17451: Upload File link after session expire leads to a message unclear to users

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

17451	Bug reports	Survey taking	public	2021-07-16 01:26	2021-09-21 09:45

Reporter	duvemyster	Assigned To	galads
Priority	none	Severity	minor
Status	closed	Resolution	reopened
Product Version	3.25.20
Fixed in Version	3.25.20

Summary	17451: Upload File link after session expire leads to a message unclear to users
Description	"The request could not be understood by the server due to malformed syntax. Please do not repeat the request without modifications." (Or whatever 400 server error message is set to be served.)
Steps To Reproduce	Check session lifetime max (e.g., session.gc_maxlifetime) or set it short on a dev server. Open a survey to a group with a file-upload questions as a respondent, and leave the browser tab inactive longer than the session max. No click on "Upload files" The error message will be displayed in the file-upload windows. (In Edge you will initially see white, but scrolling down in the window will get to the message. The attached screenshot was from a different browser.)
Additional Information	See https://bugs.limesurvey.org/view.php?id=14957 Suggestion: Notify a user with a message when their session has expired.
Tags	No tags attached.
Attached Files	image.png (74,007 bytes) image.png (74,007 bytes) limesurvey_survey_289473.lss (12,957 bytes) <?xml version="1.0" encoding="UTF-8"?> <document> <LimeSurveyDocType>Survey</LimeSurveyDocType> <DBVersion>365</DBVersion> <languages> <language>en</language> </languages> <groups> <fields> <fieldname>gid</fieldname> <fieldname>sid</fieldname> <fieldname>group_name</fieldname> <fieldname>group_order</fieldname> <fieldname>description</fieldname> <fieldname>language</fieldname> <fieldname>randomization_group</fieldname> <fieldname>grelevance</fieldname> </fields> <rows> <row> <gid><![CDATA[166]]></gid> <sid><![CDATA[289473]]></sid> <group_name><![CDATA[File Upload]]></group_name> <group_order><![CDATA[0]]></group_order> <description/> <language><![CDATA[en]]></language> <randomization_group/> <grelevance/> </row> </rows> </groups> <questions> <fields> <fieldname>qid</fieldname> <fieldname>parent_qid</fieldname> <fieldname>sid</fieldname> <fieldname>gid</fieldname> <fieldname>type</fieldname> <fieldname>title</fieldname> <fieldname>question</fieldname> <fieldname>preg</fieldname> <fieldname>help</fieldname> <fieldname>other</fieldname> <fieldname>mandatory</fieldname> <fieldname>question_order</fieldname> <fieldname>language</fieldname> <fieldname>scale_id</fieldname> <fieldname>same_default</fieldname> <fieldname>relevance</fieldname> <fieldname>modulename</fieldname> </fields> <rows> <row> <qid><![CDATA[4072]]></qid> <parent_qid><![CDATA[0]]></parent_qid> <sid><![CDATA[289473]]></sid> <gid><![CDATA[166]]></gid> <type><![CDATA[\|]]></type> <title><![CDATA[A1]]></title> <question/> <preg/> <help/> <other><![CDATA[N]]></other> <mandatory><![CDATA[N]]></mandatory> <question_order><![CDATA[1]]></question_order> <language><![CDATA[en]]></language> <scale_id><![CDATA[0]]></scale_id> <same_default><![CDATA[0]]></same_default> <relevance><![CDATA[1]]></relevance> </row> </rows> </questions> <surveys> <fields> <fieldname>sid</fieldname> <fieldname>admin</fieldname> <fieldname>expires</fieldname> <fieldname>startdate</fieldname> <fieldname>adminemail</fieldname> <fieldname>anonymized</fieldname> <fieldname>faxto</fieldname> <fieldname>format</fieldname> <fieldname>savetimings</fieldname> <fieldname>template</fieldname> <fieldname>language</fieldname> <fieldname>additional_languages</fieldname> <fieldname>datestamp</fieldname> <fieldname>usecookie</fieldname> <fieldname>allowregister</fieldname> <fieldname>allowsave</fieldname> <fieldname>autonumber_start</fieldname> <fieldname>autoredirect</fieldname> <fieldname>allowprev</fieldname> <fieldname>printanswers</fieldname> <fieldname>ipaddr</fieldname> <fieldname>refurl</fieldname> <fieldname>publicstatistics</fieldname> <fieldname>publicgraphs</fieldname> <fieldname>listpublic</fieldname> <fieldname>htmlemail</fieldname> <fieldname>sendconfirmation</fieldname> <fieldname>tokenanswerspersistence</fieldname> <fieldname>assessments</fieldname> <fieldname>usecaptcha</fieldname> <fieldname>usetokens</fieldname> <fieldname>bounce_email</fieldname> <fieldname>attributedescriptions</fieldname> <fieldname>emailresponseto</fieldname> <fieldname>emailnotificationto</fieldname> <fieldname>tokenlength</fieldname> <fieldname>showxquestions</fieldname> <fieldname>showgroupinfo</fieldname> <fieldname>shownoanswer</fieldname> <fieldname>showqnumcode</fieldname> <fieldname>bouncetime</fieldname> <fieldname>bounceprocessing</fieldname> <fieldname>bounceaccounttype</fieldname> <fieldname>bounceaccounthost</fieldname> <fieldname>bounceaccountpass</fieldname> <fieldname>bounceaccountencryption</fieldname> <fieldname>bounceaccountuser</fieldname> <fieldname>showwelcome</fieldname> <fieldname>showprogress</fieldname> <fieldname>questionindex</fieldname> <fieldname>navigationdelay</fieldname> <fieldname>nokeyboard</fieldname> <fieldname>alloweditaftercompletion</fieldname> <fieldname>googleanalyticsstyle</fieldname> <fieldname>googleanalyticsapikey</fieldname> <fieldname>gsid</fieldname> <fieldname>showsurveypolicynotice</fieldname> </fields> <rows> <row> <sid><![CDATA[289473]]></sid> <admin><![CDATA[yada yada]]></admin> <adminemail><![CDATA[yada@yada.com]]></adminemail> <anonymized><![CDATA[N]]></anonymized> <faxto/> <format><![CDATA[G]]></format> <savetimings><![CDATA[N]]></savetimings> <template><![CDATA[YO_Redirect]]></template> <language><![CDATA[en]]></language> <additional_languages/> <datestamp><![CDATA[N]]></datestamp> <usecookie><![CDATA[N]]></usecookie> <allowregister><![CDATA[N]]></allowregister> <allowsave><![CDATA[Y]]></allowsave> <autonumber_start><![CDATA[0]]></autonumber_start> <autoredirect><![CDATA[N]]></autoredirect> <allowprev><![CDATA[N]]></allowprev> <printanswers><![CDATA[N]]></printanswers> <ipaddr><![CDATA[N]]></ipaddr> <refurl><![CDATA[N]]></refurl> <publicstatistics><![CDATA[N]]></publicstatistics> <publicgraphs><![CDATA[N]]></publicgraphs> <listpublic><![CDATA[N]]></listpublic> <htmlemail><![CDATA[Y]]></htmlemail> <sendconfirmation><![CDATA[Y]]></sendconfirmation> <tokenanswerspersistence><![CDATA[N]]></tokenanswerspersistence> <assessments><![CDATA[N]]></assessments> <usecaptcha><![CDATA[N]]></usecaptcha> <usetokens><![CDATA[N]]></usetokens> <bounce_email><![CDATA[yada@yada.com]]></bounce_email> <emailresponseto/> <emailnotificationto/> <tokenlength><![CDATA[15]]></tokenlength> <showxquestions><![CDATA[N]]></showxquestions> <showgroupinfo><![CDATA[B]]></showgroupinfo> <shownoanswer><![CDATA[N]]></shownoanswer> <showqnumcode><![CDATA[X]]></showqnumcode> <bounceprocessing><![CDATA[N]]></bounceprocessing> <showwelcome><![CDATA[N]]></showwelcome> <showprogress><![CDATA[N]]></showprogress> <questionindex><![CDATA[0]]></questionindex> <navigationdelay><![CDATA[0]]></navigationdelay> <nokeyboard><![CDATA[N]]></nokeyboard> <alloweditaftercompletion><![CDATA[N]]></alloweditaftercompletion> <googleanalyticsstyle/> <googleanalyticsapikey/> <gsid><![CDATA[1]]></gsid> <showsurveypolicynotice><![CDATA[0]]></showsurveypolicynotice> </row> </rows> </surveys> <surveys_languagesettings> <fields> <fieldname>surveyls_survey_id</fieldname> <fieldname>surveyls_language</fieldname> <fieldname>surveyls_title</fieldname> <fieldname>surveyls_description</fieldname> <fieldname>surveyls_welcometext</fieldname> <fieldname>surveyls_endtext</fieldname> <fieldname>surveyls_url</fieldname> <fieldname>surveyls_urldescription</fieldname> <fieldname>surveyls_email_invite_subj</fieldname> <fieldname>surveyls_email_invite</fieldname> <fieldname>surveyls_email_remind_subj</fieldname> <fieldname>surveyls_email_remind</fieldname> <fieldname>surveyls_email_register_subj</fieldname> <fieldname>surveyls_email_register</fieldname> <fieldname>surveyls_email_confirm_subj</fieldname> <fieldname>surveyls_email_confirm</fieldname> <fieldname>surveyls_dateformat</fieldname> <fieldname>surveyls_attributecaptions</fieldname> <fieldname>email_admin_notification_subj</fieldname> <fieldname>email_admin_notification</fieldname> <fieldname>email_admin_responses_subj</fieldname> <fieldname>email_admin_responses</fieldname> <fieldname>surveyls_numberformat</fieldname> <fieldname>attachments</fieldname> <fieldname>surveyls_policy_notice</fieldname> <fieldname>surveyls_policy_error</fieldname> <fieldname>surveyls_policy_notice_label</fieldname> </fields> <rows> <row> <surveyls_survey_id><![CDATA[289473]]></surveyls_survey_id> <surveyls_language><![CDATA[en]]></surveyls_language> <surveyls_title><![CDATA[File Upload]]></surveyls_title> <surveyls_description/> <surveyls_welcometext/> <surveyls_endtext/> <surveyls_url/> <surveyls_urldescription/> <surveyls_email_invite_subj><![CDATA[Invitation to participate in a survey]]></surveyls_email_invite_subj> <surveyls_email_invite><![CDATA[Dear {FIRSTNAME},<br /> <br /> you have been invited to participate in a survey.<br /> <br /> The survey is titled:<br /> "{SURVEYNAME}"<br /> <br /> "{SURVEYDESCRIPTION}"<br /> <br /> To participate, please click on the link below.<br /> <br /> Sincerely,<br /> <br /> {ADMINNAME} ({ADMINEMAIL})<br /> <br /> ----------------------------------------------<br /> Click here to do the survey:<br /> {SURVEYURL}<br /> <br /> If you do not want to participate in this survey and don't want to receive any more invitations please click the following link:<br /> {OPTOUTURL}<br /> <br /> If you are blacklisted but want to participate in this survey and want to receive invitations please click the following link:<br /> {OPTINURL}]]></surveyls_email_invite> <surveyls_email_remind_subj><![CDATA[Reminder to participate in a survey]]></surveyls_email_remind_subj> <surveyls_email_remind><![CDATA[Dear {FIRSTNAME},<br /> <br /> Recently we invited you to participate in a survey.<br /> <br /> We note that you have not yet completed the survey, and wish to remind you that the survey is still available should you wish to take part.<br /> <br /> The survey is titled:<br /> "{SURVEYNAME}"<br /> <br /> "{SURVEYDESCRIPTION}"<br /> <br /> To participate, please click on the link below.<br /> <br /> Sincerely,<br /> <br /> {ADMINNAME} ({ADMINEMAIL})<br /> <br /> ----------------------------------------------<br /> Click here to do the survey:<br /> {SURVEYURL}<br /> <br /> If you do not want to participate in this survey and don't want to receive any more invitations please click the following link:<br /> {OPTOUTURL}]]></surveyls_email_remind> <surveyls_email_register_subj><![CDATA[Survey registration confirmation]]></surveyls_email_register_subj> <surveyls_email_register><![CDATA[Dear {FIRSTNAME},<br /> <br /> You, or someone using your email address, have registered to participate in an online survey titled {SURVEYNAME}.<br /> <br /> To complete this survey, click on the following URL:<br /> <br /> {SURVEYURL}<br /> <br /> If you have any questions about this survey, or if you did not register to participate and believe this email is in error, please contact {ADMINNAME} at {ADMINEMAIL}.]]></surveyls_email_register> <surveyls_email_confirm_subj><![CDATA[Confirmation of your participation in our survey]]></surveyls_email_confirm_subj> <surveyls_email_confirm><![CDATA[Dear {FIRSTNAME},<br /> <br /> this email is to confirm that you have completed the survey titled {SURVEYNAME} and your response has been saved. Thank you for participating.<br /> <br /> If you have any further questions about this email, please contact {ADMINNAME} on {ADMINEMAIL}.<br /> <br /> Sincerely,<br /> <br /> {ADMINNAME}]]></surveyls_email_confirm> <surveyls_dateformat><![CDATA[1]]></surveyls_dateformat> <email_admin_notification_subj><![CDATA[Response submission for survey {SURVEYNAME}]]></email_admin_notification_subj> <email_admin_notification><![CDATA[Hello,<br /> <br /> A new response was submitted for your survey '{SURVEYNAME}'.<br /> <br /> Click the following link to see the individual response:<br /> {VIEWRESPONSEURL}<br /> <br /> Click the following link to edit the individual response:<br /> {EDITRESPONSEURL}<br /> <br /> View statistics by clicking here:<br /> {STATISTICSURL}]]></email_admin_notification> <email_admin_responses_subj><![CDATA[Response submission for survey {SURVEYNAME} with results]]></email_admin_responses_subj> <email_admin_responses><![CDATA[Hello,<br /> <br /> A new response was submitted for your survey '{SURVEYNAME}'.<br /> <br /> Click the following link to see the individual response:<br /> {VIEWRESPONSEURL}<br /> <br /> Click the following link to edit the individual response:<br /> {EDITRESPONSEURL}<br /> <br /> View statistics by clicking here:<br /> {STATISTICSURL}<br /> <br /> <br /> The following answers were given by the participant:<br /> {ANSWERTABLE}]]></email_admin_responses> <surveyls_numberformat><![CDATA[0]]></surveyls_numberformat> </row> </rows> </surveys_languagesettings> <themes> <theme> <sid>289473</sid> <template_name>YO_Redirect</template_name> <config> <options>inherit</options> </config> </theme> </themes> <themes_inherited> <theme> <sid>289473</sid> <template_name>YO_Redirect</template_name> <config> <options> <ajaxmode>off</ajaxmode> <brandlogo>off</brandlogo> <brandlogofile>./files/logo.png</brandlogofile> <container>on</container> <showpopups>1</showpopups> </options> </config> </theme> </themes_inherited> </document> limesurvey_survey_289473.lss (12,957 bytes)

Bug heat	10
Complete LimeSurvey version number (& build)	Version 3.27.7+210713
I will donate to the project if issue is resolved	No
Browser	Any. Reproduced on Edge 91.0.864.67
Database type & version	mysqlnd 7.4.13
Server OS (if known)	linux
Webserver software & version (if known)	apache2
PHP Version	7.4.13

User List	duvemyster

DenisChenu 2021-07-16 08:54 developer ~65464	Adding a 401 if $surveyid is null (with a clean "session as exspired" for message) ? https://github.com/LimeSurvey/LimeSurvey/blob/db67654da6e9ad311ff863273711301dfb96fd64/application/controllers/UploaderController.php#L22 Another code ? https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#client_error_responses

DenisChenu 2021-07-16 17:31 developer ~65487	Fix committed to 3.x-LTS branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=32321

DenisChenu 2021-07-16 17:32 developer ~65488	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=32322

duvemyster 2021-07-16 19:04 reporter ~65490	That sure was fast! Thank you @DenisChenu !

DenisChenu 2021-07-16 19:12 developer ~65492	Easy fix + improve user experience : happy to do it ;)

duvemyster 2021-08-17 18:16 reporter ~66043	@DenisChenu, we experienced this issue again on 3.27.11+210809 the end of last week. Would the fix above have been included in that release?

DenisChenu 2021-08-17 19:14 developer ~66045	Seems to be. You mean 400 error and nit 401/session on page ? Seems trange because Yii::app()->session['LEMsid'] mus be empty if session is out.

duvemyster 2021-08-17 20:31 reporter ~66046	A customer ran into the 400 error using file-upload and sent a screenshot. They started the survey again and were fine. I will confirm reproducibility and check back in.

duvemyster 2021-08-17 22:22 reporter ~66047	I tested first in Version 5.1.3+210817. In that version I did not get a 400 message, however I did get a frozen window experience with the attached, empty Upload file dialog in the middle of the screen. Clicking on the "x" does not close the window; must refresh the page. Will setup a 3.x test next. 5.x.PNG (8,216 bytes) 5.x.PNG (8,216 bytes)

duvemyster 2021-08-17 22:53 reporter ~66049	In my previous test/screenshot, I forgot to see if I could scroll around to see if a 400 or 401 message was in there somewhere. In Version 3.27.12+210816 I got the 401 error message after scrolling around in the frozen pop-up window. 3.x 401.PNG (29,027 bytes) 3.x 401.PNG (29,027 bytes)

duvemyster 2021-08-17 23:36 reporter ~66050	In 5.1.3+210817 here is no option to scroll around in the empty/frozen "Upload file" modal dialog provided two screenshots up.

DenisChenu 2021-08-18 18:30 developer ~66058	In my previous test/screenshot, I forgot to see if I could scroll around to see if a 400 or 401 message was in there somewhere. Oh yes : the js action to show whole screen is done at end of loading HTML https://github.com/LimeSurvey/LimeSurvey/blob/e14f4e4aa63fa140a1b087a66c9384709eb9ad5d/assets/scripts/uploader.js#L6 Must add a on error action in parent, but unsure it use clean javascript here … Then : THIS issue is fixed, other is javascript/css related : maybe another issue ?

duvemyster 2021-08-18 20:19 reporter ~66062	Would it work best to close this issue 17451 (400 error), then open a separate issues regarding the reproducible 401 error (3.x) and empty modal window (5.x)?

DenisChenu 2021-09-17 10:20 developer ~66507	@galads : since original issue is fixed BUT current upload system don't show whole error : what is your position ?

galads 2021-09-17 12:56 reporter ~66515	Please create a new issue since this is fixed already. I will pick it up from the new tickets.

c_schmitz 2021-09-21 09:45 administrator ~66557	New version released

LimeSurvey: 3.x-LTS f8ee40d6 2021-07-16 19:31 DenisChenu Details Diff	Fixed issue 17451: Upload File link after session expire leads to a message unclear to users Dev: 401 with session expired	Affected Issues 17451
	mod - application/controllers/UploaderController.php	Diff File
LimeSurvey: master 2b437fd9 2021-07-16 19:31 DenisChenu Details Diff	Fixed issue 17451: Upload File link after session expire leads to a message unclear to users Dev: 401 with session expired Dev: Cherry-picked	Affected Issues 17451
	mod - application/controllers/UploaderController.php	Diff File

Date Modified	Username	Field	Change
2021-07-16 01:26	duvemyster	New Issue
2021-07-16 01:26	duvemyster	File Added: image.png
2021-07-16 01:26	duvemyster	File Added: limesurvey_survey_289473.lss
2021-07-16 08:54	DenisChenu	Note Added: 65464
2021-07-16 08:54	DenisChenu	Assigned To	=> DenisChenu
2021-07-16 08:54	DenisChenu	Status	new => assigned
2021-07-16 17:31	DenisChenu	Changeset attached	=> LimeSurvey 3.x-LTS f8ee40d6
2021-07-16 17:31	DenisChenu	Note Added: 65487
2021-07-16 17:31	DenisChenu	Resolution	open => fixed
2021-07-16 17:32	DenisChenu	Changeset attached	=> LimeSurvey master 2b437fd9
2021-07-16 17:32	DenisChenu	Note Added: 65488
2021-07-16 18:41	DenisChenu	Status	assigned => resolved
2021-07-16 18:41	DenisChenu	Fixed in Version	=> 3.25.20
2021-07-16 19:04	duvemyster	Note Added: 65490
2021-07-16 19:12	DenisChenu	Note Added: 65492
2021-08-12 08:46	c_schmitz	Status	resolved => closed
2021-08-17 18:16	duvemyster	Note Added: 66043
2021-08-17 18:20	duvemyster	Issue Monitored: duvemyster
2021-08-17 18:20	duvemyster	Bug heat	4 => 6
2021-08-17 19:14	DenisChenu	Status	closed => feedback
2021-08-17 19:14	DenisChenu	Resolution	fixed => reopened
2021-08-17 19:14	DenisChenu	Note Added: 66045
2021-08-17 20:31	duvemyster	Note Added: 66046
2021-08-17 20:31	duvemyster	Status	feedback => assigned
2021-08-17 22:22	duvemyster	Note Added: 66047
2021-08-17 22:22	duvemyster	File Added: 5.x.PNG
2021-08-17 22:53	duvemyster	Note Added: 66049
2021-08-17 22:53	duvemyster	File Added: 3.x 401.PNG
2021-08-17 23:36	duvemyster	Note Added: 66050
2021-08-18 18:30	DenisChenu	Note Added: 66058
2021-08-18 18:32	DenisChenu	Relationship added	related to 14662
2021-08-18 20:19	duvemyster	Note Added: 66062
2021-09-17 10:20	DenisChenu	Assigned To	DenisChenu => galads
2021-09-17 10:20	DenisChenu	Status	assigned => feedback
2021-09-17 10:20	DenisChenu	Note Added: 66507
2021-09-17 12:56	galads	Note Added: 66515
2021-09-17 12:56	galads	Bug heat	6 => 8
2021-09-17 12:56	galads	Status	feedback => resolved
2021-09-21 09:45	c_schmitz	Note Added: 66557
2021-09-21 09:45	c_schmitz	Bug heat	8 => 10
2021-09-21 09:45	c_schmitz	Status	resolved => closed

View Issue Details

Relationships

Users monitoring this issue

Activities

Related Changesets

Issue History