17206: Unable to use kcfinder with proxy enabled - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

17206	Bug reports	Other	public	2021-03-25 17:41	2021-03-26 08:36

Reporter	DenisChenu	Assigned To
Priority	none	Severity	minor
Status	closed	Resolution	fixed
Product Version	3.25.19
Fixed in Version	3.25.19

Summary	17206: Unable to use kcfinder with proxy enabled
Description	With debug = 0 + php 7 + proxy : when try to use kcfinder : receive an error page Only variables should be passed by reference
Steps To Reproduce	Fix a server with a proxy and php7 and try
Additional Information	To get the HTML page with line : i add `define('YII_DEBUG', true);` in browse.php file The Notice hide a lack of php-gd …
Tags	No tags attached.
Attached Files	image001.png (28,671 bytes) image001.png (28,671 bytes) PHP notice.html (7,840 bytes) <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>PHP notice</title> <style type="text/css"> /<![CDATA[/ html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-size:100%;vertical-align:baseline;background:transparent;margin:0;padding:0;} body{line-height:1;} ol,ul{list-style:none;} blockquote,q{quotes:none;} blockquote:before,blockquote:after,q:before,q:after{content:none;} :focus{outline:0;} ins{text-decoration:none;} del{text-decoration:line-through;} table{border-collapse:collapse;border-spacing:0;} body { font: normal 9pt "Verdana"; color: #000; background: #fff; } h1 { font: normal 18pt "Verdana"; color: #f00; margin-bottom: .5em; } h2 { font: normal 14pt "Verdana"; color: #800000; margin-bottom: .5em; } h3 { font: bold 11pt "Verdana"; } pre { font: normal 11pt Menlo, Consolas, "Lucida Console", Monospace; } pre span.error { display: block; background: #fce3e3; } pre span.ln { color: #999; padding-right: 0.5em; border-right: 1px solid #ccc; } pre span.error-ln { font-weight: bold; } .container { margin: 1em 4em; } .version { color: gray; font-size: 8pt; border-top: 1px solid #aaa; padding-top: 1em; margin-bottom: 1em; } .message { color: #000; padding: 1em; font-size: 11pt; background: #f3f3f3; -webkit-border-radius: 10px; -moz-border-radius: 10px; border-radius: 10px; margin-bottom: 1em; line-height: 160%; } .source { margin-bottom: 1em; } .code pre { background-color: #ffe; margin: 0.5em 0; padding: 0.5em; line-height: 125%; border: 1px solid #eee; } .source .file { margin-bottom: 1em; font-weight: bold; } .traces { margin: 2em 0; } .trace { margin: 0.5em 0; padding: 0.5em; } .trace.app { border: 1px dashed #c00; } .trace .number { text-align: right; width: 2em; padding: 0.5em; } .trace .content { padding: 0.5em; } .trace .plus, .trace .minus { display:inline; vertical-align:middle; text-align:center; border:1px solid #000; color:#000; font-size:10px; line-height:10px; margin:0; padding:0 1px; width:10px; height:10px; } .trace.collapsed .minus, .trace.expanded .plus, .trace.collapsed pre { display: none; } .trace-file { cursor: pointer; padding: 0.2em; } .trace-file:hover { background: #f0ffff; } /]]>/ </style> </head> <body> <div class="container"> <h1>PHP notice</h1> <p class="message"> Only variables should be passed by reference </p> <div class="source"> <p class="file">/var/www/html/limesurvey/third_party/kcfinder/core/class/uploader.php(155)</p> <div class="code"><pre><span class="ln">143</span> $this->config[$key] = $val; <span class="ln">144</span> <span class="ln">145</span> if (!isset($sessVar['self'])) <span class="ln">146</span> $sessVar['self'] = array(); <span class="ln">147</span> <span class="ln">148</span> $this->session = &$sessVar['self']; <span class="ln">149</span> <span class="ln">150</span> } else <span class="ln">151</span> $this->session = &$_SESSION; <span class="ln">152</span> <span class="ln">153</span> // SECURING THE SESSION <span class="ln">154</span> $stamp = array( <span class="error"><span class="ln error-ln">155</span> 'ip' => isset($_SERVER['HTTP_X_FORWARDED_FOR'])? array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])): $_SERVER['REMOTE_ADDR'], </span><span class="ln">156</span> 'agent' => md5($_SERVER['HTTP_USER_AGENT']) <span class="ln">157</span> ); <span class="ln">158</span> if (!isset($this->session['stamp'])) <span class="ln">159</span> $this->session['stamp'] = $stamp; <span class="ln">160</span> elseif (!is_array($this->session['stamp']) \|\| ($this->session['stamp'] !== $stamp)) { <span class="ln">161</span> if ($this->session['stamp']['ip'] === $stamp['ip']) <span class="ln">162</span> session_destroy(); <span class="ln">163</span> die; <span class="ln">164</span> } <span class="ln">165</span> <span class="ln">166</span> // IMAGE DRIVER INIT <span class="ln">167</span> if (isset($this->config['imageDriversPriority'])) { </pre></div> </div> <div class="traces"> <h2>Stack Trace</h2> <table style="width:100%;"> <tr class="trace app expanded"> <td class="number"> #0 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /var/www/html/limesurvey/third_party/kcfinder/core/class/browser.php(23): <strong>kcfinder\uploader</strong>-><strong>__construct</strong>() </div> <div class="code"><pre><span class="ln">18</span> protected $action; <span class="ln">19</span> protected $thumbsDir; <span class="ln">20</span> protected $thumbsTypeDir; <span class="ln">21</span> <span class="ln">22</span> public function __construct() { <span class="error"><span class="ln error-ln">23</span> parent::__construct(); </span><span class="ln">24</span> <span class="ln">25</span> // SECURITY CHECK INPUT DIRECTORY <span class="ln">26</span> if (isset($_POST['dir'])) { <span class="ln">27</span> $dir = $this->checkInputDir($_POST['dir'], true, false); <span class="ln">28</span> if ($dir === false) unset($_POST['dir']); </pre></div> </td> </tr> <tr class="trace app expanded"> <td class="number"> #1 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div>  /var/www/html/limesurvey/third_party/kcfinder/browse.php(19): <strong>kcfinder\browser</strong>-><strong>__construct</strong>() </div> <div class="code"><pre><span class="ln">14</span> / <span class="ln">15</span> define('YII_DEBUG', true); <span class="ln">16</span> error_reporting(E_ALL); <span class="ln">17</span> require "core/bootstrap.php"; <span class="ln">18</span> $browser = "kcfinder\\browser"; // To execute core/bootstrap.php on older <span class="error"><span class="ln error-ln">19</span> $browser = new $browser(); // PHP versions (even PHP 4) </span><span class="ln">20</span> $browser->action(); <span class="ln">21</span> <span class="ln">22</span> ?> </pre></div> </td> </tr> </table> </div> <div class="version"> 2021-03-25 17:14:10 Apache/2.4.25 (Debian) <a href="http://www.yiiframework.com/">Yii Framework</a>/1.1.21 </div> </div> <script type="text/javascript"> /<![CDATA[/ var traceReg = new RegExp("(^\|\\s)trace-file(\\s\|$)"); var collapsedReg = new RegExp("(^\|\\s)collapsed(\\s\|$)"); var e = document.getElementsByTagName("div"); for(var j=0,len=e.length;j<len;j++){ if(traceReg.test(e[j].className)){ e[j].onclick = function(){ var trace = this.parentNode.parentNode; if(collapsedReg.test(trace.className)) trace.className = trace.className.replace("collapsed", "expanded"); else trace.className = trace.className.replace("expanded", "collapsed"); } } } /]]>*/ </script> </body> </html> PHP notice.html (7,840 bytes)

Bug heat	2
Complete LimeSurvey version number (& build)	3.25.18
I will donate to the project if issue is resolved	No
Browser	not relevant
Database type & version	mysql
Server OS (if known)	debian9
Webserver software & version (if known)	apache2
PHP Version	php7.0

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2021-03-25 17:41	DenisChenu	New Issue
2021-03-25 17:41	DenisChenu	File Added: image001.png
2021-03-25 17:41	DenisChenu	File Added: PHP notice.html
2021-03-25 17:41	DenisChenu	Assigned To	=> DenisChenu
2021-03-25 17:41	DenisChenu	Status	new => assigned
2021-03-25 17:42	DenisChenu	Summary	kcfinder show notice error (even without debug) => Unable to use kcfinder with proxy enabled
2021-03-26 08:35	DenisChenu	Status	assigned => resolved
2021-03-26 08:35	DenisChenu	Resolution	open => fixed
2021-03-26 08:35	DenisChenu	Note Added: 63639
2021-03-26 08:36	DenisChenu	Assigned To	DenisChenu =>
2021-03-26 08:36	DenisChenu	Status	resolved => closed
2021-03-26 08:36	DenisChenu	Fixed in Version	=> 3.25.19
2021-03-26 08:36	DenisChenu	Note Added: 63640

DenisChenu 2021-03-26 08:35 developer ~63639	Oups … PS : still an issue with debug mode are not used

DenisChenu 2021-03-26 08:36 developer ~63640	https://github.com/LimeSurvey/LimeSurvey/commit/79324b3fe1284f67c2849d6c407bc20e94f022b4#diff-e442aabb345d285a9f65443b95ed7cd5153e18cca97e83352f10ae33a7bae0b4

View Issue Details

Users monitoring this issue

Activities

Issue History