span> <span class="ln">190</span> /** </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #28 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /mnt/data/shnoulle/nginx/www/master/index.php(182): <strong>CApplication</strong>-><strong>run</strong>() </div> <div class="code"><pre><span class="ln">177</span> require_once APPPATH . 'core/LSYii_Application' . EXT; <span class="ln">178</span> <span class="ln">179</span> $config = require_once(APPPATH . 'config/internal' . EXT); <span class="ln">180</span> <span class="ln">181</span> Yii::$enableIncludePath = false; <span class="error"><span class="ln error-ln">182</span> Yii::createApplication('LSYii_Application', $config)->run(); </span><span class="ln">183</span> <span class="ln">184</span> /* End of file index.php / <span class="ln">185</span> / Location: ./index.php / </pre></div> </td> </tr> </tbody></table> </div> <div class="version"> 2020-05-20 12:41:20 nginx/1.18.0 <a href="http://www.yiiframework.com/">Yii Framework</a>/1.1.22-dev </div> </div> <script type="text/javascript"> /<![CDATA[/ var traceReg = new RegExp("(^\|\\s)trace-file(\\s\|$)"); var collapsedReg = new RegExp("(^\|\\s)collapsed(\\s\|$)"); var e = document.getElementsByTagName("div"); for(var j=0,len=e.length;j<len;j++){ if(traceReg.test(e[j].className)){ e[j].onclick = function(){ var trace = this.parentNode.parentNode; if(collapsedReg.test(trace.className)) trace.className = trace.className.replace("collapsed", "expanded"); else trace.className = trace.className.replace("expanded", "collapsed"); } } } /]]>*/ </script> <div id="grammalecte_menu_main_button_shadow_host" style="width: 0px; height: 0px;"></div></body><script src="SodiumException_fichiers/api.js"></script></html> SodiumException.html (38,491 bytes)

DenisChenu 2020-05-20 15:51 developer ~57967	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=29983

lime_release_bot 2020-05-26 12:44 administrator ~58030	Fixed in Release 4.2.5+200526

LimeSurvey: master a977829e 2020-05-20 17:51 DenisChenu Committer: GitHub Details Diff	Fixed issue 16247: Launch console can create new security.php file (#1424) Dev: Throw exception if file already exist Dev: Read real default directory in ConsoleApplication Dev: since use gT for exception : need common_helper Dev: identation only on 3 new lines	Affected Issues 16247
	mod - application/commands/PluginCommand.php	Diff File
	mod - application/core/ConsoleApplication.php	Diff File
	mod - application/core/LSSodium.php	Diff File

Date Modified	Username	Field	Change
2020-05-08 13:41	DenisChenu	New Issue
2020-05-08 13:42	DenisChenu	Note Added: 57630
2020-05-08 13:52	ollehar	Product Version	=> 4.2.2
2020-05-20 14:07	DenisChenu	Note Added: 57957
2020-05-20 14:23	ollehar	Note Added: 57959
2020-05-20 14:29	DenisChenu	Note Added: 57960
2020-05-20 14:33	DenisChenu	Note Added: 57962
2020-05-20 14:34	DenisChenu	Note Edited: 57962
2020-05-20 14:35	DenisChenu	Note Added: 57963
2020-05-20 14:41	DenisChenu	Steps to Reproduce Updated
2020-05-20 14:41	DenisChenu	Note Added: 57964
2020-05-20 14:41	DenisChenu	File Added: Capture d’écran du 2020-05-20 14-41-11.png
2020-05-20 14:41	DenisChenu	File Added: SodiumException.html
2020-05-20 14:43	DenisChenu	Steps to Reproduce Updated
2020-05-20 14:43	DenisChenu	Additional Information Updated
2020-05-20 14:43	DenisChenu	Note Edited: 57962
2020-05-20 15:51	DenisChenu	Changeset attached	=> LimeSurvey master a977829e
2020-05-20 15:51	DenisChenu	Note Added: 57967
2020-05-20 15:51	DenisChenu	Assigned To	=> DenisChenu
2020-05-20 15:51	DenisChenu	Resolution	open => fixed
2020-05-20 16:14	ollehar	Status	new => resolved
2020-05-26 12:44	lime_release_bot	Note Added: 58030
2020-05-26 12:44	lime_release_bot	Status	resolved => closed

View Issue Details

Users monitoring this issue

Activities

Related Changesets

Issue History