View Issue Details

This bug affects 1 person(s).
 12
IDProjectCategoryView StatusLast Update
17070Bug reportsQuestion editorpublic2023-05-18 00:06
Reportermkpasswd Assigned Togabrieljenik  
PrioritynoneSeveritypartial_block 
Status closedResolutionunable to reproduce 
Product Version4.4.3 
Summary17070: 403 on HTML popup editor
Description

When selecting "popup HTML editor" as the standard HTML editor, the popup editor shows a 403 whatever text field is edited.

Switching to Inline editor solves the problem but the 403 is still this there when editing subquestions texts, making this bug partially blocking for my users.

Steps To Reproduce

Create a multiple choice question
Click subquestions
Enter a few subquestions
save
click the pen to open the HTML popup Editor
Popup opens with a 403, see attached screenshot

Additional Information

It seems that the Group ID and subquestion ID are not provided in the popup URL you may see on the hover URL on the second attached screen shot
I've tried to hack the ./application/views/questionAdministration/answerOptionRow.twig but with no result.

TagsNo tags attached.
Attached Files
html-editor-popup-403.png (83,150 bytes)   
html-editor-popup-403.png (83,150 bytes)   
Bug heat12
Complete LimeSurvey version number (& build)4.4.3+210209
I will donate to the project if issue is resolvedNo
Browserfirefox 85.0.1 ubuntu 20.04
Database type & versionMysql mysql Ver 14.14 Distrib 5.7.33, for Linux (x86_64) using EditLine wrapper
Server OS (if known)standard docker image php:apache
Webserver software & version (if known)apache 2.4.38
PHP VersionPHP 7.4.0

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2021-02-09 17:57

developer   ~62088

Strange

I can not reproduce on 4.4.4

DenisChenu

DenisChenu

2021-02-09 18:00

developer   ~62089

Last edited: 2021-06-29 16:08

The check is done here :
https://github.com/LimeSurvey/LimeSurvey/blob/a108ed96640126efd4b9388ffdc409b21646704c/application/core/Survey_Common_Action.php#L166

But !empty($params['iGroupId']) : must return false if gid === "" (empty string)

You have a space in the link ?

mkpasswd

mkpasswd

2021-02-09 18:06

reporter   ~62090

Last edited: 2021-06-29 16:08

Thanks for your (very :-) ) fast processing.

Yes strange as looking to the release notes I haven't seen any line about this.
Although I did not check at the file level.

I plan a (clone + 4.4.3 to 4.4.4 upgrade) tomorrow morning and I'll keep this ticket updated.

Would you suggest any other operation that could help identify where could the problem be on this 4.4.3 version ?

DenisChenu

DenisChenu

2021-02-09 18:08

developer   ~62091

Last edited: 2021-06-29 16:08

Just before launch popup :

die('«'.$params['iGroupId'].'»');
at line 166 https://github.com/LimeSurvey/LimeSurvey/blob/a108ed96640126efd4b9388ffdc409b21646704c/application/core/Survey_Common_Action.php#L166

Toi check what is gif at this time …

mkpasswd

mkpasswd

2021-02-09 18:11

reporter   ~62092

Last edited: 2021-06-29 16:08

As you may see there's no spaces in the URL, below is a plain cut/paste of the opened URL.
Both GID and QID are empty.

https://hub.imt-atlantique.fr/limesurvey/index.php/admin/htmleditor_pop/sa/index/name/subquestions[16134][0][subquestionl10n][fr]/text/[Answer:](fr)/type/editanswer/action/editanswer/sid/475812/gid//qid//lang/fr

DenisChenu

DenisChenu

2021-02-09 18:13

developer   ~62093

Last edited: 2021-06-29 16:08

Yes : don't understand …

mkpasswd

mkpasswd

2021-02-10 11:29

reporter   ~62101

Last edited: 2021-06-29 16:08

I've cloned the entire platform and applied the 4.4.4 version.
No changes : the problem is still there.
I'm currently hacking to see wether if the information is missing in the TWIG or is forgottent further in the process.

DenisChenu

DenisChenu

2021-02-10 12:56

developer   ~62102

Last edited: 2021-06-29 16:08

Debug mode : https://manual.limesurvey.org/Debug_mode

then we know exactly where it happen

mkpasswd

mkpasswd

2021-02-10 15:06

reporter   ~62108

Last edited: 2021-06-29 16:08

I've hacked the /application/views/questionAdministration/subquestionRow.twig
Screenshot #1
Result on screenshot #2

It appears there's at least 1 error in the original subquestionRow.twig as the gid parm should be replaced by question.gid (mark #1 on screenshot #1).
the regexp check (mark #2) seems to be OK.

But it still does not make the trick : the parms are present at the twig level and get erased during the processing

Selection_965.png (107,508 bytes)
Selection_964.png (76,133 bytes)   
Selection_964.png (76,133 bytes)   
DenisChenu

DenisChenu

2021-02-10 15:18

developer   ~62110

Last edited: 2021-06-29 16:08

Please : debug mode …

mkpasswd

mkpasswd

2021-02-10 15:39

reporter   ~62112

Last edited: 2021-06-29 16:08

Hacking application//helpers/admin/htmleditor_helper.php as in screen shot #1
I've discovered that the change in the javascript:start_popup_editor call intervenes AFTER the PHP generation in htmleditor_helper.php
Displaying the href parms in an HTML comment shows unaffected gID en qID parameters (mark #1) but the actual parameters (mark #2) are empty.
Very strange.

=> is there somewhere a routine rewriting "A HREF='javascript..." either on $htmlcode at the PHP level of after in the DOM at a JS level ?

Unfortunately I'm totally limesurvey-dev-model blind and I think I can't go further debugging this...

Selection_966.png (166,388 bytes)
Selection_967.png (161,867 bytes)
DenisChenu

DenisChenu

2021-02-10 16:17

developer   ~62114

Last edited: 2021-06-29 16:08

Please : debug mode … …
Activate : and show the new html-editor-popup-403.png

https://manual.limesurvey.org/Debug_mode

mkpasswd

mkpasswd

2021-02-10 16:35

reporter   ~62115

Last edited: 2021-06-29 16:08

Hi,
attached the 403 screenshot in 2 parts with debug=1
Also attached the corresponding URL

Selection_970.png (428,369 bytes)
Selection_971.png (122,010 bytes)
Selection_972.png (90,339 bytes)   
Selection_972.png (90,339 bytes)   
DenisChenu

DenisChenu

2021-02-10 16:41

developer   ~62116

Last edited: 2021-06-29 16:08

OK … !empty($params['iGroupId']) return false confirmed …

But HOW this can happen !!!

DenisChenu

DenisChenu

2021-02-10 16:43

developer   ~62117

Last edited: 2021-06-29 16:08

Is set here : https://github.com/LimeSurvey/LimeSurvey/blob/a108ed96640126efd4b9388ffdc409b21646704c/application/core/Survey_Common_Action.php#L161

But only if qid is set (and not the case here)

Can you check in DB if you have some empty gid ? Some question with gid === null ?

mkpasswd

mkpasswd

2021-02-10 17:21

reporter   ~62128

Last edited: 2021-06-29 16:08

As you may see on https://bugs.limesurvey.org/file_download.php?file_id=14383&type=bug sid, gid qns qid are set, it's the calling link javascript:call_popup_editor(... for subquestion.qid=16138 on the question editor form index.php/questionAdministration/view/surveyid/978456/gid/58/qid/16136 that misses the correct parms

This link is apparently rewritten somewhere as it seems to be correct from the PHP generation function

Anyway, DB coherence check is fine and I could no find any question see screenshot ttached

Selection_974.png (47,502 bytes)   
Selection_974.png (47,502 bytes)   
DenisChenu

DenisChenu

2021-02-10 17:54

developer   ~62129

Last edited: 2021-06-29 16:08

Are set to an empty string then empty($params['iGroupId']) == empty($params['iQuestionId']) == true

See https://www.php.net/manual/en/function.empty.php

Don't care aboit gid//qid// …

mkpasswd

mkpasswd

2021-02-10 18:27

reporter   ~62132

Last edited: 2021-06-29 16:08

Found the rewrite origin, my guess is : this is done in javascript.

There's somewhere a rewrite based on <A class=editorLink which erase the gid and qid parameters to the popup.
Disabling the editorLink class (actually renaming it to VOIDeditorLink) ensure the call_editor_popup gets the correct parameters
This can't be a clean solution.

I suppose the rewrite function to be updateRowProperties() in ./assets/scripts/admin/questionEditor.js ScreenShot #1

It can't find the input[name=gid] and the input[name=qid] (returns undefined Screenshot #2) and simply clear both parameters in the URL

=>from my point of view both required input[name=gid] and input[name=qid] should be made available to this function updateRowProperties for the popup to work properly.

Selection_975.png (79,607 bytes)   
Selection_975.png (79,607 bytes)   
Selection_976.png (62,330 bytes)   
Selection_976.png (62,330 bytes)   
ollehar

ollehar

2021-03-10 17:24

administrator   ~63083

Last edited: 2021-06-29 16:08

Any solution for this?

DenisChenu

DenisChenu

2021-03-10 17:26

developer   ~63086

Last edited: 2021-06-29 16:08

Gabriel didn't fix it some day ago ?

ollehar

ollehar

2021-03-10 17:27

administrator   ~63088

Last edited: 2021-06-29 16:08

You tell me. xD

fbrei

fbrei

2021-06-29 15:43

reporter   ~65160

Last edited: 2021-06-29 16:08

I can confirm that this bug is still present in the latest release. Are there any news on this?

ollehar

ollehar

2021-06-29 16:08

administrator   ~65163

We can test some more.

gabrieljenik

gabrieljenik

2021-07-05 19:49

manager   ~65212

Couldn't reproduce it in master neither in 4.4.3

fbrei

fbrei

2021-07-06 11:36

reporter   ~65229

We have a server that was running an older version of Limesurvey (4.3.15+200907). I turned it back on to check if the error existed in that version and in fact it didn't. But the server running the latest release still has that error. It started with one of the later 4.x versions and still persists with 5.x.

I enabled debug mode and saved the html file containing the error message and stack trace. Does it contain any sensitive information? If not I would just upload the whole html file instead of creating a series of screenshots :)

gabrieljenik

gabrieljenik

2021-07-06 15:07

manager   ~65236

I enabled debug mode and saved the html file containing the error message and stack trace. Does it contain any sensitive information? If not I would just upload the whole html file instead of creating a series of screenshots :)

I wouldn't know. Sorry, I would say that more than just a path and maybe some names, shouldn't be any password on it.

gabrieljenik

gabrieljenik

2021-07-06 15:08

manager   ~65237

We did found about some parameters not being sent to the html editor.
Will fix it.

Still that only impact the replacement feature. Sholdn't cause a 403.
Have you tried clearing the assets?

Thanks

gabrieljenik

gabrieljenik

2021-07-06 15:27

manager   ~65240

GID and QID were not sent to editor on subquestions, imapcting on replacement fields.
Issue detected while reviewing.

PR: https://github.com/LimeSurvey/LimeSurvey/pull/1949

fbrei

fbrei

2021-07-07 10:20

reporter   ~65245

Yes I tried it again after clearing the assets via the button in the global settings menu. The error still persists. I will wait until your branch was merged and then test again.

c_schmitz

c_schmitz

2021-07-14 18:14

administrator   ~65441

It is merged, now.

fbrei

fbrei

2021-07-28 20:35

reporter   ~65718

I just installed the update and the error is (almost) fixed. When I add a question (5 point array for example) and try to open the html editor on a subquestion BEFORE clicking on the save button once, I still get the error. Plus, the inline text field next to the button that says sth. like "Example subquestion" turns grey and uneditable afterwards.

But after saving the question at least once, I am not able to reproduce the error anymore.

gabrieljenik

gabrieljenik

2021-07-29 21:48

manager   ~65752

We couldn't reproduce it.

I tried this:
1) Created an empty survey
2) Added a group
3) Clicked "Add question"
4) Changed the type to "Array (5 point choice)" (I had "Short free text" by default)
5) Clicked on the first subquestion's editor button => It worked
6) Added a new subquestion
7) Clicked on the new subquestion's editor button => It worked too

Can I ask you to send some kind of screenshots (showing the full screen) or screenrecording (showing the steps?)

gabrieljenik

gabrieljenik

2023-05-18 00:06

manager   ~75067

As per the comments, will be closing the ticket.
Please add any comments in case it should be reopened.
Thanks

Issue History

Date Modified Username Field Change
2021-02-09 17:30 mkpasswd New Issue
2021-02-09 17:30 mkpasswd File Added: html-editor-popup-403.png
2021-02-09 17:30 mkpasswd File Added: missing-gid-qid-on-html-editor-popup-hover.png
2021-02-09 17:57 DenisChenu Note Added: 62088
2021-02-09 17:57 DenisChenu File Added: Capture d’écran du 2021-02-09 17-57-13.png
2021-02-09 18:00 DenisChenu Note Added: 62089
2021-02-09 18:06 mkpasswd Note Added: 62090
2021-02-09 18:08 DenisChenu Note Added: 62091
2021-02-09 18:09 DenisChenu Note Edited: 62091
2021-02-09 18:11 mkpasswd Note Added: 62092
2021-02-09 18:13 DenisChenu Note Added: 62093
2021-02-10 11:29 mkpasswd Note Added: 62101
2021-02-10 12:56 DenisChenu Note Added: 62102
2021-02-10 15:06 mkpasswd Note Added: 62108
2021-02-10 15:06 mkpasswd File Added: Selection_965.png
2021-02-10 15:06 mkpasswd File Added: Selection_964.png
2021-02-10 15:18 DenisChenu Note Added: 62110
2021-02-10 15:39 mkpasswd Note Added: 62112
2021-02-10 15:39 mkpasswd File Added: Selection_966.png
2021-02-10 15:39 mkpasswd File Added: Selection_967.png
2021-02-10 16:17 DenisChenu Note Added: 62114
2021-02-10 16:35 mkpasswd Note Added: 62115
2021-02-10 16:35 mkpasswd File Added: Selection_970.png
2021-02-10 16:35 mkpasswd File Added: Selection_971.png
2021-02-10 16:35 mkpasswd File Added: Selection_972.png
2021-02-10 16:41 DenisChenu Note Added: 62116
2021-02-10 16:43 DenisChenu Note Added: 62117
2021-02-10 17:21 mkpasswd Note Added: 62128
2021-02-10 17:21 mkpasswd File Added: Selection_974.png
2021-02-10 17:54 DenisChenu Note Added: 62129
2021-02-10 18:27 mkpasswd Note Added: 62132
2021-02-10 18:27 mkpasswd File Added: Selection_975.png
2021-02-10 18:27 mkpasswd File Added: Selection_976.png
2021-03-10 17:24 ollehar Assigned To => ollehar
2021-03-10 17:24 ollehar Status new => feedback
2021-03-10 17:24 ollehar Note Added: 63083
2021-03-10 17:26 DenisChenu Note Added: 63086
2021-03-10 17:27 ollehar Note Added: 63088
2021-06-29 15:43 fbrei Note Added: 65160
2021-06-29 16:08 ollehar Sync to Zoho Project => |Yes|
2021-06-29 16:08 ollehar Note Added: 65163
2021-07-05 17:37 gabrieljenik Assigned To ollehar => gabrieljenik
2021-07-05 19:49 gabrieljenik Note Added: 65212
2021-07-06 11:36 fbrei Note Added: 65229
2021-07-06 15:07 gabrieljenik Note Added: 65236
2021-07-06 15:08 gabrieljenik Note Added: 65237
2021-07-06 15:27 gabrieljenik Note Added: 65240
2021-07-07 10:20 fbrei Note Added: 65245
2021-07-14 18:14 c_schmitz Note Added: 65441
2021-07-28 20:35 fbrei Note Added: 65718
2021-07-29 21:48 gabrieljenik Note Added: 65752
2023-05-18 00:06 gabrieljenik Status feedback => closed
2023-05-18 00:06 gabrieljenik Resolution open => unable to reproduce
2023-05-18 00:06 gabrieljenik Note Added: 75067