View Issue Details

IDProjectCategoryView StatusLast Update
16656Bug reportsSurvey takingpublic2020-09-10 13:23
ReporterDeveloperChris Assigned To 
PrioritynoneSeverityblock 
Status newResolutionopen 
Product Version3.23.3 
Summary16656: uploading files in chrome corrupts the response and loses the uploaded file
Description

I have been chasing a sever bug for several days now and have finally determined what is causing it

The upload file question type does not adequately escape characters and causes truncated JSON to be stored in the database because the JSON is truncated it is near impossible to recover the uploaded file.

The survey is part of a covid 19 medical response so this bug is critical for us.

Steps To Reproduce

import the attached simple LSS file it contains 2 questions a file upload and a mandatory text field the mandatory part is critical to this bug.

Activate the survey and browse to it in chrome Version 85.0.4183.102 (Official Build) (64-bit)

Add a file

in the title field add a gt symbol e.g. t'itle

Do not enter any text into the mandatory text question

Click submit.

An error occurs close the error dialogue

Now you can see that the upload question contains damaged JSON

open the developer screen in chrome (F12)

add text to the mandatory text field

Submit the form and see what is actually submitted

This also fails in firefox however the symptoms can be a bit different (at times)

Additional Information

Problem is in all versions of Limesurvey 3 prior to 3.23.3

if you include a gt '<' symbol in either the title or the comment the displayed title and comment fields are also corrupted this may mean there is an XSS exploit possible

See attached images

TagsNo tags attached.
Complete LimeSurvey version number (& build)3.23.3
I will donate to the project if issue is resolvedYes
BrowserChrome Version 85.0.4183.102
Database & DB-VersionN/A
Server OS (if known)N/A
Webserver software & version (if known)N/A
PHP VersionN/A

Activities

DeveloperChris

DeveloperChris

2020-09-10 13:20

reporter  

DeveloperChris

DeveloperChris

2020-09-10 13:23

reporter   ~59768

I meant to say "an apostrophe" but wrote "a gt symbol" however as stated later in the submission a gt "<" symbol also causes corruption

Issue History

Date Modified Username Field Change
2020-09-10 13:20 DeveloperChris New Issue
2020-09-10 13:20 DeveloperChris File Added: limesurvey_survey_733255.lss
2020-09-10 13:20 DeveloperChris File Added: 2020-09-10 20_14_18-test uploads-1.png
2020-09-10 13:20 DeveloperChris File Added: 2020-09-10 20_32_08-test uploads-2.png
2020-09-10 13:20 DeveloperChris File Added: 2020-09-10 20_27_47-test uploads-3.png
2020-09-10 13:20 DeveloperChris File Added: 2020-09-10 20_22_55-!ERROR-4.png
2020-09-10 13:20 DeveloperChris File Added: 2020-09-10 20_33_39-Developer Tools - test uploads - http___localhost_8080_index.php_733255-5.png
2020-09-10 13:20 DeveloperChris File Added: 2020-09-10 20_37_58-MySQL Workbench-6.png
2020-09-10 13:23 DeveloperChris Note Added: 59768