View Issue Details

This bug affects 1 person(s).
 2
IDProjectCategoryView StatusLast Update
17027Bug reportsSurvey editingpublic2021-03-08 19:38
ReporterDenisChenu Assigned Toollehar  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version4.4.0 
Fixed in Version4.4.12 
Summary17027: Personal settings " Show script field: " to no throw error
DescriptionWhen set " Show script field: " to NO and set debug = 2 !: no wayè to add question
Steps To ReproduceSet " Show script field: " to NO
Set debug = 2
Create a question,
Save : error
Additional InformationSame with update question : it means
- User 1 add script
- User 2 didn't show script
- User 2 delete script always … (another report to do, but think XSS/script system right is broken now …)
TagsNo tags attached.
Bug heat2
Complete LimeSurvey version number (& build)4.4.0 github
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Relationships

related to 17028 closedDenisChenu Script are not saved 

Users monitoring this issue

User List There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2021-01-29 08:57

developer  

PHP notice.html (17,112 bytes)   
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>PHP notice</title>

<style type="text/css">
/*<![CDATA[*/
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-size:100%;vertical-align:baseline;background:transparent;margin:0;padding:0;}
body{line-height:1;}
ol,ul{list-style:none;}
blockquote,q{quotes:none;}
blockquote:before,blockquote:after,q:before,q:after{content:none;}
:focus{outline:0;}
ins{text-decoration:none;}
del{text-decoration:line-through;}
table{border-collapse:collapse;border-spacing:0;}

body {
	font: normal 9pt "Verdana";
	color: #000;
	background: #fff;
}

h1 {
	font: normal 18pt "Verdana";
	color: #f00;
	margin-bottom: .5em;
}

h2 {
	font: normal 14pt "Verdana";
	color: #800000;
	margin-bottom: .5em;
}

h3 {
	font: bold 11pt "Verdana";
}

pre {
	font: normal 11pt Menlo, Consolas, "Lucida Console", Monospace;
}

pre span.error {
	display: block;
	background: #fce3e3;
}

pre span.ln {
	color: #999;
	padding-right: 0.5em;
	border-right: 1px solid #ccc;
}

pre span.error-ln {
	font-weight: bold;
}

.container {
	margin: 1em 4em;
}

.version {
	color: gray;
	font-size: 8pt;
	border-top: 1px solid #aaa;
	padding-top: 1em;
	margin-bottom: 1em;
}

.message {
	color: #000;
	padding: 1em;
	font-size: 11pt;
	background: #f3f3f3;
	-webkit-border-radius: 10px;
	-moz-border-radius: 10px;
	border-radius: 10px;
	margin-bottom: 1em;
	line-height: 160%;
}

.source {
	margin-bottom: 1em;
}

.code pre {
	background-color: #ffe;
	margin: 0.5em 0;
	padding: 0.5em;
	line-height: 125%;
	border: 1px solid #eee;
}

.source .file {
	margin-bottom: 1em;
	font-weight: bold;
}

.traces {
	margin: 2em 0;
}

.trace {
	margin: 0.5em 0;
	padding: 0.5em;
}

.trace.app {
	border: 1px dashed #c00;
}

.trace .number {
	text-align: right;
	width: 2em;
	padding: 0.5em;
}

.trace .content {
	padding: 0.5em;
}

.trace .plus,
.trace .minus {
	display:inline;
	vertical-align:middle;
	text-align:center;
	border:1px solid #000;
	color:#000;
	font-size:10px;
	line-height:10px;
	margin:0;
	padding:0 1px;
	width:10px;
	height:10px;
}

.trace.collapsed .minus,
.trace.expanded .plus,
.trace.collapsed pre {
	display: none;
}

.trace-file {
	cursor: pointer;
	padding: 0.2em;
}

.trace-file:hover {
	background: #f0ffff;
}
/*]]>*/
</style>
</head>

<body>
<div class="container">
	<h1>PHP notice</h1>

	<p class="message">
		Undefined index: script	</p>

	<div class="source">
		<p class="file">/mnt/data/shnoulle/nginx/www/master/application/controllers/QuestionAdministrationController.php(2489)</p>
		<div class="code"><pre><span class="ln">2477</span>      */
<span class="ln">2478</span>     private function applyL10n($oQuestion, $dataSet)
<span class="ln">2479</span>     {
<span class="ln">2480</span>         foreach ($dataSet as $sLanguage =&gt; $aI10NBlock) {
<span class="ln">2481</span>             $i10N = QuestionL10n::model()-&gt;findByAttributes(['qid' =&gt; $oQuestion-&gt;qid, 'language' =&gt; $sLanguage]);
<span class="ln">2482</span>             if (empty($i10N)) {
<span class="ln">2483</span>                 throw new Exception('Found no L10n object');
<span class="ln">2484</span>             }
<span class="ln">2485</span>             $i10N-&gt;setAttributes(
<span class="ln">2486</span>                 [
<span class="ln">2487</span>                     'question' =&gt; $aI10NBlock['question'],
<span class="ln">2488</span>                     'help'     =&gt; $aI10NBlock['help'],
<span class="error"><span class="ln error-ln">2489</span>                     'script'   =&gt; $aI10NBlock['script'],
</span><span class="ln">2490</span>                 ],
<span class="ln">2491</span>                 false
<span class="ln">2492</span>             );
<span class="ln">2493</span>             if (!$i10N-&gt;save()) {
<span class="ln">2494</span>                 throw new CHttpException(500, gT("Could not store translation"));
<span class="ln">2495</span>             }
<span class="ln">2496</span>         }
<span class="ln">2497</span> 
<span class="ln">2498</span>         return true;
<span class="ln">2499</span>     }
<span class="ln">2500</span> 
<span class="ln">2501</span>     /**
</pre></div>	</div>

	<div class="traces">
		<h2>Stack Trace</h2>
				<table style="width:100%;">
						<tbody><tr class="trace app expanded">
			<td class="number">
				#0			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/controllers/QuestionAdministrationController.php(398): <strong>QuestionAdministrationController</strong>-&gt;<strong>applyL10n</strong>(Question, array("en" =&gt; array("question" =&gt; "&lt;p&gt;Multiple choice question&lt;/p&gt;", "help" =&gt; "")))				</div>

				<div class="code"><pre><span class="ln">393</span>             }
<span class="ln">394</span> 
<span class="ln">395</span>             // Apply the changes to general settings, advanced settings and translations
<span class="ln">396</span>             $setApplied = [];
<span class="ln">397</span> 
<span class="error"><span class="ln error-ln">398</span>             $setApplied['questionI10N'] = $this-&gt;applyL10n($question, $questionData['questionI10N']);
</span><span class="ln">399</span> 
<span class="ln">400</span>             $setApplied['advancedSettings'] = $this-&gt;unparseAndSetAdvancedOptions(
<span class="ln">401</span>                 $question,
<span class="ln">402</span>                 $questionData['advancedSettings']
<span class="ln">403</span>             );
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#1			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/actions/CInlineAction.php(49): <strong>QuestionAdministrationController</strong>-&gt;<strong>actionSaveQuestionData</strong>()				</div>

				<div class="code"><pre><span class="ln">44</span>         $controller=$this-&gt;getController();
<span class="ln">45</span>         $method=new ReflectionMethod($controller, $methodName);
<span class="ln">46</span>         if($method-&gt;getNumberOfParameters()&gt;0)
<span class="ln">47</span>             return $this-&gt;runWithParamsInternal($controller, $method, $params);
<span class="ln">48</span> 
<span class="error"><span class="ln error-ln">49</span>         $controller-&gt;$methodName();
</span><span class="ln">50</span>         return true;
<span class="ln">51</span>     }
<span class="ln">52</span> }
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#2			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(308): <strong>CInlineAction</strong>-&gt;<strong>runWithParams</strong>(array())				</div>

				<div class="code"><pre><span class="ln">303</span>     {
<span class="ln">304</span>         $priorAction=$this-&gt;_action;
<span class="ln">305</span>         $this-&gt;_action=$action;
<span class="ln">306</span>         if($this-&gt;beforeAction($action))
<span class="ln">307</span>         {
<span class="error"><span class="ln error-ln">308</span>             if($action-&gt;runWithParams($this-&gt;getActionParams())===false)
</span><span class="ln">309</span>                 $this-&gt;invalidActionParams($action);
<span class="ln">310</span>             else
<span class="ln">311</span>                 $this-&gt;afterAction($action);
<span class="ln">312</span>         }
<span class="ln">313</span>         $this-&gt;_action=$priorAction;
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#3			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(286): <strong>CController</strong>-&gt;<strong>runAction</strong>(CInlineAction)				</div>

				<div class="code"><pre><span class="ln">281</span>      * @see runAction
<span class="ln">282</span>      */
<span class="ln">283</span>     public function runActionWithFilters($action,$filters)
<span class="ln">284</span>     {
<span class="ln">285</span>         if(empty($filters))
<span class="error"><span class="ln error-ln">286</span>             $this-&gt;runAction($action);
</span><span class="ln">287</span>         else
<span class="ln">288</span>         {
<span class="ln">289</span>             $priorAction=$this-&gt;_action;
<span class="ln">290</span>             $this-&gt;_action=$action;
<span class="ln">291</span>             CFilterChain::create($this,$action,$filters)-&gt;run();
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#4			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(265): <strong>CController</strong>-&gt;<strong>runActionWithFilters</strong>(CInlineAction, array())				</div>

				<div class="code"><pre><span class="ln">260</span>         {
<span class="ln">261</span>             if(($parent=$this-&gt;getModule())===null)
<span class="ln">262</span>                 $parent=Yii::app();
<span class="ln">263</span>             if($parent-&gt;beforeControllerAction($this,$action))
<span class="ln">264</span>             {
<span class="error"><span class="ln error-ln">265</span>                 $this-&gt;runActionWithFilters($action,$this-&gt;filters());
</span><span class="ln">266</span>                 $parent-&gt;afterControllerAction($this,$action);
<span class="ln">267</span>             }
<span class="ln">268</span>         }
<span class="ln">269</span>         else
<span class="ln">270</span>             $this-&gt;missingAction($actionID);
</pre></div>			</td>
		</tr>
						<tr class="trace app expanded">
			<td class="number">
				#5			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/controllers/LSBaseController.php(160): <strong>CController</strong>-&gt;<strong>run</strong>("saveQuestionData")				</div>

				<div class="code"><pre><span class="ln">155</span>                     $this-&gt;redirect(array('/admin/authentication/sa/login'));
<span class="ln">156</span>                 }
<span class="ln">157</span>             }
<span class="ln">158</span>         }
<span class="ln">159</span> 
<span class="error"><span class="ln error-ln">160</span>         parent::run($action);
</span><span class="ln">161</span>     }
<span class="ln">162</span> 
<span class="ln">163</span>     /**
<span class="ln">164</span>      * Load and set session vars
<span class="ln">165</span>      *
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#6			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CWebApplication.php(282): <strong>LSBaseController</strong>-&gt;<strong>run</strong>("saveQuestionData")				</div>

				<div class="code"><pre><span class="ln">277</span>         {
<span class="ln">278</span>             list($controller,$actionID)=$ca;
<span class="ln">279</span>             $oldController=$this-&gt;_controller;
<span class="ln">280</span>             $this-&gt;_controller=$controller;
<span class="ln">281</span>             $controller-&gt;init();
<span class="error"><span class="ln error-ln">282</span>             $controller-&gt;run($actionID);
</span><span class="ln">283</span>             $this-&gt;_controller=$oldController;
<span class="ln">284</span>         }
<span class="ln">285</span>         else
<span class="ln">286</span>             throw new CHttpException(404,Yii::t('yii','Unable to resolve the request "{route}".',
<span class="ln">287</span>                 array('{route}'=&gt;$route===''?$this-&gt;defaultController:$route)));
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#7			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CWebApplication.php(141): <strong>CWebApplication</strong>-&gt;<strong>runController</strong>("questionAdministration/saveQuestionData")				</div>

				<div class="code"><pre><span class="ln">136</span>             foreach(array_splice($this-&gt;catchAllRequest,1) as $name=&gt;$value)
<span class="ln">137</span>                 $_GET[$name]=$value;
<span class="ln">138</span>         }
<span class="ln">139</span>         else
<span class="ln">140</span>             $route=$this-&gt;getUrlManager()-&gt;parseUrl($this-&gt;getRequest());
<span class="error"><span class="ln error-ln">141</span>         $this-&gt;runController($route);
</span><span class="ln">142</span>     }
<span class="ln">143</span> 
<span class="ln">144</span>     /**
<span class="ln">145</span>      * Registers the core application components.
<span class="ln">146</span>      * This method overrides the parent implementation by registering additional core components.
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#8			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/base/CApplication.php(185): <strong>CWebApplication</strong>-&gt;<strong>processRequest</strong>()				</div>

				<div class="code"><pre><span class="ln">180</span>     public function run()
<span class="ln">181</span>     {
<span class="ln">182</span>         if($this-&gt;hasEventHandler('onBeginRequest'))
<span class="ln">183</span>             $this-&gt;onBeginRequest(new CEvent($this));
<span class="ln">184</span>         register_shutdown_function(array($this,'end'),0,false);
<span class="error"><span class="ln error-ln">185</span>         $this-&gt;processRequest();
</span><span class="ln">186</span>         if($this-&gt;hasEventHandler('onEndRequest'))
<span class="ln">187</span>             $this-&gt;onEndRequest(new CEvent($this));
<span class="ln">188</span>     }
<span class="ln">189</span> 
<span class="ln">190</span>     /**
</pre></div>			</td>
		</tr>
						<tr class="trace app expanded">
			<td class="number">
				#9			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/index.php(182): <strong>CApplication</strong>-&gt;<strong>run</strong>()				</div>

				<div class="code"><pre><span class="ln">177</span> require_once APPPATH . 'core/LSYii_Application' . EXT;
<span class="ln">178</span> 
<span class="ln">179</span> $config = require_once(APPPATH . 'config/internal' . EXT);
<span class="ln">180</span> 
<span class="ln">181</span> Yii::$enableIncludePath = false;
<span class="error"><span class="ln error-ln">182</span> Yii::createApplication('LSYii_Application', $config)-&gt;run();
</span><span class="ln">183</span> 
<span class="ln">184</span> /* End of file index.php */
<span class="ln">185</span> /* Location: ./index.php */
</pre></div>			</td>
		</tr>
				</tbody></table>
	</div>

	<div class="version">
		2021-01-29 06:42:09 nginx/1.18.0 <a href="http://www.yiiframework.com/">Yii Framework</a>/1.1.22-dev	</div>
</div>

<script type="text/javascript">
/*<![CDATA[*/
var traceReg = new RegExp("(^|\\s)trace-file(\\s|$)");
var collapsedReg = new RegExp("(^|\\s)collapsed(\\s|$)");

var e = document.getElementsByTagName("div");
for(var j=0,len=e.length;j<len;j++){
	if(traceReg.test(e[j].className)){
		e[j].onclick = function(){
			var trace = this.parentNode.parentNode;
			if(collapsedReg.test(trace.className))
				trace.className = trace.className.replace("collapsed", "expanded");
			else
				trace.className = trace.className.replace("expanded", "collapsed");
		}
	}
}
/*]]>*/
</script>



<div id="grammalecte_menu_main_button_shadow_host" style="width: 0px; height: 0px;"></div></body><script src="PHP%20notice_fichiers/api.js"></script></html>
PHP notice.html (17,112 bytes)   
DenisChenu

DenisChenu

2021-02-10 17:59

developer   ~62130

https://github.com/LimeSurvey/LimeSurvey/commit/68aaad4c22dbb2c96ab211a56513257a46b244ff

Issue History

Date Modified Username Field Change
2021-01-29 08:57 DenisChenu New Issue
2021-01-29 08:57 DenisChenu File Added: PHP notice.html
2021-01-29 09:07 DenisChenu Relationship added related to 17028
2021-01-29 14:25 ollehar Product Version => 4.4.0
2021-02-10 17:59 DenisChenu Note Added: 62130
2021-02-10 17:59 DenisChenu Assigned To => ollehar
2021-02-10 17:59 DenisChenu Status new => resolved
2021-02-10 17:59 DenisChenu Resolution open => fixed
2021-03-08 19:31 c_schmitz Fixed in Version => 4.4.12
2021-03-08 19:38 c_schmitz Status resolved => closed