View Issue Details

This bug affects 1 person(s).
 4
IDProjectCategoryView StatusLast Update
17405Bug reportsOtherpublic2021-10-22 09:24
ReporterDenisChenu Assigned To 
PrioritynoneSeverityminor 
Status confirmedResolutionopen 
Product Version5.x 
Summary17405: Survey data policiy : no server control
DescriptionThere are no real server control in data policy system
Steps To ReproduceImport included template
Import include survey
Launch + next : IP is saved.
Additional Information1. This broke
- Data policy in all in one page
- Data policy without welcome page
- Maybe some other ?

2. No information are shown to admin user on this limitation

3. I'm unsure if we don't need to save when data policy is accepted on some GDPR restriction ?
TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)5.0.6 (and before)
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Relationships

related to 17363 closedDenisChenu Survey data policy error message not displayed 

Users monitoring this issue

User List There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2021-06-26 19:27

developer  

vanilla_policybroken.zip (119,219 bytes)
limesurvey_survey_policynoservercheck.lss (16,513 bytes)   
<?xml version="1.0" encoding="UTF-8"?>
<document>
 <LimeSurveyDocType>Survey</LimeSurveyDocType>
 <DBVersion>449</DBVersion>
 <languages>
  <language>en</language>
 </languages>
 <groups>
  <fields>
   <fieldname>gid</fieldname>
   <fieldname>sid</fieldname>
   <fieldname>group_order</fieldname>
   <fieldname>randomization_group</fieldname>
   <fieldname>grelevance</fieldname>
  </fields>
  <rows>
   <row>
    <gid><![CDATA[17]]></gid>
    <sid><![CDATA[613867]]></sid>
    <group_order><![CDATA[1]]></group_order>
    <randomization_group/>
    <grelevance><![CDATA[1]]></grelevance>
   </row>
  </rows>
 </groups>
 <group_l10ns>
  <fields>
   <fieldname>id</fieldname>
   <fieldname>gid</fieldname>
   <fieldname>group_name</fieldname>
   <fieldname>description</fieldname>
   <fieldname>language</fieldname>
   <fieldname>sid</fieldname>
   <fieldname>group_order</fieldname>
   <fieldname>randomization_group</fieldname>
   <fieldname>grelevance</fieldname>
  </fields>
  <rows>
   <row>
    <id><![CDATA[37]]></id>
    <gid><![CDATA[17]]></gid>
    <group_name><![CDATA[My first question group]]></group_name>
    <language><![CDATA[en]]></language>
    <sid><![CDATA[613867]]></sid>
    <group_order><![CDATA[1]]></group_order>
    <randomization_group/>
    <grelevance><![CDATA[1]]></grelevance>
   </row>
  </rows>
 </group_l10ns>
 <questions>
  <fields>
   <fieldname>qid</fieldname>
   <fieldname>parent_qid</fieldname>
   <fieldname>sid</fieldname>
   <fieldname>gid</fieldname>
   <fieldname>type</fieldname>
   <fieldname>title</fieldname>
   <fieldname>preg</fieldname>
   <fieldname>other</fieldname>
   <fieldname>mandatory</fieldname>
   <fieldname>encrypted</fieldname>
   <fieldname>question_order</fieldname>
   <fieldname>scale_id</fieldname>
   <fieldname>same_default</fieldname>
   <fieldname>relevance</fieldname>
   <fieldname>modulename</fieldname>
  </fields>
  <rows>
   <row>
    <qid><![CDATA[438]]></qid>
    <parent_qid><![CDATA[0]]></parent_qid>
    <sid><![CDATA[613867]]></sid>
    <gid><![CDATA[17]]></gid>
    <type><![CDATA[T]]></type>
    <title><![CDATA[Q00]]></title>
    <other><![CDATA[N]]></other>
    <mandatory><![CDATA[N]]></mandatory>
    <encrypted><![CDATA[N]]></encrypted>
    <question_order><![CDATA[1]]></question_order>
    <scale_id><![CDATA[0]]></scale_id>
    <same_default><![CDATA[0]]></same_default>
    <relevance><![CDATA[1]]></relevance>
   </row>
  </rows>
 </questions>
 <question_l10ns>
  <fields>
   <fieldname>id</fieldname>
   <fieldname>qid</fieldname>
   <fieldname>question</fieldname>
   <fieldname>help</fieldname>
   <fieldname>script</fieldname>
   <fieldname>language</fieldname>
  </fields>
  <rows>
   <row>
    <id><![CDATA[984]]></id>
    <qid><![CDATA[438]]></qid>
    <question><![CDATA[A first example question. Please answer this question:]]></question>
    <help><![CDATA[This is a question help text.]]></help>
    <language><![CDATA[en]]></language>
   </row>
  </rows>
 </question_l10ns>
 <surveys>
  <fields>
   <fieldname>sid</fieldname>
   <fieldname>gsid</fieldname>
   <fieldname>admin</fieldname>
   <fieldname>expires</fieldname>
   <fieldname>startdate</fieldname>
   <fieldname>adminemail</fieldname>
   <fieldname>anonymized</fieldname>
   <fieldname>faxto</fieldname>
   <fieldname>format</fieldname>
   <fieldname>savetimings</fieldname>
   <fieldname>template</fieldname>
   <fieldname>language</fieldname>
   <fieldname>additional_languages</fieldname>
   <fieldname>datestamp</fieldname>
   <fieldname>usecookie</fieldname>
   <fieldname>allowregister</fieldname>
   <fieldname>allowsave</fieldname>
   <fieldname>autonumber_start</fieldname>
   <fieldname>autoredirect</fieldname>
   <fieldname>allowprev</fieldname>
   <fieldname>printanswers</fieldname>
   <fieldname>ipaddr</fieldname>
   <fieldname>ipanonymize</fieldname>
   <fieldname>refurl</fieldname>
   <fieldname>showsurveypolicynotice</fieldname>
   <fieldname>publicstatistics</fieldname>
   <fieldname>publicgraphs</fieldname>
   <fieldname>listpublic</fieldname>
   <fieldname>htmlemail</fieldname>
   <fieldname>sendconfirmation</fieldname>
   <fieldname>tokenanswerspersistence</fieldname>
   <fieldname>assessments</fieldname>
   <fieldname>usecaptcha</fieldname>
   <fieldname>usetokens</fieldname>
   <fieldname>bounce_email</fieldname>
   <fieldname>attributedescriptions</fieldname>
   <fieldname>emailresponseto</fieldname>
   <fieldname>emailnotificationto</fieldname>
   <fieldname>tokenlength</fieldname>
   <fieldname>showxquestions</fieldname>
   <fieldname>showgroupinfo</fieldname>
   <fieldname>shownoanswer</fieldname>
   <fieldname>showqnumcode</fieldname>
   <fieldname>bouncetime</fieldname>
   <fieldname>bounceprocessing</fieldname>
   <fieldname>bounceaccounttype</fieldname>
   <fieldname>bounceaccounthost</fieldname>
   <fieldname>bounceaccountpass</fieldname>
   <fieldname>bounceaccountencryption</fieldname>
   <fieldname>bounceaccountuser</fieldname>
   <fieldname>showwelcome</fieldname>
   <fieldname>showprogress</fieldname>
   <fieldname>questionindex</fieldname>
   <fieldname>navigationdelay</fieldname>
   <fieldname>nokeyboard</fieldname>
   <fieldname>alloweditaftercompletion</fieldname>
   <fieldname>googleanalyticsstyle</fieldname>
   <fieldname>googleanalyticsapikey</fieldname>
   <fieldname>tokenencryptionoptions</fieldname>
  </fields>
  <rows>
   <row>
    <sid><![CDATA[613867]]></sid>
    <gsid><![CDATA[1]]></gsid>
    <admin><![CDATA[inherit]]></admin>
    <adminemail><![CDATA[inherit]]></adminemail>
    <anonymized><![CDATA[N]]></anonymized>
    <faxto/>
    <format><![CDATA[G]]></format>
    <savetimings><![CDATA[N]]></savetimings>
    <template><![CDATA[vanilla_policybroken]]></template>
    <language><![CDATA[en]]></language>
    <additional_languages/>
    <datestamp><![CDATA[Y]]></datestamp>
    <usecookie><![CDATA[I]]></usecookie>
    <allowregister><![CDATA[I]]></allowregister>
    <allowsave><![CDATA[I]]></allowsave>
    <autonumber_start><![CDATA[2]]></autonumber_start>
    <autoredirect><![CDATA[I]]></autoredirect>
    <allowprev><![CDATA[I]]></allowprev>
    <printanswers><![CDATA[I]]></printanswers>
    <ipaddr><![CDATA[Y]]></ipaddr>
    <ipanonymize><![CDATA[Y]]></ipanonymize>
    <refurl><![CDATA[Y]]></refurl>
    <showsurveypolicynotice><![CDATA[1]]></showsurveypolicynotice>
    <publicstatistics><![CDATA[I]]></publicstatistics>
    <publicgraphs><![CDATA[I]]></publicgraphs>
    <listpublic><![CDATA[I]]></listpublic>
    <htmlemail><![CDATA[I]]></htmlemail>
    <sendconfirmation><![CDATA[I]]></sendconfirmation>
    <tokenanswerspersistence><![CDATA[I]]></tokenanswerspersistence>
    <assessments><![CDATA[I]]></assessments>
    <usecaptcha><![CDATA[E]]></usecaptcha>
    <usetokens><![CDATA[N]]></usetokens>
    <bounce_email><![CDATA[inherit]]></bounce_email>
    <emailresponseto><![CDATA[inherit]]></emailresponseto>
    <emailnotificationto><![CDATA[inherit]]></emailnotificationto>
    <tokenlength><![CDATA[-1]]></tokenlength>
    <showxquestions><![CDATA[I]]></showxquestions>
    <showgroupinfo><![CDATA[I]]></showgroupinfo>
    <shownoanswer><![CDATA[I]]></shownoanswer>
    <showqnumcode><![CDATA[I]]></showqnumcode>
    <bounceprocessing><![CDATA[N]]></bounceprocessing>
    <showwelcome><![CDATA[I]]></showwelcome>
    <showprogress><![CDATA[I]]></showprogress>
    <questionindex><![CDATA[-1]]></questionindex>
    <navigationdelay><![CDATA[-1]]></navigationdelay>
    <nokeyboard><![CDATA[I]]></nokeyboard>
    <alloweditaftercompletion><![CDATA[I]]></alloweditaftercompletion>
    <googleanalyticsstyle><![CDATA[0]]></googleanalyticsstyle>
    <googleanalyticsapikey/>
    <tokenencryptionoptions><![CDATA[{ "enabled":"Y","columns":{ "firstname":"N","lastname":"N","email":"N" } }]]></tokenencryptionoptions>
   </row>
  </rows>
 </surveys>
 <surveys_languagesettings>
  <fields>
   <fieldname>surveyls_survey_id</fieldname>
   <fieldname>surveyls_language</fieldname>
   <fieldname>surveyls_title</fieldname>
   <fieldname>surveyls_description</fieldname>
   <fieldname>surveyls_welcometext</fieldname>
   <fieldname>surveyls_endtext</fieldname>
   <fieldname>surveyls_policy_notice</fieldname>
   <fieldname>surveyls_policy_error</fieldname>
   <fieldname>surveyls_policy_notice_label</fieldname>
   <fieldname>surveyls_url</fieldname>
   <fieldname>surveyls_urldescription</fieldname>
   <fieldname>surveyls_email_invite_subj</fieldname>
   <fieldname>surveyls_email_invite</fieldname>
   <fieldname>surveyls_email_remind_subj</fieldname>
   <fieldname>surveyls_email_remind</fieldname>
   <fieldname>surveyls_email_register_subj</fieldname>
   <fieldname>surveyls_email_register</fieldname>
   <fieldname>surveyls_email_confirm_subj</fieldname>
   <fieldname>surveyls_email_confirm</fieldname>
   <fieldname>surveyls_dateformat</fieldname>
   <fieldname>surveyls_attributecaptions</fieldname>
   <fieldname>email_admin_notification_subj</fieldname>
   <fieldname>email_admin_notification</fieldname>
   <fieldname>email_admin_responses_subj</fieldname>
   <fieldname>email_admin_responses</fieldname>
   <fieldname>surveyls_numberformat</fieldname>
   <fieldname>attachments</fieldname>
  </fields>
  <rows>
   <row>
    <surveyls_survey_id><![CDATA[613867]]></surveyls_survey_id>
    <surveyls_language><![CDATA[en]]></surveyls_language>
    <surveyls_title><![CDATA[Policy not checked]]></surveyls_title>
    <surveyls_description/>
    <surveyls_welcometext/>
    <surveyls_endtext/>
    <surveyls_policy_notice><![CDATA[<p>Message of data policy</p>

<p>2nd line</p>
]]></surveyls_policy_notice>
    <surveyls_policy_error><![CDATA[<p>Error on data policy</p>

<p>2nd line</p>
]]></surveyls_policy_error>
    <surveyls_policy_notice_label><![CDATA[Data policy checkbox label]]></surveyls_policy_notice_label>
    <surveyls_url/>
    <surveyls_urldescription/>
    <surveyls_email_invite_subj><![CDATA[Invitation to participate in a survey]]></surveyls_email_invite_subj>
    <surveyls_email_invite><![CDATA[Dear {FIRSTNAME},

you have been invited to participate in a survey.

The survey is titled:
"{SURVEYNAME}"

"{SURVEYDESCRIPTION}"

To participate, please click on the link below.

Sincerely,

{ADMINNAME} ({ADMINEMAIL})

----------------------------------------------
Click here to do the survey:
{SURVEYURL}

If you do not want to participate in this survey and don't want to receive any more invitations please click the following link:
{OPTOUTURL}

If you are blacklisted but want to participate in this survey and want to receive invitations please click the following link:
{OPTINURL}]]></surveyls_email_invite>
    <surveyls_email_remind_subj><![CDATA[Reminder to participate in a survey]]></surveyls_email_remind_subj>
    <surveyls_email_remind><![CDATA[Dear {FIRSTNAME},

Recently we invited you to participate in a survey.

We note that you have not yet completed the survey, and wish to remind you that the survey is still available should you wish to take part.

The survey is titled:
"{SURVEYNAME}"

"{SURVEYDESCRIPTION}"

To participate, please click on the link below.

Sincerely,

{ADMINNAME} ({ADMINEMAIL})

----------------------------------------------
Click here to do the survey:
{SURVEYURL}

If you do not want to participate in this survey and don't want to receive any more invitations please click the following link:
{OPTOUTURL}]]></surveyls_email_remind>
    <surveyls_email_register_subj><![CDATA[Survey registration confirmation]]></surveyls_email_register_subj>
    <surveyls_email_register><![CDATA[Dear {FIRSTNAME},

You, or someone using your email address, have registered to participate in an online survey titled {SURVEYNAME}.

To complete this survey, click on the following URL:

{SURVEYURL}

If you have any questions about this survey, or if you did not register to participate and believe this email is in error, please contact {ADMINNAME} at {ADMINEMAIL}.]]></surveyls_email_register>
    <surveyls_email_confirm_subj><![CDATA[Confirmation of your participation in our survey]]></surveyls_email_confirm_subj>
    <surveyls_email_confirm><![CDATA[Dear {FIRSTNAME},

this email is to confirm that you have completed the survey titled {SURVEYNAME} and your response has been saved. Thank you for participating.

If you have any further questions about this email, please contact {ADMINNAME} on {ADMINEMAIL}.

Sincerely,

{ADMINNAME}]]></surveyls_email_confirm>
    <surveyls_dateformat><![CDATA[9]]></surveyls_dateformat>
    <email_admin_notification_subj><![CDATA[Response submission for survey {SURVEYNAME}]]></email_admin_notification_subj>
    <email_admin_notification><![CDATA[Hello,

A new response was submitted for your survey '{SURVEYNAME}'.

Click the following link to see the individual response:
{VIEWRESPONSEURL}

Click the following link to edit the individual response:
{EDITRESPONSEURL}

View statistics by clicking here:
{STATISTICSURL}]]></email_admin_notification>
    <email_admin_responses_subj><![CDATA[Response submission for survey {SURVEYNAME} with results]]></email_admin_responses_subj>
    <email_admin_responses><![CDATA[Hello,

A new response was submitted for your survey '{SURVEYNAME}'.

Click the following link to see the individual response:
{VIEWRESPONSEURL}

Click the following link to edit the individual response:
{EDITRESPONSEURL}

View statistics by clicking here:
{STATISTICSURL}


The following answers were given by the participant:
{ANSWERTABLE}]]></email_admin_responses>
    <surveyls_numberformat><![CDATA[0]]></surveyls_numberformat>
   </row>
  </rows>
 </surveys_languagesettings>
 <themes>
  <theme>
   <sid>613867</sid>
   <template_name>skelvanilla</template_name>
   <config>
    <options>inherit</options>
   </config>
  </theme>
  <theme>
   <sid>613867</sid>
   <template_name>vanilla</template_name>
   <config>
    <options>inherit</options>
   </config>
  </theme>
  <theme>
   <sid>613867</sid>
   <template_name>vanilla_fixpolicy</template_name>
   <config>
    <options>inherit</options>
   </config>
  </theme>
  <theme>
   <sid>613867</sid>
   <template_name>vanilla_policybroken</template_name>
   <config>
    <options>inherit</options>
   </config>
  </theme>
 </themes>
 <themes_inherited>
  <theme>
   <sid>613867</sid>
   <template_name>skelvanilla</template_name>
   <config>
    <options>
     <animatebody>off</animatebody>
     <hideprivacyinfo>off</hideprivacyinfo>
     <container>on</container>
     <showpopups>1</showpopups>
     <showclearall>off</showclearall>
     <questionhelptextposition>top</questionhelptextposition>
     <fixnumauto>off</fixnumauto>
     <brandlogo>on</brandlogo>
     <brandlogofile>themes/survey/vanilla/files/logo.png</brandlogofile>
     <font>noto
            
       </font>
    </options>
   </config>
  </theme>
  <theme>
   <sid>613867</sid>
   <template_name>vanilla</template_name>
   <config>
    <options>
     <animatebody>off</animatebody>
     <hideprivacyinfo>off</hideprivacyinfo>
     <container>on</container>
     <showpopups>1</showpopups>
     <showclearall>off</showclearall>
     <questionhelptextposition>top</questionhelptextposition>
     <fixnumauto>off</fixnumauto>
     <brandlogo>on</brandlogo>
     <brandlogofile>themes/survey/vanilla/files/logo.png</brandlogofile>
     <font>noto
            
       </font>
    </options>
   </config>
  </theme>
  <theme>
   <sid>613867</sid>
   <template_name>vanilla_fixpolicy</template_name>
   <config>
    <options>
     <animatebody>off</animatebody>
     <hideprivacyinfo>off</hideprivacyinfo>
     <container>on</container>
     <showpopups>1</showpopups>
     <showclearall>off</showclearall>
     <questionhelptextposition>top</questionhelptextposition>
     <fixnumauto>off</fixnumauto>
     <brandlogo>on</brandlogo>
     <brandlogofile>themes/survey/vanilla/files/logo.png</brandlogofile>
     <font>noto
            
       </font>
    </options>
   </config>
  </theme>
  <theme>
   <sid>613867</sid>
   <template_name>vanilla_policybroken</template_name>
   <config>
    <options>
     <animatebody>off</animatebody>
     <hideprivacyinfo>off</hideprivacyinfo>
     <container>on</container>
     <showpopups>1</showpopups>
     <showclearall>off</showclearall>
     <questionhelptextposition>top</questionhelptextposition>
     <fixnumauto>off</fixnumauto>
     <brandlogo>on</brandlogo>
     <brandlogofile>themes/survey/vanilla/files/logo.png</brandlogofile>
     <font>noto
            
       </font>
    </options>
   </config>
  </theme>
 </themes_inherited>
</document>
DenisChenu

DenisChenu

2021-09-03 12:34

developer   ~66310

PS : easy and needed part : «2. No information are shown to admin user on this limitation»
c_schmitz

c_schmitz

2021-10-22 09:18

administrator   ~66896

Why would the policy have influence on how/if an IP address is saved?
DenisChenu

DenisChenu

2021-10-22 09:24

developer   ~66897

IP is part of GDPR restricted data under condition.
Since some user can use it for law … must be strict :
- https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN
- https://iapp.org/news/a/are-ip-addresses-personal-information-under-ccpa/
- https://www.whitecase.com/publications/alert/court-confirms-ip-addresses-are-personal-data-some-cases


Since you ask for GDPR consent in LimeSurvey : you can not really save IP address. Ypou can log it on webserver log file because law ask you to keep it, but not really in LimeSurvey :)

But still think starting point must be «2. No information are shown to admin user on this limitation» : data policy really work on welcome page only : no welcome page => no real data policy consent. Admin information is the key here.

Issue History

Date Modified Username Field Change
2021-06-26 19:27 DenisChenu New Issue
2021-06-26 19:27 DenisChenu File Added: vanilla_policybroken.zip
2021-06-26 19:27 DenisChenu File Added: limesurvey_survey_policynoservercheck.lss
2021-06-26 19:29 DenisChenu Relationship added related to 17363
2021-06-28 09:55 galads Assigned To => galads
2021-06-28 09:55 galads Status new => testing
2021-06-28 13:51 ollehar Product Version => 5.x
2021-07-06 13:15 galads Assigned To galads =>
2021-07-06 13:15 galads Status testing => confirmed
2021-07-06 13:15 galads Sync to Zoho Project => |Yes|
2021-09-03 12:34 DenisChenu Note Added: 66310
2021-09-03 12:34 DenisChenu Bug heat 0 => 2
2021-10-22 09:18 c_schmitz Note Added: 66896
2021-10-22 09:18 c_schmitz Bug heat 2 => 4
2021-10-22 09:24 DenisChenu Note Added: 66897