View Issue Details

IDProjectCategoryView StatusLast Update
17206Bug reportsOtherpublic2021-03-26 08:36
ReporterDenisChenu Assigned To 
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version3.25.19 
Fixed in Version3.25.19 
Summary17206: Unable to use kcfinder with proxy enabled
DescriptionWith debug = 0 + php 7 + proxy : when try to use kcfinder : receive an error page
 Only variables should be passed by reference
Steps To ReproduceFix a server with a proxy and php7 and try
Additional InformationTo get the HTML page with line : i add `define('YII_DEBUG', true);` in browse.php file

The Notice hide a lack of php-gd …
TagsNo tags attached.
Complete LimeSurvey version number (& build)3.25.18
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database & DB-Versionmysql
Server OS (if known)debian9
Webserver software & version (if known)apache2
PHP Versionphp7.0

Activities

DenisChenu

DenisChenu

2021-03-25 17:41

developer  

image001.png (28,671 bytes)   
image001.png (28,671 bytes)   
PHP notice.html (7,840 bytes)   
<!DOCTYPE html PUBLIC
	"-//W3C//DTD XHTML 1.0 Transitional//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>PHP notice</title>

<style type="text/css">
/*<![CDATA[*/
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-size:100%;vertical-align:baseline;background:transparent;margin:0;padding:0;}
body{line-height:1;}
ol,ul{list-style:none;}
blockquote,q{quotes:none;}
blockquote:before,blockquote:after,q:before,q:after{content:none;}
:focus{outline:0;}
ins{text-decoration:none;}
del{text-decoration:line-through;}
table{border-collapse:collapse;border-spacing:0;}

body {
	font: normal 9pt "Verdana";
	color: #000;
	background: #fff;
}

h1 {
	font: normal 18pt "Verdana";
	color: #f00;
	margin-bottom: .5em;
}

h2 {
	font: normal 14pt "Verdana";
	color: #800000;
	margin-bottom: .5em;
}

h3 {
	font: bold 11pt "Verdana";
}

pre {
	font: normal 11pt Menlo, Consolas, "Lucida Console", Monospace;
}

pre span.error {
	display: block;
	background: #fce3e3;
}

pre span.ln {
	color: #999;
	padding-right: 0.5em;
	border-right: 1px solid #ccc;
}

pre span.error-ln {
	font-weight: bold;
}

.container {
	margin: 1em 4em;
}

.version {
	color: gray;
	font-size: 8pt;
	border-top: 1px solid #aaa;
	padding-top: 1em;
	margin-bottom: 1em;
}

.message {
	color: #000;
	padding: 1em;
	font-size: 11pt;
	background: #f3f3f3;
	-webkit-border-radius: 10px;
	-moz-border-radius: 10px;
	border-radius: 10px;
	margin-bottom: 1em;
	line-height: 160%;
}

.source {
	margin-bottom: 1em;
}

.code pre {
	background-color: #ffe;
	margin: 0.5em 0;
	padding: 0.5em;
	line-height: 125%;
	border: 1px solid #eee;
}

.source .file {
	margin-bottom: 1em;
	font-weight: bold;
}

.traces {
	margin: 2em 0;
}

.trace {
	margin: 0.5em 0;
	padding: 0.5em;
}

.trace.app {
	border: 1px dashed #c00;
}

.trace .number {
	text-align: right;
	width: 2em;
	padding: 0.5em;
}

.trace .content {
	padding: 0.5em;
}

.trace .plus,
.trace .minus {
	display:inline;
	vertical-align:middle;
	text-align:center;
	border:1px solid #000;
	color:#000;
	font-size:10px;
	line-height:10px;
	margin:0;
	padding:0 1px;
	width:10px;
	height:10px;
}

.trace.collapsed .minus,
.trace.expanded .plus,
.trace.collapsed pre {
	display: none;
}

.trace-file {
	cursor: pointer;
	padding: 0.2em;
}

.trace-file:hover {
	background: #f0ffff;
}
/*]]>*/
</style>
</head>

<body>
<div class="container">
	<h1>PHP notice</h1>

	<p class="message">
		Only variables should be passed by reference	</p>

	<div class="source">
		<p class="file">/var/www/html/limesurvey/third_party/kcfinder/core/class/uploader.php(155)</p>
		<div class="code"><pre><span class="ln">143</span>                     $this-&gt;config[$key] = $val;
<span class="ln">144</span> 
<span class="ln">145</span>             if (!isset($sessVar[&#039;self&#039;]))
<span class="ln">146</span>                 $sessVar[&#039;self&#039;] = array();
<span class="ln">147</span> 
<span class="ln">148</span>             $this-&gt;session = &amp;$sessVar[&#039;self&#039;];
<span class="ln">149</span> 
<span class="ln">150</span>         } else
<span class="ln">151</span>             $this-&gt;session = &amp;$_SESSION;
<span class="ln">152</span> 
<span class="ln">153</span>         // SECURING THE SESSION
<span class="ln">154</span>         $stamp = array(
<span class="error"><span class="ln error-ln">155</span>             &#039;ip&#039; =&gt; isset($_SERVER[&#039;HTTP_X_FORWARDED_FOR&#039;])? array_pop(explode(&#039;,&#039;, $_SERVER[&#039;HTTP_X_FORWARDED_FOR&#039;])): $_SERVER[&#039;REMOTE_ADDR&#039;],
</span><span class="ln">156</span>             &#039;agent&#039; =&gt; md5($_SERVER[&#039;HTTP_USER_AGENT&#039;])
<span class="ln">157</span>         );
<span class="ln">158</span>         if (!isset($this-&gt;session[&#039;stamp&#039;]))
<span class="ln">159</span>             $this-&gt;session[&#039;stamp&#039;] = $stamp;
<span class="ln">160</span>         elseif (!is_array($this-&gt;session[&#039;stamp&#039;]) || ($this-&gt;session[&#039;stamp&#039;] !== $stamp)) {
<span class="ln">161</span>             if ($this-&gt;session[&#039;stamp&#039;][&#039;ip&#039;] === $stamp[&#039;ip&#039;])
<span class="ln">162</span>                 session_destroy();
<span class="ln">163</span>             die;
<span class="ln">164</span>         }
<span class="ln">165</span> 
<span class="ln">166</span>         // IMAGE DRIVER INIT
<span class="ln">167</span>         if (isset($this-&gt;config[&#039;imageDriversPriority&#039;])) {
</pre></div>	</div>

	<div class="traces">
		<h2>Stack Trace</h2>
				<table style="width:100%;">
						<tr class="trace app expanded">
			<td class="number">
				#0			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/var/www/html/limesurvey/third_party/kcfinder/core/class/browser.php(23): <strong>kcfinder\uploader</strong>-><strong>__construct</strong>()				</div>

				<div class="code"><pre><span class="ln">18</span>     protected $action;
<span class="ln">19</span>     protected $thumbsDir;
<span class="ln">20</span>     protected $thumbsTypeDir;
<span class="ln">21</span> 
<span class="ln">22</span>     public function __construct() {
<span class="error"><span class="ln error-ln">23</span>         parent::__construct();
</span><span class="ln">24</span> 
<span class="ln">25</span>         // SECURITY CHECK INPUT DIRECTORY
<span class="ln">26</span>         if (isset($_POST[&#039;dir&#039;])) {
<span class="ln">27</span>             $dir = $this-&gt;checkInputDir($_POST[&#039;dir&#039;], true, false);
<span class="ln">28</span>             if ($dir === false) unset($_POST[&#039;dir&#039;]);
</pre></div>			</td>
		</tr>
						<tr class="trace app expanded">
			<td class="number">
				#1			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/var/www/html/limesurvey/third_party/kcfinder/browse.php(19): <strong>kcfinder\browser</strong>-><strong>__construct</strong>()				</div>

				<div class="code"><pre><span class="ln">14</span>   */
<span class="ln">15</span> define(&#039;YII_DEBUG&#039;, true);
<span class="ln">16</span> error_reporting(E_ALL);
<span class="ln">17</span> require &quot;core/bootstrap.php&quot;;
<span class="ln">18</span> $browser = &quot;kcfinder\\browser&quot;; // To execute core/bootstrap.php on older
<span class="error"><span class="ln error-ln">19</span> $browser = new $browser();      // PHP versions (even PHP 4)
</span><span class="ln">20</span> $browser-&gt;action();
<span class="ln">21</span> 
<span class="ln">22</span> ?&gt;
</pre></div>			</td>
		</tr>
				</table>
	</div>

	<div class="version">
		2021-03-25 17:14:10 Apache/2.4.25 (Debian) <a href="http://www.yiiframework.com/">Yii Framework</a>/1.1.21	</div>
</div>

<script type="text/javascript">
/*<![CDATA[*/
var traceReg = new RegExp("(^|\\s)trace-file(\\s|$)");
var collapsedReg = new RegExp("(^|\\s)collapsed(\\s|$)");

var e = document.getElementsByTagName("div");
for(var j=0,len=e.length;j<len;j++){
	if(traceReg.test(e[j].className)){
		e[j].onclick = function(){
			var trace = this.parentNode.parentNode;
			if(collapsedReg.test(trace.className))
				trace.className = trace.className.replace("collapsed", "expanded");
			else
				trace.className = trace.className.replace("expanded", "collapsed");
		}
	}
}
/*]]>*/
</script>

</body>
</html>
PHP notice.html (7,840 bytes)   
DenisChenu

DenisChenu

2021-03-26 08:35

developer   ~63639

Oups …

PS : still an issue with debug mode are not used
DenisChenu

DenisChenu

2021-03-26 08:36

developer   ~63640

https://github.com/LimeSurvey/LimeSurvey/commit/79324b3fe1284f67c2849d6c407bc20e94f022b4#diff-e442aabb345d285a9f65443b95ed7cd5153e18cca97e83352f10ae33a7bae0b4

Issue History

Date Modified Username Field Change
2021-03-25 17:41 DenisChenu New Issue
2021-03-25 17:41 DenisChenu File Added: image001.png
2021-03-25 17:41 DenisChenu File Added: PHP notice.html
2021-03-25 17:41 DenisChenu Assigned To => DenisChenu
2021-03-25 17:41 DenisChenu Status new => assigned
2021-03-25 17:42 DenisChenu Summary kcfinder show notice error (even without debug) => Unable to use kcfinder with proxy enabled
2021-03-26 08:35 DenisChenu Status assigned => resolved
2021-03-26 08:35 DenisChenu Resolution open => fixed
2021-03-26 08:35 DenisChenu Note Added: 63639
2021-03-26 08:36 DenisChenu Assigned To DenisChenu =>
2021-03-26 08:36 DenisChenu Status resolved => closed
2021-03-26 08:36 DenisChenu Fixed in Version => 3.25.19
2021-03-26 08:36 DenisChenu Note Added: 63640