View Issue Details

This bug affects 1 person(s).
 10
IDProjectCategoryView StatusLast Update
16471Bug reports_ Unknownpublic2021-04-11 10:59
Reporterjatoko Assigned Toollehar  
PrioritynoneSeveritypartial_block 
Status closedResolutionunable to reproduce 
Product Version4.3.0 
Summary16471: Inserted div by CBaseListView contains wrong URL
Description

The div 'keys' inserted by CBaseListView uses the request URL which misses the baseUrl if a reverse proxy mode is used. This results in error when logging in, deleting responses, filtering responses etc.

Steps To Reproduce

Change baseUrl
Load login page
login
get error page

Additional Information

I submit a pull request to fix this issue.

In framework/zii/widgets/CBaseListView.php change:

'title'=>Yii::app()->getRequest()->getUrl(),

to

'title'=>Yii::app()->getBaseURL().Yii::app()->getRequest()->getUrl(),

TagsNo tags attached.
Bug heat10
Complete LimeSurvey version number (& build)4.3.0+200616
I will donate to the project if issue is resolvedNo
Browser
Database type & version15.1 Distrib 10.1.44-MariaDB
Server OS (if known)
Webserver software & version (if known)
PHP Version7.3

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2020-07-08 16:45

developer   ~58800

misses the baseUrl if a reverse proxy mode is used.

Even without proxy : see https://www.yiiframework.com/doc/api/1.1/CHttpRequest#getUrl-detail "

Else : i think we need baseUrl not absolute URL

Proxy issue ?

DenisChenu

DenisChenu

2020-07-08 16:46

developer   ~58801

It's better if we don't force url … and keep relative URL

DenisChenu

DenisChenu

2020-07-08 16:50

developer   ~58802

If i don't make error : you can force baseUrl with

        // Enforce a certain URL base 
        'request' => array(
            'hostInfo' => 'http://www.example.org/'  
            ),

https://manual.limesurvey.org/Optional_settings#Request_settings

gabrieljenik

gabrieljenik

2020-10-15 22:37

manager   ~60220

I have the feeling this will faile if LS in a subfolder.
I am tsting it!

gabrieljenik

gabrieljenik

2020-10-16 01:00

manager   ~60221

Yes, the path seems to be wrong if LS is installed ina subfolder.
Check attachment please,

How is this "keys" div used for?

Please take into account we are updating a base thing from Yii.
Not sure that's the best.

What are we tryingto accomplish?
Can you elaborate more?

Thanks!

image.png (6,531 bytes)   
image.png (6,531 bytes)   
jatoko

jatoko

2020-11-01 12:31

reporter   ~60484

Hi! Sorry for my late response, but I only managed to look into this issue again today.

We had the folling issue:

  1. call proxyUrl/admin -> redirects to -> proxyUrl/index.php/admin/authentication/sa/login
  2. insert credential and fire submit event
  3. POST response contains wrong location-header redirecting to /index.php/admin

Navigating manually to proxyUrl/index.php/admin after login loads all ressources just fine.

Fix:

in /application/controllers/admin/authentication.php

in doRedirect()

(-) $returnUrl = App()->user->getReturnUrl(array('/admin'));
(-) Yii::app()->getController()->redirect($returnUrl);

(+) App()->getController()->redirect(array('/admin'));

Now this fixes our issue. I do not remeber if we had any other issue which made me suggest changes to Yii. So I believe that this is the "real" issue. Sorry for confusion.

gabrieljenik

gabrieljenik

2020-11-26 20:22

manager   ~60767

Last edited: 2020-11-26 20:23

On step #3, can you please describe which is the full url that you are getting and which is the full url that you are expecting?

The change that you suggest breaks the feature of allowing the user to return to the url which was intended to lad before the login screen appeared.

jatoko

jatoko

2020-11-27 00:18

reporter   ~60770

Here is the full call stack (example):
I call: https://HOST/custom/path/index.php/admin/index
I get redirected for login to: https://HOST/custom/path/index.php/admin/authentication/sa/login
After login, I get redirected to: https://HOST/index.php/admin
I expect to be redirected to: https://HOST/custom/path/index.php/admin

"custom/path" is ignored, while all other requests work fine and include the path.

Browser history works fine of course.

Interestingly, filter options when looking at survey responses have the same problem too.

For example, filter for completed answers only leads to wrong POST:
I get: https://HOST/index.php/admin/responses/sa/browse/surveyid/XXXXX?ajax=responses-grid
I expect: https://HOST/custom/path/index.php/admin/responses/sa/browse/surveyid/XXXXX?ajax=responses-grid

DenisChenu

DenisChenu

2020-11-27 07:59

developer   ~60772

Related ?
Show survey list on Home page : survey list navigator broken

jatoko

jatoko

2020-11-27 10:51

reporter   ~60779

As far as I understand multiviews, the suggested related buck relies on rewrites done by apache which it should not be doing. In our case, however, the limesurvey application uses wrong URLs.

I still believe the problem related to using YII "getUrl".
I added two screenshots:

  1. getUrl not including custom/path
  2. "update" function of yii preparing POST req to URL also missing custom/path
ls_bug.png (15,774 bytes)   
ls_bug.png (15,774 bytes)   
ls_bug2.png (89,030 bytes)   
ls_bug2.png (89,030 bytes)   
jatoko

jatoko

2020-11-27 10:53

reporter   ~60780

*sorry for typo: I meant bug but cannot edit the post?

DenisChenu

DenisChenu

2020-11-27 10:59

developer   ~60781

PS : i have a lot of instance in subfolder : then it's not related to only the subfolder ....

DenisChenu

DenisChenu

2020-11-27 11:00

developer   ~60782

PS2 : see https://www.yiiframework.com/doc/api/1.1/CHttpRequest#getRequestUri-detail

if a reverse proxy mode

proxy issue in my opinion.

gabrieljenik

gabrieljenik

2020-11-27 20:31

manager   ~60790

I think this is about reverse proxy.
And also think this is not a LS issue but a Yii one.

Still, we were not able to reproduce it with reverse proxy.
Have you checked this?
https://bugs.limesurvey.org/view.php?id=16471#c58802

Says exactly the same as here.
https://forum.yiiframework.com/t/yii-reverse-proxy-site/33639/2

gabrieljenik

gabrieljenik

2020-11-30 14:08

manager   ~60805

As to be cleat, please @jatoko can you confirm you have applied this configuration?
https://bugs.limesurvey.org/view.php?id=16471#c58802

We will continue reviewing and trying to reproduce after.

Thansk!

ollehar

ollehar

2021-03-03 16:05

administrator   ~62686

Please check if this bug still exists in the latest patch release. Thank you.

jatoko

jatoko

2021-03-04 11:56

reporter   ~62711

I updated to Version 4.4.11+210301, but the problem still exists i.e. the requested filename is missing the 'baseUrl'-prefix.

Our setup:

[Nginx] <=> [Apache + LimeSurvey]

According to YII Framework, Apache does not require any special config.

This is our LS configuration (config.php):
'request' => array(
'hostInfo' => 'https://'.$_SERVER['HTTP_X_FORWARDED_HOST'].'/',
'baseUrl' => '/studies/surveys',
)

This is our Nginx configuration:

    # LimeSurvey instance

    # fix bug not including baseUrl for admin page:
    location /index.php/admin {
       rewrite ^(.*)$ /studies/surveys$1 permanent;
    }

    location /studies/surveys/ {
        proxy_pass https://IP_ADDRESS/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Referer $http_referer;
        client_max_body_size 50m;
    }
ollehar

ollehar

2021-03-05 17:21

administrator   ~62796

And your suggested fix is still this line?

(+) App()->getController()->redirect(array('/admin'));

c_schmitz

c_schmitz

2021-04-11 10:59

administrator   ~63908

Hello jatoko,

we have asked for feedback on this issue. Because we did not get an answer we assume that the issue is resolved.

Thank you and best regards,

c_schmitz

Issue History

Date Modified Username Field Change
2020-07-08 16:10 jatoko New Issue
2020-07-08 16:45 DenisChenu Note Added: 58800
2020-07-08 16:46 DenisChenu Note Added: 58801
2020-07-08 16:50 DenisChenu Note Added: 58802
2020-10-15 22:37 gabrieljenik Note Added: 60220
2020-10-16 01:00 gabrieljenik Note Added: 60221
2020-10-16 01:00 gabrieljenik File Added: image.png
2020-11-01 12:31 jatoko Note Added: 60484
2020-11-26 20:22 gabrieljenik Note Added: 60767
2020-11-26 20:23 gabrieljenik Note Edited: 60767
2020-11-27 00:18 jatoko Note Added: 60770
2020-11-27 07:59 DenisChenu Note Added: 60772
2020-11-27 10:51 jatoko Note Added: 60779
2020-11-27 10:51 jatoko File Added: ls_bug.png
2020-11-27 10:51 jatoko File Added: ls_bug2.png
2020-11-27 10:53 jatoko Note Added: 60780
2020-11-27 10:59 DenisChenu Note Added: 60781
2020-11-27 11:00 DenisChenu Note Added: 60782
2020-11-27 20:31 gabrieljenik Note Added: 60790
2020-11-30 14:08 gabrieljenik Note Added: 60805
2021-03-03 16:05 ollehar Assigned To => ollehar
2021-03-03 16:05 ollehar Status new => feedback
2021-03-03 16:05 ollehar Note Added: 62686
2021-03-04 11:56 jatoko Note Added: 62711
2021-03-04 11:56 jatoko Status feedback => assigned
2021-03-05 17:21 ollehar Note Added: 62796
2021-03-09 12:47 ollehar Severity block => partial_block
2021-03-10 14:01 c_schmitz Status assigned => feedback
2021-04-11 10:59 c_schmitz Status feedback => closed
2021-04-11 10:59 c_schmitz Resolution open => unable to reproduce
2021-04-11 10:59 c_schmitz Note Added: 63908