View Issue Details

IDProjectCategoryView StatusLast Update
17027Bug reportsSurvey editingpublic2021-03-08 19:38
ReporterDenisChenu Assigned Toollehar  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version4.4.0 
Fixed in Version4.4.12 
Summary17027: Personal settings " Show script field: " to no throw error
DescriptionWhen set " Show script field: " to NO and set debug = 2 !: no wayè to add question
Steps To ReproduceSet " Show script field: " to NO
Set debug = 2
Create a question,
Save : error
Additional InformationSame with update question : it means
- User 1 add script
- User 2 didn't show script
- User 2 delete script always … (another report to do, but think XSS/script system right is broken now …)
TagsNo tags attached.
Complete LimeSurvey version number (& build)4.4.0 github
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database & DB-Versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Relationships

related to 17028 confirmed Script are not saved 

Activities

DenisChenu

DenisChenu

2021-01-29 08:57

developer  

PHP notice.html (17,112 bytes)   
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>PHP notice</title>

<style type="text/css">
/*<![CDATA[*/
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-size:100%;vertical-align:baseline;background:transparent;margin:0;padding:0;}
body{line-height:1;}
ol,ul{list-style:none;}
blockquote,q{quotes:none;}
blockquote:before,blockquote:after,q:before,q:after{content:none;}
:focus{outline:0;}
ins{text-decoration:none;}
del{text-decoration:line-through;}
table{border-collapse:collapse;border-spacing:0;}

body {
	font: normal 9pt "Verdana";
	color: #000;
	background: #fff;
}

h1 {
	font: normal 18pt "Verdana";
	color: #f00;
	margin-bottom: .5em;
}

h2 {
	font: normal 14pt "Verdana";
	color: #800000;
	margin-bottom: .5em;
}

h3 {
	font: bold 11pt "Verdana";
}

pre {
	font: normal 11pt Menlo, Consolas, "Lucida Console", Monospace;
}

pre span.error {
	display: block;
	background: #fce3e3;
}

pre span.ln {
	color: #999;
	padding-right: 0.5em;
	border-right: 1px solid #ccc;
}

pre span.error-ln {
	font-weight: bold;
}

.container {
	margin: 1em 4em;
}

.version {
	color: gray;
	font-size: 8pt;
	border-top: 1px solid #aaa;
	padding-top: 1em;
	margin-bottom: 1em;
}

.message {
	color: #000;
	padding: 1em;
	font-size: 11pt;
	background: #f3f3f3;
	-webkit-border-radius: 10px;
	-moz-border-radius: 10px;
	border-radius: 10px;
	margin-bottom: 1em;
	line-height: 160%;
}

.source {
	margin-bottom: 1em;
}

.code pre {
	background-color: #ffe;
	margin: 0.5em 0;
	padding: 0.5em;
	line-height: 125%;
	border: 1px solid #eee;
}

.source .file {
	margin-bottom: 1em;
	font-weight: bold;
}

.traces {
	margin: 2em 0;
}

.trace {
	margin: 0.5em 0;
	padding: 0.5em;
}

.trace.app {
	border: 1px dashed #c00;
}

.trace .number {
	text-align: right;
	width: 2em;
	padding: 0.5em;
}

.trace .content {
	padding: 0.5em;
}

.trace .plus,
.trace .minus {
	display:inline;
	vertical-align:middle;
	text-align:center;
	border:1px solid #000;
	color:#000;
	font-size:10px;
	line-height:10px;
	margin:0;
	padding:0 1px;
	width:10px;
	height:10px;
}

.trace.collapsed .minus,
.trace.expanded .plus,
.trace.collapsed pre {
	display: none;
}

.trace-file {
	cursor: pointer;
	padding: 0.2em;
}

.trace-file:hover {
	background: #f0ffff;
}
/*]]>*/
</style>
</head>

<body>
<div class="container">
	<h1>PHP notice</h1>

	<p class="message">
		Undefined index: script	</p>

	<div class="source">
		<p class="file">/mnt/data/shnoulle/nginx/www/master/application/controllers/QuestionAdministrationController.php(2489)</p>
		<div class="code"><pre><span class="ln">2477</span>      */
<span class="ln">2478</span>     private function applyL10n($oQuestion, $dataSet)
<span class="ln">2479</span>     {
<span class="ln">2480</span>         foreach ($dataSet as $sLanguage =&gt; $aI10NBlock) {
<span class="ln">2481</span>             $i10N = QuestionL10n::model()-&gt;findByAttributes(['qid' =&gt; $oQuestion-&gt;qid, 'language' =&gt; $sLanguage]);
<span class="ln">2482</span>             if (empty($i10N)) {
<span class="ln">2483</span>                 throw new Exception('Found no L10n object');
<span class="ln">2484</span>             }
<span class="ln">2485</span>             $i10N-&gt;setAttributes(
<span class="ln">2486</span>                 [
<span class="ln">2487</span>                     'question' =&gt; $aI10NBlock['question'],
<span class="ln">2488</span>                     'help'     =&gt; $aI10NBlock['help'],
<span class="error"><span class="ln error-ln">2489</span>                     'script'   =&gt; $aI10NBlock['script'],
</span><span class="ln">2490</span>                 ],
<span class="ln">2491</span>                 false
<span class="ln">2492</span>             );
<span class="ln">2493</span>             if (!$i10N-&gt;save()) {
<span class="ln">2494</span>                 throw new CHttpException(500, gT("Could not store translation"));
<span class="ln">2495</span>             }
<span class="ln">2496</span>         }
<span class="ln">2497</span> 
<span class="ln">2498</span>         return true;
<span class="ln">2499</span>     }
<span class="ln">2500</span> 
<span class="ln">2501</span>     /**
</pre></div>	</div>

	<div class="traces">
		<h2>Stack Trace</h2>
				<table style="width:100%;">
						<tbody><tr class="trace app expanded">
			<td class="number">
				#0			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/controllers/QuestionAdministrationController.php(398): <strong>QuestionAdministrationController</strong>-&gt;<strong>applyL10n</strong>(Question, array("en" =&gt; array("question" =&gt; "&lt;p&gt;Multiple choice question&lt;/p&gt;", "help" =&gt; "")))				</div>

				<div class="code"><pre><span class="ln">393</span>             }
<span class="ln">394</span> 
<span class="ln">395</span>             // Apply the changes to general settings, advanced settings and translations
<span class="ln">396</span>             $setApplied = [];
<span class="ln">397</span> 
<span class="error"><span class="ln error-ln">398</span>             $setApplied['questionI10N'] = $this-&gt;applyL10n($question, $questionData['questionI10N']);
</span><span class="ln">399</span> 
<span class="ln">400</span>             $setApplied['advancedSettings'] = $this-&gt;unparseAndSetAdvancedOptions(
<span class="ln">401</span>                 $question,
<span class="ln">402</span>                 $questionData['advancedSettings']
<span class="ln">403</span>             );
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#1			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/actions/CInlineAction.php(49): <strong>QuestionAdministrationController</strong>-&gt;<strong>actionSaveQuestionData</strong>()				</div>

				<div class="code"><pre><span class="ln">44</span>         $controller=$this-&gt;getController();
<span class="ln">45</span>         $method=new ReflectionMethod($controller, $methodName);
<span class="ln">46</span>         if($method-&gt;getNumberOfParameters()&gt;0)
<span class="ln">47</span>             return $this-&gt;runWithParamsInternal($controller, $method, $params);
<span class="ln">48</span> 
<span class="error"><span class="ln error-ln">49</span>         $controller-&gt;$methodName();
</span><span class="ln">50</span>         return true;
<span class="ln">51</span>     }
<span class="ln">52</span> }
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#2			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(308): <strong>CInlineAction</strong>-&gt;<strong>runWithParams</strong>(array())				</div>

				<div class="code"><pre><span class="ln">303</span>     {
<span class="ln">304</span>         $priorAction=$this-&gt;_action;
<span class="ln">305</span>         $this-&gt;_action=$action;
<span class="ln">306</span>         if($this-&gt;beforeAction($action))
<span class="ln">307</span>         {
<span class="error"><span class="ln error-ln">308</span>             if($action-&gt;runWithParams($this-&gt;getActionParams())===false)
</span><span class="ln">309</span>                 $this-&gt;invalidActionParams($action);
<span class="ln">310</span>             else
<span class="ln">311</span>                 $this-&gt;afterAction($action);
<span class="ln">312</span>         }
<span class="ln">313</span>         $this-&gt;_action=$priorAction;
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#3			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(286): <strong>CController</strong>-&gt;<strong>runAction</strong>(CInlineAction)				</div>

				<div class="code"><pre><span class="ln">281</span>      * @see runAction
<span class="ln">282</span>      */
<span class="ln">283</span>     public function runActionWithFilters($action,$filters)
<span class="ln">284</span>     {
<span class="ln">285</span>         if(empty($filters))
<span class="error"><span class="ln error-ln">286</span>             $this-&gt;runAction($action);
</span><span class="ln">287</span>         else
<span class="ln">288</span>         {
<span class="ln">289</span>             $priorAction=$this-&gt;_action;
<span class="ln">290</span>             $this-&gt;_action=$action;
<span class="ln">291</span>             CFilterChain::create($this,$action,$filters)-&gt;run();
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#4			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(265): <strong>CController</strong>-&gt;<strong>runActionWithFilters</strong>(CInlineAction, array())				</div>

				<div class="code"><pre><span class="ln">260</span>         {
<span class="ln">261</span>             if(($parent=$this-&gt;getModule())===null)
<span class="ln">262</span>                 $parent=Yii::app();
<span class="ln">263</span>             if($parent-&gt;beforeControllerAction($this,$action))
<span class="ln">264</span>             {
<span class="error"><span class="ln error-ln">265</span>                 $this-&gt;runActionWithFilters($action,$this-&gt;filters());
</span><span class="ln">266</span>                 $parent-&gt;afterControllerAction($this,$action);
<span class="ln">267</span>             }
<span class="ln">268</span>         }
<span class="ln">269</span>         else
<span class="ln">270</span>             $this-&gt;missingAction($actionID);
</pre></div>			</td>
		</tr>
						<tr class="trace app expanded">
			<td class="number">
				#5			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/controllers/LSBaseController.php(160): <strong>CController</strong>-&gt;<strong>run</strong>("saveQuestionData")				</div>

				<div class="code"><pre><span class="ln">155</span>                     $this-&gt;redirect(array('/admin/authentication/sa/login'));
<span class="ln">156</span>                 }
<span class="ln">157</span>             }
<span class="ln">158</span>         }
<span class="ln">159</span> 
<span class="error"><span class="ln error-ln">160</span>         parent::run($action);
</span><span class="ln">161</span>     }
<span class="ln">162</span> 
<span class="ln">163</span>     /**
<span class="ln">164</span>      * Load and set session vars
<span class="ln">165</span>      *
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#6			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CWebApplication.php(282): <strong>LSBaseController</strong>-&gt;<strong>run</strong>("saveQuestionData")				</div>

				<div class="code"><pre><span class="ln">277</span>         {
<span class="ln">278</span>             list($controller,$actionID)=$ca;
<span class="ln">279</span>             $oldController=$this-&gt;_controller;
<span class="ln">280</span>             $this-&gt;_controller=$controller;
<span class="ln">281</span>             $controller-&gt;init();
<span class="error"><span class="ln error-ln">282</span>             $controller-&gt;run($actionID);
</span><span class="ln">283</span>             $this-&gt;_controller=$oldController;
<span class="ln">284</span>         }
<span class="ln">285</span>         else
<span class="ln">286</span>             throw new CHttpException(404,Yii::t('yii','Unable to resolve the request "{route}".',
<span class="ln">287</span>                 array('{route}'=&gt;$route===''?$this-&gt;defaultController:$route)));
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#7			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CWebApplication.php(141): <strong>CWebApplication</strong>-&gt;<strong>runController</strong>("questionAdministration/saveQuestionData")				</div>

				<div class="code"><pre><span class="ln">136</span>             foreach(array_splice($this-&gt;catchAllRequest,1) as $name=&gt;$value)
<span class="ln">137</span>                 $_GET[$name]=$value;
<span class="ln">138</span>         }
<span class="ln">139</span>         else
<span class="ln">140</span>             $route=$this-&gt;getUrlManager()-&gt;parseUrl($this-&gt;getRequest());
<span class="error"><span class="ln error-ln">141</span>         $this-&gt;runController($route);
</span><span class="ln">142</span>     }
<span class="ln">143</span> 
<span class="ln">144</span>     /**
<span class="ln">145</span>      * Registers the core application components.
<span class="ln">146</span>      * This method overrides the parent implementation by registering additional core components.
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#8			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/base/CApplication.php(185): <strong>CWebApplication</strong>-&gt;<strong>processRequest</strong>()				</div>

				<div class="code"><pre><span class="ln">180</span>     public function run()
<span class="ln">181</span>     {
<span class="ln">182</span>         if($this-&gt;hasEventHandler('onBeginRequest'))
<span class="ln">183</span>             $this-&gt;onBeginRequest(new CEvent($this));
<span class="ln">184</span>         register_shutdown_function(array($this,'end'),0,false);
<span class="error"><span class="ln error-ln">185</span>         $this-&gt;processRequest();
</span><span class="ln">186</span>         if($this-&gt;hasEventHandler('onEndRequest'))
<span class="ln">187</span>             $this-&gt;onEndRequest(new CEvent($this));
<span class="ln">188</span>     }
<span class="ln">189</span> 
<span class="ln">190</span>     /**
</pre></div>			</td>
		</tr>
						<tr class="trace app expanded">
			<td class="number">
				#9			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/index.php(182): <strong>CApplication</strong>-&gt;<strong>run</strong>()				</div>

				<div class="code"><pre><span class="ln">177</span> require_once APPPATH . 'core/LSYii_Application' . EXT;
<span class="ln">178</span> 
<span class="ln">179</span> $config = require_once(APPPATH . 'config/internal' . EXT);
<span class="ln">180</span> 
<span class="ln">181</span> Yii::$enableIncludePath = false;
<span class="error"><span class="ln error-ln">182</span> Yii::createApplication('LSYii_Application', $config)-&gt;run();
</span><span class="ln">183</span> 
<span class="ln">184</span> /* End of file index.php */
<span class="ln">185</span> /* Location: ./index.php */
</pre></div>			</td>
		</tr>
				</tbody></table>
	</div>

	<div class="version">
		2021-01-29 06:42:09 nginx/1.18.0 <a href="http://www.yiiframework.com/">Yii Framework</a>/1.1.22-dev	</div>
</div>

<script type="text/javascript">
/*<![CDATA[*/
var traceReg = new RegExp("(^|\\s)trace-file(\\s|$)");
var collapsedReg = new RegExp("(^|\\s)collapsed(\\s|$)");

var e = document.getElementsByTagName("div");
for(var j=0,len=e.length;j<len;j++){
	if(traceReg.test(e[j].className)){
		e[j].onclick = function(){
			var trace = this.parentNode.parentNode;
			if(collapsedReg.test(trace.className))
				trace.className = trace.className.replace("collapsed", "expanded");
			else
				trace.className = trace.className.replace("expanded", "collapsed");
		}
	}
}
/*]]>*/
</script>



<div id="grammalecte_menu_main_button_shadow_host" style="width: 0px; height: 0px;"></div></body><script src="PHP%20notice_fichiers/api.js"></script></html>
PHP notice.html (17,112 bytes)   
DenisChenu

DenisChenu

2021-02-10 17:59

developer   ~62130

https://github.com/LimeSurvey/LimeSurvey/commit/68aaad4c22dbb2c96ab211a56513257a46b244ff

Issue History

Date Modified Username Field Change
2021-01-29 08:57 DenisChenu New Issue
2021-01-29 08:57 DenisChenu File Added: PHP notice.html
2021-01-29 09:07 DenisChenu Relationship added related to 17028
2021-01-29 14:25 ollehar Product Version => 4.4.0
2021-02-10 17:59 DenisChenu Note Added: 62130
2021-02-10 17:59 DenisChenu Assigned To => ollehar
2021-02-10 17:59 DenisChenu Status new => resolved
2021-02-10 17:59 DenisChenu Resolution open => fixed
2021-03-08 19:31 c_schmitz Fixed in Version => 4.4.12
2021-03-08 19:38 c_schmitz Status resolved => closed