View Issue Details

IDProjectCategoryView StatusLast Update
16471Bug reports_ Unknownpublic2020-11-30 14:08
Reporterjatoko Assigned To 
PrioritynoneSeverityblock 
Status newResolutionopen 
Product Version4.3.0 
Summary16471: Inserted div by CBaseListView contains wrong URL
Description

The div 'keys' inserted by CBaseListView uses the request URL which misses the baseUrl if a reverse proxy mode is used. This results in error when logging in, deleting responses, filtering responses etc.

Steps To Reproduce

Change baseUrl
Load login page
login
get error page

Additional Information

I submit a pull request to fix this issue.

In framework/zii/widgets/CBaseListView.php change:

'title'=>Yii::app()->getRequest()->getUrl(),

to

'title'=>Yii::app()->getBaseURL().Yii::app()->getRequest()->getUrl(),

TagsNo tags attached.
Complete LimeSurvey version number (& build)4.3.0+200616
I will donate to the project if issue is resolvedNo
Sync to Zoho Project
Browser
Database & DB-Version15.1 Distrib 10.1.44-MariaDB
Server OS (if known)
Webserver software & version (if known)
PHP Version7.3

Activities

DenisChenu

DenisChenu

2020-07-08 16:45

developer   ~58800

misses the baseUrl if a reverse proxy mode is used.

Even without proxy : see https://www.yiiframework.com/doc/api/1.1/CHttpRequest#getUrl-detail "

Else : i think we need baseUrl not absolute URL

Proxy issue ?

DenisChenu

DenisChenu

2020-07-08 16:46

developer   ~58801

It's better if we don't force url … and keep relative URL

DenisChenu

DenisChenu

2020-07-08 16:50

developer   ~58802

If i don't make error : you can force baseUrl with

        // Enforce a certain URL base 
        'request' => array(
            'hostInfo' => 'http://www.example.org/'  
            ),

https://manual.limesurvey.org/Optional_settings#Request_settings

gabrieljenik

gabrieljenik

2020-10-15 22:37

developer   ~60220

I have the feeling this will faile if LS in a subfolder.
I am tsting it!

gabrieljenik

gabrieljenik

2020-10-16 01:00

developer   ~60221

Yes, the path seems to be wrong if LS is installed ina subfolder.
Check attachment please,

How is this "keys" div used for?

Please take into account we are updating a base thing from Yii.
Not sure that's the best.

What are we tryingto accomplish?
Can you elaborate more?

Thanks!

image.png (6,531 bytes)   
image.png (6,531 bytes)   
jatoko

jatoko

2020-11-01 12:31

reporter   ~60484

Hi! Sorry for my late response, but I only managed to look into this issue again today.

We had the folling issue:

  1. call proxyUrl/admin -> redirects to -> proxyUrl/index.php/admin/authentication/sa/login
  2. insert credential and fire submit event
  3. POST response contains wrong location-header redirecting to /index.php/admin

Navigating manually to proxyUrl/index.php/admin after login loads all ressources just fine.

Fix:

in /application/controllers/admin/authentication.php

in doRedirect()

(-) $returnUrl = App()->user->getReturnUrl(array('/admin'));
(-) Yii::app()->getController()->redirect($returnUrl);

(+) App()->getController()->redirect(array('/admin'));

Now this fixes our issue. I do not remeber if we had any other issue which made me suggest changes to Yii. So I believe that this is the "real" issue. Sorry for confusion.

gabrieljenik

gabrieljenik

2020-11-26 20:22

developer   ~60767

Last edited: 2020-11-26 20:23

View 2 revisions

On step #3, can you please describe which is the full url that you are getting and which is the full url that you are expecting?

The change that you suggest breaks the feature of allowing the user to return to the url which was intended to lad before the login screen appeared.

jatoko

jatoko

2020-11-27 00:18

reporter   ~60770

Here is the full call stack (example):
I call: https://HOST/custom/path/index.php/admin/index
I get redirected for login to: https://HOST/custom/path/index.php/admin/authentication/sa/login
After login, I get redirected to: https://HOST/index.php/admin
I expect to be redirected to: https://HOST/custom/path/index.php/admin

"custom/path" is ignored, while all other requests work fine and include the path.

Browser history works fine of course.

Interestingly, filter options when looking at survey responses have the same problem too.

For example, filter for completed answers only leads to wrong POST:
I get: https://HOST/index.php/admin/responses/sa/browse/surveyid/XXXXX?ajax=responses-grid
I expect: https://HOST/custom/path/index.php/admin/responses/sa/browse/surveyid/XXXXX?ajax=responses-grid

DenisChenu

DenisChenu

2020-11-27 07:59

developer   ~60772

Related ?
Show survey list on Home page : survey list navigator broken

jatoko

jatoko

2020-11-27 10:51

reporter   ~60779

As far as I understand multiviews, the suggested related buck relies on rewrites done by apache which it should not be doing. In our case, however, the limesurvey application uses wrong URLs.

I still believe the problem related to using YII "getUrl".
I added two screenshots:

  1. getUrl not including custom/path
  2. "update" function of yii preparing POST req to URL also missing custom/path
ls_bug.png (15,774 bytes)   
ls_bug.png (15,774 bytes)   
ls_bug2.png (89,030 bytes)   
ls_bug2.png (89,030 bytes)   
jatoko

jatoko

2020-11-27 10:53

reporter   ~60780

*sorry for typo: I meant bug but cannot edit the post?

DenisChenu

DenisChenu

2020-11-27 10:59

developer   ~60781

PS : i have a lot of instance in subfolder : then it's not related to only the subfolder ....

DenisChenu

DenisChenu

2020-11-27 11:00

developer   ~60782

PS2 : see https://www.yiiframework.com/doc/api/1.1/CHttpRequest#getRequestUri-detail

if a reverse proxy mode

proxy issue in my opinion.

gabrieljenik

gabrieljenik

2020-11-27 20:31

developer   ~60790

I think this is about reverse proxy.
And also think this is not a LS issue but a Yii one.

Still, we were not able to reproduce it with reverse proxy.
Have you checked this?
https://bugs.limesurvey.org/view.php?id=16471#c58802

Says exactly the same as here.
https://forum.yiiframework.com/t/yii-reverse-proxy-site/33639/2

gabrieljenik

gabrieljenik

2020-11-30 14:08

developer   ~60805

As to be cleat, please @jatoko can you confirm you have applied this configuration?
https://bugs.limesurvey.org/view.php?id=16471#c58802

We will continue reviewing and trying to reproduce after.

Thansk!

Issue History

Date Modified Username Field Change
2020-07-08 16:10 jatoko New Issue
2020-07-08 16:45 DenisChenu Note Added: 58800
2020-07-08 16:46 DenisChenu Note Added: 58801
2020-07-08 16:50 DenisChenu Note Added: 58802
2020-10-15 22:37 gabrieljenik Note Added: 60220
2020-10-16 01:00 gabrieljenik Note Added: 60221
2020-10-16 01:00 gabrieljenik File Added: image.png
2020-11-01 12:31 jatoko Note Added: 60484
2020-11-26 20:22 gabrieljenik Note Added: 60767
2020-11-26 20:23 gabrieljenik Note Edited: 60767 View Revisions
2020-11-27 00:18 jatoko Note Added: 60770
2020-11-27 07:59 DenisChenu Note Added: 60772
2020-11-27 10:51 jatoko Note Added: 60779
2020-11-27 10:51 jatoko File Added: ls_bug.png
2020-11-27 10:51 jatoko File Added: ls_bug2.png
2020-11-27 10:53 jatoko Note Added: 60780
2020-11-27 10:59 DenisChenu Note Added: 60781
2020-11-27 11:00 DenisChenu Note Added: 60782
2020-11-27 20:31 gabrieljenik Note Added: 60790
2020-11-30 14:08 gabrieljenik Note Added: 60805