View Issue Details

IDProjectCategoryView StatusLast Update
17353Bug reportsSurvey participants (Tokens)public2021-06-07 12:38
Reporterpathros Assigned Toollehar  
PriorityimmediateSeveritycrash 
Status resolvedResolutionfixed 
Product Version5.x 
Summary17353: Argument 1 must be at least CRYPTO_SIGN_BYTES long
DescriptionI created a new survey, which I want it to be anonymous but with a list of participants. I have created tokens and sent them to the participants. However, when they click on the invitation link, they get the following error:

    Server error 500: Argument 1 must be at least CRYPTO_SIGN_BYTES long.


Taking a look into the source code, right at the "compat.php" file we have:

const CRYPTO_SIGN_BYTES = 64;
/* Input validation: */
if (ParagonIE_Sodium_Core_Util::strlen($signedMessage) < self::CRYPTO_SIGN_BYTES)
{
   throw new SodiumException('Argument 1 must be at least CRYPTO_SIGN_BYTES long.');
}



In Limesurvey, if I attempt to set a 64 token long, it changes it to 15.
So, I don't get it. What should be longer than 64?

What does that mean??? How can I fix it??? Can anybody shed some light?

I have tried the same thing in Limesurvey version 3 LTS, and everything works flawlessly. However, I want to use the version 5, since it has the ability to encrypt the email addresses.
Steps To Reproduce1.- Set the survey to anonymous and restricted to a specific list of participants.

2.- Create a new list of participants. Only fill the email field. Let both the firstname and lastname be null. Set the three fields, firstname, lastname, and email be encrypted.

3.- Create the tokens and send them to the participants.
 
4.- Right from the email inbox, click on the invitation link. You should get that error: Server error 500: Argument 1 must be at least CRYPTO_SIGN_BYTES long.

Note: However, if you click on the unsubscribe link, it does work!
Additional InformationI am using latest version of Limesurvey 5.0.1.

Moreover, I got this answer from Paragonie:

 It sounds like Limesurvey has a bug in their code that uses sodium_compat rather than a sodium_compat bug. https://github.com/LimeSurvey/LimeSurvey/blob/1a013ec45e0336650560d078a3038b05c7bb4135/application/core/LSSodium.php#L88-L128 Weirdly, their function claims to be "encryption" but isn't.We recommend talking to the Limesurvey developers. Paragon Initiative Enterprises does not develop or support Limesurvey.
Tagsadd_participants, bug
Complete LimeSurvey version number (& build)5.0.1 build 210532
I will donate to the project if issue is resolvedNo
BrowserFirefox
Database & DB-VersionMySQL 5.7 and MySQL 8
Server OS (if known)Ubuntu 18 and 20
Webserver software & version (if known)Nginx 1.15.8
PHP Version7.4

Activities

pathros

pathros

2021-06-04 21:06

reporter  

limesurvey_survey_624727.lss (23,775 bytes)   
<?xml version="1.0" encoding="UTF-8"?>
<document>
 <LimeSurveyDocType>Survey</LimeSurveyDocType>
 <DBVersion>448</DBVersion>
 <languages>
  <language>es-MX</language>
 </languages>
 <groups>
  <fields>
   <fieldname>gid</fieldname>
   <fieldname>sid</fieldname>
   <fieldname>group_order</fieldname>
   <fieldname>randomization_group</fieldname>
   <fieldname>grelevance</fieldname>
  </fields>
  <rows>
   <row>
    <gid><![CDATA[1]]></gid>
    <sid><![CDATA[624727]]></sid>
    <group_order><![CDATA[1]]></group_order>
    <randomization_group/>
    <grelevance><![CDATA[1]]></grelevance>
   </row>
  </rows>
 </groups>
 <group_l10ns>
  <fields>
   <fieldname>id</fieldname>
   <fieldname>gid</fieldname>
   <fieldname>group_name</fieldname>
   <fieldname>description</fieldname>
   <fieldname>language</fieldname>
   <fieldname>sid</fieldname>
   <fieldname>group_order</fieldname>
   <fieldname>randomization_group</fieldname>
   <fieldname>grelevance</fieldname>
  </fields>
  <rows>
   <row>
    <id><![CDATA[1]]></id>
    <gid><![CDATA[1]]></gid>
    <group_name><![CDATA[Mi primer grupo de preguntas]]></group_name>
    <language><![CDATA[es-MX]]></language>
    <sid><![CDATA[624727]]></sid>
    <group_order><![CDATA[1]]></group_order>
    <randomization_group/>
    <grelevance><![CDATA[1]]></grelevance>
   </row>
  </rows>
 </group_l10ns>
 <questions>
  <fields>
   <fieldname>qid</fieldname>
   <fieldname>parent_qid</fieldname>
   <fieldname>sid</fieldname>
   <fieldname>gid</fieldname>
   <fieldname>type</fieldname>
   <fieldname>title</fieldname>
   <fieldname>preg</fieldname>
   <fieldname>other</fieldname>
   <fieldname>mandatory</fieldname>
   <fieldname>encrypted</fieldname>
   <fieldname>question_order</fieldname>
   <fieldname>scale_id</fieldname>
   <fieldname>same_default</fieldname>
   <fieldname>relevance</fieldname>
   <fieldname>modulename</fieldname>
  </fields>
  <rows>
   <row>
    <qid><![CDATA[1]]></qid>
    <parent_qid><![CDATA[0]]></parent_qid>
    <sid><![CDATA[624727]]></sid>
    <gid><![CDATA[1]]></gid>
    <type><![CDATA[Q]]></type>
    <title><![CDATA[Q00]]></title>
    <preg/>
    <other><![CDATA[N]]></other>
    <mandatory><![CDATA[N]]></mandatory>
    <encrypted><![CDATA[N]]></encrypted>
    <question_order><![CDATA[1]]></question_order>
    <scale_id><![CDATA[0]]></scale_id>
    <same_default><![CDATA[0]]></same_default>
    <relevance><![CDATA[1]]></relevance>
   </row>
  </rows>
 </questions>
 <subquestions>
  <fields>
   <fieldname>qid</fieldname>
   <fieldname>parent_qid</fieldname>
   <fieldname>sid</fieldname>
   <fieldname>gid</fieldname>
   <fieldname>type</fieldname>
   <fieldname>title</fieldname>
   <fieldname>preg</fieldname>
   <fieldname>other</fieldname>
   <fieldname>mandatory</fieldname>
   <fieldname>encrypted</fieldname>
   <fieldname>question_order</fieldname>
   <fieldname>scale_id</fieldname>
   <fieldname>same_default</fieldname>
   <fieldname>relevance</fieldname>
   <fieldname>modulename</fieldname>
  </fields>
  <rows>
   <row>
    <qid><![CDATA[53]]></qid>
    <parent_qid><![CDATA[1]]></parent_qid>
    <sid><![CDATA[624727]]></sid>
    <gid><![CDATA[1]]></gid>
    <type><![CDATA[T]]></type>
    <title><![CDATA[SQ001]]></title>
    <other><![CDATA[N]]></other>
    <encrypted><![CDATA[N]]></encrypted>
    <question_order><![CDATA[0]]></question_order>
    <scale_id><![CDATA[0]]></scale_id>
    <same_default><![CDATA[0]]></same_default>
    <relevance><![CDATA[1]]></relevance>
   </row>
   <row>
    <qid><![CDATA[54]]></qid>
    <parent_qid><![CDATA[1]]></parent_qid>
    <sid><![CDATA[624727]]></sid>
    <gid><![CDATA[1]]></gid>
    <type><![CDATA[T]]></type>
    <title><![CDATA[SQ002]]></title>
    <other><![CDATA[N]]></other>
    <encrypted><![CDATA[N]]></encrypted>
    <question_order><![CDATA[1]]></question_order>
    <scale_id><![CDATA[0]]></scale_id>
    <same_default><![CDATA[0]]></same_default>
    <relevance><![CDATA[1]]></relevance>
   </row>
   <row>
    <qid><![CDATA[55]]></qid>
    <parent_qid><![CDATA[1]]></parent_qid>
    <sid><![CDATA[624727]]></sid>
    <gid><![CDATA[1]]></gid>
    <type><![CDATA[T]]></type>
    <title><![CDATA[SQ003]]></title>
    <other><![CDATA[N]]></other>
    <encrypted><![CDATA[N]]></encrypted>
    <question_order><![CDATA[2]]></question_order>
    <scale_id><![CDATA[0]]></scale_id>
    <same_default><![CDATA[0]]></same_default>
    <relevance><![CDATA[1]]></relevance>
   </row>
   <row>
    <qid><![CDATA[56]]></qid>
    <parent_qid><![CDATA[1]]></parent_qid>
    <sid><![CDATA[624727]]></sid>
    <gid><![CDATA[1]]></gid>
    <type><![CDATA[T]]></type>
    <title><![CDATA[SQ004]]></title>
    <other><![CDATA[N]]></other>
    <encrypted><![CDATA[N]]></encrypted>
    <question_order><![CDATA[3]]></question_order>
    <scale_id><![CDATA[0]]></scale_id>
    <same_default><![CDATA[0]]></same_default>
    <relevance><![CDATA[1]]></relevance>
   </row>
   <row>
    <qid><![CDATA[57]]></qid>
    <parent_qid><![CDATA[1]]></parent_qid>
    <sid><![CDATA[624727]]></sid>
    <gid><![CDATA[1]]></gid>
    <type><![CDATA[T]]></type>
    <title><![CDATA[SQ005]]></title>
    <other><![CDATA[N]]></other>
    <encrypted><![CDATA[N]]></encrypted>
    <question_order><![CDATA[4]]></question_order>
    <scale_id><![CDATA[0]]></scale_id>
    <same_default><![CDATA[0]]></same_default>
    <relevance><![CDATA[1]]></relevance>
   </row>
  </rows>
 </subquestions>
 <question_l10ns>
  <fields>
   <fieldname>id</fieldname>
   <fieldname>qid</fieldname>
   <fieldname>question</fieldname>
   <fieldname>help</fieldname>
   <fieldname>script</fieldname>
   <fieldname>language</fieldname>
  </fields>
  <rows>
   <row>
    <id><![CDATA[1]]></id>
    <qid><![CDATA[1]]></qid>
    <question><![CDATA[Teclee en cada cuadro el nombre completo de cada candidato de su preferencia (sólo el número de candidatos que usted prefiera. No es obligatorio que llene todos los cuadros.):]]></question>
    <help/>
    <script/>
    <language><![CDATA[es-MX]]></language>
   </row>
   <row>
    <id><![CDATA[53]]></id>
    <qid><![CDATA[53]]></qid>
    <question><![CDATA[Candidato 1]]></question>
    <language><![CDATA[es-MX]]></language>
   </row>
   <row>
    <id><![CDATA[54]]></id>
    <qid><![CDATA[54]]></qid>
    <question><![CDATA[Candidato 2]]></question>
    <language><![CDATA[es-MX]]></language>
   </row>
   <row>
    <id><![CDATA[55]]></id>
    <qid><![CDATA[55]]></qid>
    <question><![CDATA[Candidato 3]]></question>
    <language><![CDATA[es-MX]]></language>
   </row>
   <row>
    <id><![CDATA[56]]></id>
    <qid><![CDATA[56]]></qid>
    <question><![CDATA[Candidato 4]]></question>
    <language><![CDATA[es-MX]]></language>
   </row>
   <row>
    <id><![CDATA[57]]></id>
    <qid><![CDATA[57]]></qid>
    <question><![CDATA[Candidato 5]]></question>
    <language><![CDATA[es-MX]]></language>
   </row>
  </rows>
 </question_l10ns>
 <question_attributes>
  <fields>
   <fieldname>qid</fieldname>
   <fieldname>attribute</fieldname>
   <fieldname>value</fieldname>
   <fieldname>language</fieldname>
  </fields>
  <rows>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[autoaddnewline]]></attribute>
    <value><![CDATA[yes]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[addlineicon]]></attribute>
    <value><![CDATA[plus-circle]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[prefix]]></attribute>
    <value/>
    <language><![CDATA[es-MX]]></language>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[suffix]]></attribute>
    <value/>
    <language><![CDATA[es-MX]]></language>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[text_input_columns]]></attribute>
    <value><![CDATA[9]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[label_input_columns]]></attribute>
    <value/>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[random_order]]></attribute>
    <value><![CDATA[0]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[input_size]]></attribute>
    <value/>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[display_rows]]></attribute>
    <value/>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[hide_tip]]></attribute>
    <value><![CDATA[0]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[hidden]]></attribute>
    <value><![CDATA[0]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[cssclass]]></attribute>
    <value/>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[maximum_chars]]></attribute>
    <value><![CDATA[100]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[min_answers]]></attribute>
    <value><![CDATA[1]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[max_answers]]></attribute>
    <value><![CDATA[5]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[array_filter]]></attribute>
    <value/>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[array_filter_style]]></attribute>
    <value><![CDATA[0]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[array_filter_exclude]]></attribute>
    <value/>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[exclude_all_others]]></attribute>
    <value/>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[random_group]]></attribute>
    <value/>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[em_validation_q]]></attribute>
    <value/>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[em_validation_q_tip]]></attribute>
    <value/>
    <language><![CDATA[es-MX]]></language>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[em_validation_sq]]></attribute>
    <value/>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[em_validation_sq_tip]]></attribute>
    <value/>
    <language><![CDATA[es-MX]]></language>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[page_break]]></attribute>
    <value><![CDATA[0]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[numbers_only]]></attribute>
    <value><![CDATA[0]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[statistics_showgraph]]></attribute>
    <value><![CDATA[0]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[statistics_graphtype]]></attribute>
    <value><![CDATA[0]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[question_template]]></attribute>
    <value><![CDATA[inputondemand]]></value>
    <language/>
   </row>
   <row>
    <qid><![CDATA[1]]></qid>
    <attribute><![CDATA[save_as_default]]></attribute>
    <value><![CDATA[N]]></value>
    <language/>
   </row>
  </rows>
 </question_attributes>
 <surveys>
  <fields>
   <fieldname>sid</fieldname>
   <fieldname>gsid</fieldname>
   <fieldname>admin</fieldname>
   <fieldname>expires</fieldname>
   <fieldname>startdate</fieldname>
   <fieldname>adminemail</fieldname>
   <fieldname>anonymized</fieldname>
   <fieldname>faxto</fieldname>
   <fieldname>format</fieldname>
   <fieldname>savetimings</fieldname>
   <fieldname>template</fieldname>
   <fieldname>language</fieldname>
   <fieldname>additional_languages</fieldname>
   <fieldname>datestamp</fieldname>
   <fieldname>usecookie</fieldname>
   <fieldname>allowregister</fieldname>
   <fieldname>allowsave</fieldname>
   <fieldname>autonumber_start</fieldname>
   <fieldname>autoredirect</fieldname>
   <fieldname>allowprev</fieldname>
   <fieldname>printanswers</fieldname>
   <fieldname>ipaddr</fieldname>
   <fieldname>ipanonymize</fieldname>
   <fieldname>refurl</fieldname>
   <fieldname>showsurveypolicynotice</fieldname>
   <fieldname>publicstatistics</fieldname>
   <fieldname>publicgraphs</fieldname>
   <fieldname>listpublic</fieldname>
   <fieldname>htmlemail</fieldname>
   <fieldname>sendconfirmation</fieldname>
   <fieldname>tokenanswerspersistence</fieldname>
   <fieldname>assessments</fieldname>
   <fieldname>usecaptcha</fieldname>
   <fieldname>usetokens</fieldname>
   <fieldname>bounce_email</fieldname>
   <fieldname>attributedescriptions</fieldname>
   <fieldname>emailresponseto</fieldname>
   <fieldname>emailnotificationto</fieldname>
   <fieldname>tokenlength</fieldname>
   <fieldname>showxquestions</fieldname>
   <fieldname>showgroupinfo</fieldname>
   <fieldname>shownoanswer</fieldname>
   <fieldname>showqnumcode</fieldname>
   <fieldname>bouncetime</fieldname>
   <fieldname>bounceprocessing</fieldname>
   <fieldname>bounceaccounttype</fieldname>
   <fieldname>bounceaccounthost</fieldname>
   <fieldname>bounceaccountpass</fieldname>
   <fieldname>bounceaccountencryption</fieldname>
   <fieldname>bounceaccountuser</fieldname>
   <fieldname>showwelcome</fieldname>
   <fieldname>showprogress</fieldname>
   <fieldname>questionindex</fieldname>
   <fieldname>navigationdelay</fieldname>
   <fieldname>nokeyboard</fieldname>
   <fieldname>alloweditaftercompletion</fieldname>
   <fieldname>googleanalyticsstyle</fieldname>
   <fieldname>googleanalyticsapikey</fieldname>
   <fieldname>tokenencryptionoptions</fieldname>
  </fields>
  <rows>
   <row>
    <sid><![CDATA[624727]]></sid>
    <gsid><![CDATA[1]]></gsid>
    <admin><![CDATA[Administrador del sistema]]></admin>
    <expires><![CDATA[2021-06-19 18:37:00]]></expires>
    <startdate><![CDATA[2021-06-03 18:37:00]]></startdate>
    <adminemail><![CDATA[patrotsky@yahoo.com]]></adminemail>
    <anonymized><![CDATA[Y]]></anonymized>
    <faxto/>
    <format><![CDATA[I]]></format>
    <savetimings><![CDATA[Y]]></savetimings>
    <template><![CDATA[bootswatch]]></template>
    <language><![CDATA[es-MX]]></language>
    <additional_languages/>
    <datestamp><![CDATA[Y]]></datestamp>
    <usecookie><![CDATA[Y]]></usecookie>
    <allowregister><![CDATA[N]]></allowregister>
    <allowsave><![CDATA[I]]></allowsave>
    <autonumber_start><![CDATA[1]]></autonumber_start>
    <autoredirect><![CDATA[I]]></autoredirect>
    <allowprev><![CDATA[I]]></allowprev>
    <printanswers><![CDATA[I]]></printanswers>
    <ipaddr><![CDATA[N]]></ipaddr>
    <ipanonymize><![CDATA[Y]]></ipanonymize>
    <refurl><![CDATA[N]]></refurl>
    <showsurveypolicynotice><![CDATA[0]]></showsurveypolicynotice>
    <publicstatistics><![CDATA[I]]></publicstatistics>
    <publicgraphs><![CDATA[I]]></publicgraphs>
    <listpublic><![CDATA[N]]></listpublic>
    <htmlemail><![CDATA[I]]></htmlemail>
    <sendconfirmation><![CDATA[I]]></sendconfirmation>
    <tokenanswerspersistence><![CDATA[I]]></tokenanswerspersistence>
    <assessments><![CDATA[I]]></assessments>
    <usecaptcha><![CDATA[R]]></usecaptcha>
    <usetokens><![CDATA[N]]></usetokens>
    <bounce_email><![CDATA[patrotsky@yahoo.com]]></bounce_email>
    <attributedescriptions><![CDATA[{"firstname":{"encrypted":"Y"},"lastname":{"encrypted":"Y"},"email":{"encrypted":"Y"}}]]></attributedescriptions>
    <emailresponseto><![CDATA[inherit]]></emailresponseto>
    <emailnotificationto><![CDATA[inherit]]></emailnotificationto>
    <tokenlength><![CDATA[32]]></tokenlength>
    <showxquestions><![CDATA[I]]></showxquestions>
    <showgroupinfo><![CDATA[I]]></showgroupinfo>
    <shownoanswer><![CDATA[I]]></shownoanswer>
    <showqnumcode><![CDATA[I]]></showqnumcode>
    <bounceprocessing><![CDATA[N]]></bounceprocessing>
    <showwelcome><![CDATA[I]]></showwelcome>
    <showprogress><![CDATA[I]]></showprogress>
    <questionindex><![CDATA[-1]]></questionindex>
    <navigationdelay><![CDATA[-1]]></navigationdelay>
    <nokeyboard><![CDATA[I]]></nokeyboard>
    <alloweditaftercompletion><![CDATA[N]]></alloweditaftercompletion>
    <googleanalyticsstyle/>
    <googleanalyticsapikey/>
    <tokenencryptionoptions><![CDATA[{ "enabled":"Y","columns":{ "firstname":"Y","lastname":"Y","email":"Y" } }]]></tokenencryptionoptions>
   </row>
  </rows>
 </surveys>
 <surveys_languagesettings>
  <fields>
   <fieldname>surveyls_survey_id</fieldname>
   <fieldname>surveyls_language</fieldname>
   <fieldname>surveyls_title</fieldname>
   <fieldname>surveyls_description</fieldname>
   <fieldname>surveyls_welcometext</fieldname>
   <fieldname>surveyls_endtext</fieldname>
   <fieldname>surveyls_policy_notice</fieldname>
   <fieldname>surveyls_policy_error</fieldname>
   <fieldname>surveyls_policy_notice_label</fieldname>
   <fieldname>surveyls_url</fieldname>
   <fieldname>surveyls_urldescription</fieldname>
   <fieldname>surveyls_email_invite_subj</fieldname>
   <fieldname>surveyls_email_invite</fieldname>
   <fieldname>surveyls_email_remind_subj</fieldname>
   <fieldname>surveyls_email_remind</fieldname>
   <fieldname>surveyls_email_register_subj</fieldname>
   <fieldname>surveyls_email_register</fieldname>
   <fieldname>surveyls_email_confirm_subj</fieldname>
   <fieldname>surveyls_email_confirm</fieldname>
   <fieldname>surveyls_dateformat</fieldname>
   <fieldname>surveyls_attributecaptions</fieldname>
   <fieldname>email_admin_notification_subj</fieldname>
   <fieldname>email_admin_notification</fieldname>
   <fieldname>email_admin_responses_subj</fieldname>
   <fieldname>email_admin_responses</fieldname>
   <fieldname>surveyls_numberformat</fieldname>
   <fieldname>attachments</fieldname>
  </fields>
  <rows>
   <row>
    <surveyls_survey_id><![CDATA[624727]]></surveyls_survey_id>
    <surveyls_language><![CDATA[es-MX]]></surveyls_language>
    <surveyls_title><![CDATA[Auscultación cuantitativa a aspirantes para ocupar el cargo de Director del IISUNAM]]></surveyls_title>
    <surveyls_description/>
    <surveyls_welcometext/>
    <surveyls_endtext/>
    <surveyls_policy_notice/>
    <surveyls_policy_notice_label/>
    <surveyls_url/>
    <surveyls_urldescription/>
    <surveyls_email_invite_subj><![CDATA[Invitación a participar en una encuesta]]></surveyls_email_invite_subj>
    <surveyls_email_invite><![CDATA[Estimado/a {FIRSTNAME},

usted ha sido invitado a participar en una encuesta.

La encuesta es titulada:
"{SURVEYNAME}"

"{SURVEYDESCRIPTION}"

Para participar, por favor pulse en el siguiente enlace.

Atentamente,

{ADMINNAME} ({ADMINEMAIL}) 
Pulse aquí para hacer la encuesta:
{SURVEYURL}

Si no desea participar más en esta encuesta y no quiere recibir más invitaciones, por favor haga click en el siguiente link:
{OPTOUTURL}

Si está en la lista negra, pero desea participar en esta encuesta y desea recibir invitaciones por favor haga clic en el siguiente enlace:
{OpenUrl} ]]></surveyls_email_invite>
    <surveyls_email_remind_subj><![CDATA[Recordatorio para participar en una encuesta]]></surveyls_email_remind_subj>
    <surveyls_email_remind><![CDATA[Estimado/a {FIRSTNAME} {LASTNAME}:

Recientemente se le invitó a participar en la encuesta de título

«{SURVEYNAME}»

«{SURVEYDESCRIPTION}»

Advertimos que aún no la ha completado, y de la forma más atenta queríamos recordarle que todavía se encuentra disponible si desea participar.

Para hacerlo, por favor pulse en el siguiente enlace.

{SURVEYURL}

Nuevamente le agradecemos su interés y colaboración.
Atentamente,

{ADMINNAME} ({ADMINEMAIL})

Si no desea participar más en esta encuesta y no quiere recibir más invitaciones, por favor haga click en el siguiente link:
{OPTOUTURL}]]></surveyls_email_remind>
    <surveyls_email_register_subj><![CDATA[Confirmación de inscripción en la encuesta]]></surveyls_email_register_subj>
    <surveyls_email_register><![CDATA[Estimado/a {FIRSTNAME} {LASTNAME}:

Usted, o alguien utilizando su dirección de correo electrónico, se ha registrado para participar en un cuestionario en línea titulado "{SURVEYNAME}".

Para completarla, pulse en la siguiente URL:

{SURVEYURL}

Si tiene dudas con respecto al cuestionario, o si no se registró para participar y cree que este correo es un error, por favor, póngase en contacto con {ADMINNAME} en {ADMINEMAIL}.]]></surveyls_email_register>
    <surveyls_email_confirm_subj><![CDATA[Confirmación de su participación en nuestra encuesta]]></surveyls_email_confirm_subj>
    <surveyls_email_confirm><![CDATA[Estimado/a {FIRSTNAME},

este correo es para confirmarle que ha completado la encuesta titulada {SURVEYNAME} y sus respuestas han sido guardadas. Gracias por su participación.

Si tiene alguna duda sobre este correo electrónico, por favor póngase en contacto con {ADMINNAME} en {ADMINEMAIL}.

Reciba un muy cordial saludo,

{ADMINNAME}]]></surveyls_email_confirm>
    <surveyls_dateformat><![CDATA[5]]></surveyls_dateformat>
    <surveyls_attributecaptions/>
    <email_admin_notification_subj><![CDATA[Responder envío de encuesta {SURVEYNAME}]]></email_admin_notification_subj>
    <email_admin_notification><![CDATA[Hola,

Una nueva respuesta ha sido realizada para su encuesta '{SURVEYNAME}'.

Click en el siguiente link para recargar la encuesta:
{RELOADURL}

Click en el siguiente link para ver la respuesta individualmente:
{VIEWRESPONSEURL}

Click en el siguiente link para editar la respuesta:
{EDITRESPONSEURL}

Vea las estadísticas aquí:
{STATISTICSURL}


Las siguientes respuestas fueron subidas por:
{ANSWERTABLE}]]></email_admin_notification>
    <email_admin_responses_subj><![CDATA[Responder envío de encuesta {SURVEYNAME} con resultados]]></email_admin_responses_subj>
    <email_admin_responses><![CDATA[Hola,

Una nueva respuesta ha sido realizada para su encuesta '{SURVEYNAME}'.

Click en el siguiente link para recargar la encuesta:
{RELOADURL}

Click en el siguiente link para ver la respuesta individualmente:
{VIEWRESPONSEURL}

Click en el siguiente link para editar la respuesta:
{EDITRESPONSEURL}

Vea las estadísticas aquí:
{STATISTICSURL}


Las siguientes respuestas fueron subidas por:
{ANSWERTABLE}]]></email_admin_responses>
    <surveyls_numberformat><![CDATA[0]]></surveyls_numberformat>
   </row>
  </rows>
 </surveys_languagesettings>
 <themes>
  <theme>
   <sid>624727</sid>
   <template_name>bootswatch</template_name>
   <config>
    <options>inherit</options>
   </config>
  </theme>
  <theme>
   <sid>624727</sid>
   <template_name>fruity</template_name>
   <config>
    <options>inherit</options>
   </config>
  </theme>
 </themes>
 <themes_inherited>
  <theme>
   <sid>624727</sid>
   <template_name>bootswatch</template_name>
   <config>
    <options>
     <ajaxmode>off</ajaxmode>
     <brandlogo>on</brandlogo>
     <container>on</container>
     <brandlogofile>themes/survey/bootswatch/files/logo.png</brandlogofile>
     <showpopups>1</showpopups>
     <showclearall>off</showclearall>
     <questionhelptextposition>top</questionhelptextposition>
    </options>
   </config>
  </theme>
  <theme>
   <sid>624727</sid>
   <template_name>fruity</template_name>
   <config>
    <options>
     <ajaxmode>off</ajaxmode>
     <brandlogo>on</brandlogo>
     <container>on</container>
     <brandlogofile>themes/survey/bootswatch/files/logo.png</brandlogofile>
     <showpopups>1</showpopups>
     <showclearall>off</showclearall>
     <questionhelptextposition>top</questionhelptextposition>
    </options>
   </config>
  </theme>
 </themes_inherited>
</document>
limesurvey_survey_624727.lss (23,775 bytes)   
ollehar

ollehar

2021-06-04 21:08

administrator   ~64748

Try to install the sodium PHP extension.
DenisChenu

DenisChenu

2021-06-05 10:14

developer   ~64749

> their function claims to be "encryption" but isn't

This seems a real security issue here.
ollehar

ollehar

2021-06-05 10:26

administrator   ~64750

No idea what they meant by that.
DenisChenu

DenisChenu

2021-06-05 11:01

developer   ~64751

@pathros : maybe you can give us the contact at Paragon Initiative Enterprises

Else : i confirm the issue : empty firstname and/or lastname send error.. OK if they are not empty.


And seems there are another issue when edit token (i edit after send and they are set to terminate …)
SodiumException.html (27,446 bytes)   
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>SodiumException</title>

<style type="text/css">
/*<![CDATA[*/
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-size:100%;vertical-align:baseline;background:transparent;margin:0;padding:0;}
body{line-height:1;}
ol,ul{list-style:none;}
blockquote,q{quotes:none;}
blockquote:before,blockquote:after,q:before,q:after{content:none;}
:focus{outline:0;}
ins{text-decoration:none;}
del{text-decoration:line-through;}
table{border-collapse:collapse;border-spacing:0;}

body {
	font: normal 9pt "Verdana";
	color: #000;
	background: #fff;
}

h1 {
	font: normal 18pt "Verdana";
	color: #f00;
	margin-bottom: .5em;
}

h2 {
	font: normal 14pt "Verdana";
	color: #800000;
	margin-bottom: .5em;
}

h3 {
	font: bold 11pt "Verdana";
}

pre {
	font: normal 11pt Menlo, Consolas, "Lucida Console", Monospace;
}

pre span.error {
	display: block;
	background: #fce3e3;
}

pre span.ln {
	color: #999;
	padding-right: 0.5em;
	border-right: 1px solid #ccc;
}

pre span.error-ln {
	font-weight: bold;
}

.container {
	margin: 1em 4em;
}

.version {
	color: gray;
	font-size: 8pt;
	border-top: 1px solid #aaa;
	padding-top: 1em;
	margin-bottom: 1em;
}

.message {
	color: #000;
	padding: 1em;
	font-size: 11pt;
	background: #f3f3f3;
	-webkit-border-radius: 10px;
	-moz-border-radius: 10px;
	border-radius: 10px;
	margin-bottom: 1em;
	line-height: 160%;
}

.source {
	margin-bottom: 1em;
}

.code pre {
	background-color: #ffe;
	margin: 0.5em 0;
	padding: 0.5em;
	line-height: 125%;
	border: 1px solid #eee;
}

.source .file {
	margin-bottom: 1em;
	font-weight: bold;
}

.traces {
	margin: 2em 0;
}

.trace {
	margin: 0.5em 0;
	padding: 0.5em;
}

.trace.app {
	border: 1px dashed #c00;
}

.trace .number {
	text-align: right;
	width: 2em;
	padding: 0.5em;
}

.trace .content {
	padding: 0.5em;
}

.trace .plus,
.trace .minus {
	display:inline;
	vertical-align:middle;
	text-align:center;
	border:1px solid #000;
	color:#000;
	font-size:10px;
	line-height:10px;
	margin:0;
	padding:0 1px;
	width:10px;
	height:10px;
}

.trace.collapsed .minus,
.trace.expanded .plus,
.trace.collapsed pre {
	display: none;
}

.trace-file {
	cursor: pointer;
	padding: 0.2em;
}

.trace-file:hover {
	background: #f0ffff;
}
/*]]>*/
</style>
</head>

<body>
<div class="container">
	<h1>SodiumException</h1>

	<p class="message">
		Argument 1 must be at least CRYPTO_SIGN_BYTES long.	</p>

	<div class="source">
		<p class="file">/mnt/data/shnoulle/nginx/www/master/third_party/paragonie/sodium_compat/src/Compat.php(2633)</p>
		<div class="code"><pre><span class="ln">2621</span>      * @psalm-suppress MixedArgument
<span class="ln">2622</span>      * @psalm-suppress MixedInferredReturnType
<span class="ln">2623</span>      * @psalm-suppress MixedReturnStatement
<span class="ln">2624</span>      */
<span class="ln">2625</span>     public static function crypto_sign_open($signedMessage, $publicKey)
<span class="ln">2626</span>     {
<span class="ln">2627</span>         /* Type checks: */
<span class="ln">2628</span>         ParagonIE_Sodium_Core_Util::declareScalarType($signedMessage, 'string', 1);
<span class="ln">2629</span>         ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2);
<span class="ln">2630</span> 
<span class="ln">2631</span>         /* Input validation: */
<span class="ln">2632</span>         if (ParagonIE_Sodium_Core_Util::strlen($signedMessage) &lt; self::CRYPTO_SIGN_BYTES) {
<span class="error"><span class="ln error-ln">2633</span>             throw new SodiumException('Argument 1 must be at least CRYPTO_SIGN_BYTES long.');
</span><span class="ln">2634</span>         }
<span class="ln">2635</span>         if (ParagonIE_Sodium_Core_Util::strlen($publicKey) !== self::CRYPTO_SIGN_PUBLICKEYBYTES) {
<span class="ln">2636</span>             throw new SodiumException('Argument 2 must be CRYPTO_SIGN_PUBLICKEYBYTES long.');
<span class="ln">2637</span>         }
<span class="ln">2638</span> 
<span class="ln">2639</span>         if (self::useNewSodiumAPI()) {
<span class="ln">2640</span>             /**
<span class="ln">2641</span>              * @psalm-suppress InvalidReturnStatement
<span class="ln">2642</span>              * @psalm-suppress FalsableReturnStatement
<span class="ln">2643</span>              */
<span class="ln">2644</span>             return sodium_crypto_sign_open($signedMessage, $publicKey);
<span class="ln">2645</span>         }
</pre></div>	</div>

	<div class="traces">
		<h2>Stack Trace</h2>
				<table style="width:100%;">
						<tbody><tr class="trace app expanded">
			<td class="number">
				#0			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/core/LSSodium.php(118): <strong>ParagonIE_Sodium_Compat</strong>::<strong>crypto_sign_open</strong>()				</div>

				<div class="code"><pre><span class="ln">113</span>      */
<span class="ln">114</span>     public function decrypt($sEncryptedString, $bReturnFalseIfError = false)
<span class="ln">115</span>     {
<span class="ln">116</span>         if ($this-&gt;bLibraryExists === true) {
<span class="ln">117</span>             if (!empty($sEncryptedString) &amp;&amp; $sEncryptedString != 'null') {
<span class="error"><span class="ln error-ln">118</span>                 $plaintext = ParagonIE_Sodium_Compat::crypto_sign_open(base64_decode($sEncryptedString), $this-&gt;sEncryptionPublicKey);
</span><span class="ln">119</span>                 if ($plaintext === false) {
<span class="ln">120</span>                     throw new SodiumException(sprintf(gT("Wrong decryption key! Decryption key has changed since this data were last saved, so data can't be decrypted. Please consult our manual at %s.", 'unescaped'), 'https://manual.limesurvey.org/Data_encryption#Errors'));
<span class="ln">121</span>                 } else {
<span class="ln">122</span>                     return $plaintext;
<span class="ln">123</span>                 }
</pre></div>			</td>
		</tr>
						<tr class="trace app expanded">
			<td class="number">
				#1			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/models/LSActiveRecord.php(430): <strong>LSSodium</strong>-&gt;<strong>decrypt</strong>()				</div>

				<div class="code"><pre><span class="ln">425</span>             $updatedValues = $LEM-&gt;getUpdatedValues();
<span class="ln">426</span>             foreach ($attributes as $key =&gt; $attribute) {
<span class="ln">427</span>                 if ($action === 'decrypt' &amp;&amp; array_key_exists($key, $updatedValues)) {
<span class="ln">428</span>                     continue;
<span class="ln">429</span>                 }
<span class="error"><span class="ln error-ln">430</span>                 $this-&gt;$key = $sodium-&gt;$action($attribute);
</span><span class="ln">431</span>             }
<span class="ln">432</span>         }
<span class="ln">433</span>     }
<span class="ln">434</span> 
<span class="ln">435</span>     /**
</pre></div>			</td>
		</tr>
						<tr class="trace app expanded">
			<td class="number">
				#2			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/models/LSActiveRecord.php(337): <strong>LSActiveRecord</strong>-&gt;<strong>decryptEncryptAttributes</strong>()				</div>

				<div class="code"><pre><span class="ln">332</span>             $sodium = Yii::app()-&gt;sodium;
<span class="ln">333</span> 
<span class="ln">334</span>             return $sodium-&gt;decrypt($value);
<span class="ln">335</span>         } else {
<span class="ln">336</span>             // decrypt attributes
<span class="error"><span class="ln error-ln">337</span>             $this-&gt;decryptEncryptAttributes('decrypt');
</span><span class="ln">338</span> 
<span class="ln">339</span>             return $this;
<span class="ln">340</span>         }
<span class="ln">341</span>     }
<span class="ln">342</span> 
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#3			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/helpers/expressions/em_manager_helper.php(3951): <strong>LSActiveRecord</strong>-&gt;<strong>decrypt</strong>()				</div>

				<div class="code"><pre><span class="ln">3946</span>             if ($token) {
<span class="ln">3947</span>                 $tokenEncryptionOptions = $survey-&gt;getTokenEncryptionOptions();
<span class="ln">3948</span>                 foreach ($token as $key =&gt; $val) {
<span class="ln">3949</span>                     // Decrypt encrypted token attributes
<span class="ln">3950</span>                     if (isset($tokenEncryptionOptions['columns'][$key]) &amp;&amp; $tokenEncryptionOptions['columns'][$key] === 'Y') {
<span class="error"><span class="ln error-ln">3951</span>                         $val = $token-&gt;decrypt($val);
</span><span class="ln">3952</span>                     }
<span class="ln">3953</span>                     $this-&gt;knownVars["TOKEN:" . strtoupper($key)] = [
<span class="ln">3954</span>                         'code'      =&gt; $anonymized ? '' : $val,
<span class="ln">3955</span>                         'jsName_on' =&gt; '',
<span class="ln">3956</span>                         'jsName'    =&gt; '',
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#4			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/helpers/expressions/em_manager_helper.php(6744): <strong>LimeExpressionManager</strong>-&gt;<strong>setVariableAndTokenMappingsForExpressionManager</strong>()				</div>

				<div class="code"><pre><span class="ln">6739</span>         $LEM-&gt;groupRelevanceInfo = [];
<span class="ln">6740</span>         if (!is_null($gseq)) {
<span class="ln">6741</span>             $LEM-&gt;currentGroupSeq = $gseq;
<span class="ln">6742</span> 
<span class="ln">6743</span>             if (!is_null($surveyid)) {
<span class="error"><span class="ln error-ln">6744</span>                 $LEM-&gt;setVariableAndTokenMappingsForExpressionManager($surveyid, $forceRefresh, $anonymized);
</span><span class="ln">6745</span>                 if ($gseq &gt; $LEM-&gt;maxGroupSeq) {
<span class="ln">6746</span>                     $LEM-&gt;maxGroupSeq = $gseq;
<span class="ln">6747</span>                 }
<span class="ln">6748</span> 
<span class="ln">6749</span>                 if (!$LEM-&gt;allOnOnePage || ($LEM-&gt;allOnOnePage &amp;&amp; !$LEM-&gt;processedRelevance)) {
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#5			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/helpers/frontend_helper.php(1886): <strong>LimeExpressionManager</strong>::<strong>StartProcessingGroup</strong>()				</div>

				<div class="code"><pre><span class="ln">1881</span>     global $token, $surveyid;
<span class="ln">1882</span> 
<span class="ln">1883</span>     $thissurvey                 = $aSurveyInfo;
<span class="ln">1884</span>     $thissurvey['aNavigator']   = getNavigatorDatas();
<span class="ln">1885</span>     LimeExpressionManager::StartProcessingPage();
<span class="error"><span class="ln error-ln">1886</span>     LimeExpressionManager::StartProcessingGroup(-1, false, $surveyid, true); // start on welcome page
</span><span class="ln">1887</span> 
<span class="ln">1888</span>     // WHY HERE ?????
<span class="ln">1889</span>     $_SESSION['survey_' . $surveyid]['LEMpostKey'] = mt_rand();
<span class="ln">1890</span> 
<span class="ln">1891</span>     $loadsecurity = returnGlobal('loadsecurity', true);
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#6			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/helpers/SurveyRuntimeHelper.php(1055): <strong>display_first_page</strong>()				</div>

				<div class="code"><pre><span class="ln">1050</span>             $this-&gt;aSurveyInfo['datasecurity_notice_label'] = Survey::replacePolicyLink($this-&gt;aSurveyInfo['datasecurity_notice_label'], $this-&gt;aSurveyInfo['sid']);
<span class="ln">1051</span>         }
<span class="ln">1052</span> 
<span class="ln">1053</span>         if ($bDisplayFirstPage) {
<span class="ln">1054</span>             $_SESSION[$this-&gt;LEMsessid]['test'] = time();
<span class="error"><span class="ln error-ln">1055</span>             display_first_page($this-&gt;thissurvey, $this-&gt;aSurveyInfo);
</span><span class="ln">1056</span>             Yii::app()-&gt;end(); // So we can still see debug messages
<span class="ln">1057</span>         }
<span class="ln">1058</span>     }
<span class="ln">1059</span> 
<span class="ln">1060</span>     private function checkForDataSecurityAccepted()
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#7			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/helpers/SurveyRuntimeHelper.php(209): <strong>SurveyRuntimeHelper</strong>-&gt;<strong>displayFirstPageIfNeeded</strong>()				</div>

				<div class="code"><pre><span class="ln">204</span>             $this-&gt;checkForDataSecurityAccepted(); // must be called after initMove to allow LEM to be initialized
<span class="ln">205</span>             if (EmCacheHelper::useCache()) {
<span class="ln">206</span>                 $this-&gt;aSurveyInfo['emcache'] = true;
<span class="ln">207</span>             }
<span class="ln">208</span>             $this-&gt;checkQuotas(); // check quotas (then the process will stop here)
<span class="error"><span class="ln error-ln">209</span>             $this-&gt;displayFirstPageIfNeeded();
</span><span class="ln">210</span>             $this-&gt;saveAllIfNeeded();
<span class="ln">211</span>             $this-&gt;saveSubmitIfNeeded();
<span class="ln">212</span>             // TODO: move somewhere else
<span class="ln">213</span>             $this-&gt;setNotAnsweredAndNotValidated();
<span class="ln">214</span>         } else {
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#8			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/controllers/survey/index.php(604): <strong>SurveyRuntimeHelper</strong>-&gt;<strong>run</strong>()				</div>

				<div class="code"><pre><span class="ln">599</span>         unset($redata);
<span class="ln">600</span>         $redata = compact(array_keys(get_defined_vars()));
<span class="ln">601</span>         Yii::import('application.helpers.SurveyRuntimeHelper');
<span class="ln">602</span>         $tmp = new SurveyRuntimeHelper();
<span class="ln">603</span>         // try {
<span class="error"><span class="ln error-ln">604</span>             $tmp-&gt;run($surveyid, $redata);
</span><span class="ln">605</span>         // } catch (WrongTemplateVersionException $ex) {
<span class="ln">606</span>         //     echo $ex-&gt;getMessage();
<span class="ln">607</span>         // }
<span class="ln">608</span>     }
<span class="ln">609</span> 
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#9			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/application/controllers/survey/index.php(26): <strong>index</strong>-&gt;<strong>action</strong>()				</div>

				<div class="code"><pre><span class="ln">21</span>     public $oTemplate;
<span class="ln">22</span> 
<span class="ln">23</span>     public function run()
<span class="ln">24</span>     {
<span class="ln">25</span>         useFirebug();
<span class="error"><span class="ln error-ln">26</span>         $this-&gt;action();
</span><span class="ln">27</span>     }
<span class="ln">28</span> 
<span class="ln">29</span>     public function action()
<span class="ln">30</span>     {
<span class="ln">31</span>         global $surveyid;
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#10			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/actions/CAction.php(76): <strong>index</strong>-&gt;<strong>run</strong>()				</div>

				<div class="code"><pre><span class="ln">71</span>     {
<span class="ln">72</span>         $method=new ReflectionMethod($this, 'run');
<span class="ln">73</span>         if($method-&gt;getNumberOfParameters()&gt;0)
<span class="ln">74</span>             return $this-&gt;runWithParamsInternal($this, $method, $params);
<span class="ln">75</span> 
<span class="error"><span class="ln error-ln">76</span>         $this-&gt;run();
</span><span class="ln">77</span>         return true;
<span class="ln">78</span>     }
<span class="ln">79</span> 
<span class="ln">80</span>     /**
<span class="ln">81</span>      * Executes a method of an object with the supplied named parameters.
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#11			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(308): <strong>CAction</strong>-&gt;<strong>runWithParams</strong>()				</div>

				<div class="code"><pre><span class="ln">303</span>     {
<span class="ln">304</span>         $priorAction=$this-&gt;_action;
<span class="ln">305</span>         $this-&gt;_action=$action;
<span class="ln">306</span>         if($this-&gt;beforeAction($action))
<span class="ln">307</span>         {
<span class="error"><span class="ln error-ln">308</span>             if($action-&gt;runWithParams($this-&gt;getActionParams())===false)
</span><span class="ln">309</span>                 $this-&gt;invalidActionParams($action);
<span class="ln">310</span>             else
<span class="ln">311</span>                 $this-&gt;afterAction($action);
<span class="ln">312</span>         }
<span class="ln">313</span>         $this-&gt;_action=$priorAction;
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#12			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(286): <strong>CController</strong>-&gt;<strong>runAction</strong>()				</div>

				<div class="code"><pre><span class="ln">281</span>      * @see runAction
<span class="ln">282</span>      */
<span class="ln">283</span>     public function runActionWithFilters($action,$filters)
<span class="ln">284</span>     {
<span class="ln">285</span>         if(empty($filters))
<span class="error"><span class="ln error-ln">286</span>             $this-&gt;runAction($action);
</span><span class="ln">287</span>         else
<span class="ln">288</span>         {
<span class="ln">289</span>             $priorAction=$this-&gt;_action;
<span class="ln">290</span>             $this-&gt;_action=$action;
<span class="ln">291</span>             CFilterChain::create($this,$action,$filters)-&gt;run();
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#13			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CController.php(265): <strong>CController</strong>-&gt;<strong>runActionWithFilters</strong>()				</div>

				<div class="code"><pre><span class="ln">260</span>         {
<span class="ln">261</span>             if(($parent=$this-&gt;getModule())===null)
<span class="ln">262</span>                 $parent=Yii::app();
<span class="ln">263</span>             if($parent-&gt;beforeControllerAction($this,$action))
<span class="ln">264</span>             {
<span class="error"><span class="ln error-ln">265</span>                 $this-&gt;runActionWithFilters($action,$this-&gt;filters());
</span><span class="ln">266</span>                 $parent-&gt;afterControllerAction($this,$action);
<span class="ln">267</span>             }
<span class="ln">268</span>         }
<span class="ln">269</span>         else
<span class="ln">270</span>             $this-&gt;missingAction($actionID);
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#14			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CWebApplication.php(282): <strong>CController</strong>-&gt;<strong>run</strong>()				</div>

				<div class="code"><pre><span class="ln">277</span>         {
<span class="ln">278</span>             list($controller,$actionID)=$ca;
<span class="ln">279</span>             $oldController=$this-&gt;_controller;
<span class="ln">280</span>             $this-&gt;_controller=$controller;
<span class="ln">281</span>             $controller-&gt;init();
<span class="error"><span class="ln error-ln">282</span>             $controller-&gt;run($actionID);
</span><span class="ln">283</span>             $this-&gt;_controller=$oldController;
<span class="ln">284</span>         }
<span class="ln">285</span>         else
<span class="ln">286</span>             throw new CHttpException(404,Yii::t('yii','Unable to resolve the request "{route}".',
<span class="ln">287</span>                 array('{route}'=&gt;$route===''?$this-&gt;defaultController:$route)));
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#15			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/web/CWebApplication.php(141): <strong>CWebApplication</strong>-&gt;<strong>runController</strong>()				</div>

				<div class="code"><pre><span class="ln">136</span>             foreach(array_splice($this-&gt;catchAllRequest,1) as $name=&gt;$value)
<span class="ln">137</span>                 $_GET[$name]=$value;
<span class="ln">138</span>         }
<span class="ln">139</span>         else
<span class="ln">140</span>             $route=$this-&gt;getUrlManager()-&gt;parseUrl($this-&gt;getRequest());
<span class="error"><span class="ln error-ln">141</span>         $this-&gt;runController($route);
</span><span class="ln">142</span>     }
<span class="ln">143</span> 
<span class="ln">144</span>     /**
<span class="ln">145</span>      * Registers the core application components.
<span class="ln">146</span>      * This method overrides the parent implementation by registering additional core components.
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#16			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/framework/base/CApplication.php(185): <strong>CWebApplication</strong>-&gt;<strong>processRequest</strong>()				</div>

				<div class="code"><pre><span class="ln">180</span>     public function run()
<span class="ln">181</span>     {
<span class="ln">182</span>         if($this-&gt;hasEventHandler('onBeginRequest'))
<span class="ln">183</span>             $this-&gt;onBeginRequest(new CEvent($this));
<span class="ln">184</span>         register_shutdown_function(array($this,'end'),0,false);
<span class="error"><span class="ln error-ln">185</span>         $this-&gt;processRequest();
</span><span class="ln">186</span>         if($this-&gt;hasEventHandler('onEndRequest'))
<span class="ln">187</span>             $this-&gt;onEndRequest(new CEvent($this));
<span class="ln">188</span>     }
<span class="ln">189</span> 
<span class="ln">190</span>     /**
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#17			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/mnt/data/shnoulle/nginx/www/master/index.php(182): <strong>CApplication</strong>-&gt;<strong>run</strong>()				</div>

				<div class="code"><pre><span class="ln">177</span> require_once APPPATH . 'core/LSYii_Application' . EXT;
<span class="ln">178</span> 
<span class="ln">179</span> $config = require_once(APPPATH . 'config/internal' . EXT);
<span class="ln">180</span> 
<span class="ln">181</span> Yii::$enableIncludePath = false;
<span class="error"><span class="ln error-ln">182</span> Yii::createApplication('LSYii_Application', $config)-&gt;run();
</span><span class="ln">183</span> 
<span class="ln">184</span> /* End of file index.php */
<span class="ln">185</span> /* Location: ./index.php */
</pre></div>			</td>
		</tr>
				</tbody></table>
	</div>

	<div class="version">
		2021-06-05 08:56:41 nginx/1.20.0 <a href="http://www.yiiframework.com/">Yii Framework</a>/1.1.24-dev	</div>
</div>

<script type="text/javascript">
/*<![CDATA[*/
var traceReg = new RegExp("(^|\\s)trace-file(\\s|$)");
var collapsedReg = new RegExp("(^|\\s)collapsed(\\s|$)");

var e = document.getElementsByTagName("div");
for(var j=0,len=e.length;j<len;j++){
	if(traceReg.test(e[j].className)){
		e[j].onclick = function(){
			var trace = this.parentNode.parentNode;
			if(collapsedReg.test(trace.className))
				trace.className = trace.className.replace("collapsed", "expanded");
			else
				trace.className = trace.className.replace("expanded", "collapsed");
		}
	}
}
/*]]>*/
</script>



<div id="grammalecte_menu_main_button_shadow_host" style="width: 0px; height: 0px;"></div></body><script src="SodiumException_fichiers/api.js"></script></html>
SodiumException.html (27,446 bytes)   
ollehar

ollehar

2021-06-05 11:07

administrator   ~64752

Denis, you have the PHP sodium extension installed?
ollehar

ollehar

2021-06-05 11:29

administrator   ~64753

Can reproduce (also without the sodium extension, if that matters).
ollehar

ollehar

2021-06-05 11:33

administrator   ~64754

What do you think about this fix, Denis?

em_manager_helper.php: line 3950
                    if (isset($tokenEncryptionOptions['columns'][$key]) && $tokenEncryptionOptions['columns'][$key] === 'Y') {
                        if (!empty($val)) {
                            $val = $token->decrypt($val);
                        }
                    }

Don't decrypt $val if it's empty? Safe?
DenisChenu

DenisChenu

2021-06-05 12:00

developer   ~64755

@ollehar : https://github.com/LimeSurvey/LimeSurvey/blob/1a013ec45e0336650560d078a3038b05c7bb4135/application/core/LSSodium.php#L117

        if ($this->bLibraryExists !== true) {
            return $sEncryptedString;
        }
        if (empty($sEncryptedString)) {
            return $sEncryptedString;
        }

        $plaintext = ParagonIE_Sodium_Compat::crypto_sign_open(base64_decode($sEncryptedString), $this->sEncryptionPublicKey);
        if ($plaintext === false) {
            throw new SodiumException(sprintf(gT("Wrong decryption key! Decryption key has changed since this data were last saved, so data can't be decrypted. Please consult our manual at %s.", 'unescaped'), 'https://manual.limesurvey.org/Data_encryption#Errors'));
        } else {
            return $plaintext;
        }

Because : if (!empty($sEncryptedString) && $sEncryptedString != 'null') { is broken .
DenisChenu

DenisChenu

2021-06-05 12:02

developer   ~64756

I mean : if you fix for token : you didn't fix for any empty ( "" ) date.


Maybe :
        if (is_null($sEncryptedString) or $sEncryptedString === "") {
            return $sEncryptedString;
        }

For 0 and "0"
pathros

pathros

2021-06-05 18:23

reporter   ~64757

@DenisChenu

Thanks a lot!

When filling both firstname or lastname, everything works perfectly.

Here's the possible contact with ParagonIE:
https://github.com/paragonie/sodium_compat/issues/127#issuecomment-854914258
ollehar

ollehar

2021-06-05 23:28

administrator   ~64758

Date can't be empty if it's datetime column type?
ollehar

ollehar

2021-06-05 23:29

administrator   ~64759

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=31977
ollehar

ollehar

2021-06-05 23:32

administrator   ~64760

Pushing a fix, guess it needs some testing.
DenisChenu

DenisChenu

2021-06-07 08:44

developer   ~64761

> Date can't be empty if it's datetime column type?

No : only null currently. MySQL accept 0000-00-00 00:00:00 but not MSSQL, unsure for PG
ollehar

ollehar

2021-06-07 10:18

administrator   ~64762

Hm. Hmmmmm.

Related Changesets

LimeSurvey: master 350b5c27

2021-06-05 23:29:28

ollehar

Details Diff
Fixed issue 17353: Argument 1 must be at least CRYPTO_SIGN_BYTES long Affected Issues
17353
mod - application/helpers/expressions/em_manager_helper.php Diff File

Issue History

Date Modified Username Field Change
2021-06-04 21:06 pathros New Issue
2021-06-04 21:06 pathros File Added: limesurvey_survey_624727.lss
2021-06-04 21:08 ollehar Note Added: 64748
2021-06-05 10:14 DenisChenu Note Added: 64749
2021-06-05 10:26 ollehar Note Added: 64750
2021-06-05 11:01 DenisChenu Note Added: 64751
2021-06-05 11:01 DenisChenu File Added: SodiumException.html
2021-06-05 11:01 DenisChenu File Added: survey_archive_925499.lsa
2021-06-05 11:02 DenisChenu Status new => confirmed
2021-06-05 11:07 ollehar Note Added: 64752
2021-06-05 11:18 ollehar Priority none => immediate
2021-06-05 11:29 ollehar Note Added: 64753
2021-06-05 11:33 ollehar Note Added: 64754
2021-06-05 12:00 DenisChenu Note Added: 64755
2021-06-05 12:02 DenisChenu Note Added: 64756
2021-06-05 18:23 pathros Note Added: 64757
2021-06-05 19:55 pathros Tag Attached: add_participants
2021-06-05 19:55 pathros Tag Attached: bug
2021-06-05 23:28 ollehar Note Added: 64758
2021-06-05 23:29 ollehar Changeset attached => LimeSurvey master 350b5c27
2021-06-05 23:29 ollehar Note Added: 64759
2021-06-05 23:29 ollehar Assigned To => ollehar
2021-06-05 23:29 ollehar Resolution open => fixed
2021-06-05 23:32 ollehar Status confirmed => testing
2021-06-05 23:32 ollehar Note Added: 64760
2021-06-07 08:44 DenisChenu Note Added: 64761
2021-06-07 10:18 ollehar Note Added: 64762
2021-06-07 12:38 ollehar Status testing => resolved