In the following url

admin/limereplacementfields/sa/index/fieldtype/email_invitation_pl/action/editemailtemplates/surveyid/736525/gid//qid/

Isnt the GID missing actually?
Do you type the URL or you get by following some UI action?

Yes, in fact both GID and QID are missing. I have provided a URL to make testing easier. But their absence can also be checked in the demo version (https://demo.limesurvey.org/), if we open the CKEditor (popup), the url shows that gid and qid do not have an id. In the case of IIS, this causes an error message (I haven't tested version 5.x in our environment, but I suppose the problem will be too).

In a moment I will prepare screenshots of our local environment for version 3.28 and a description of how to invoke them.

I can not reproduce

1. gid is set
2. even removing manually gid Question:/type/question-text/action/editquestion/sid/574436/gid//qid/10512/lang/en : no problem
3. Checked with qid// to

See https://github.com/LimeSurvey/LimeSurvey/blob/2429adf6e624928e640de623fe499b46968274a9/application/core/Survey_Common_Action.php#L162

We check !empty at line 163 …

Can not reproduce : are you sure your version is uptodate ?
(see code)

But right : js can be updated on email : …/admin/htmleditor_pop/sa/index/name/email_admin_notification_en/text/Basic admin notification email body:(en)/type/email_admin_notification_en/action/editemailtemplates/sid/574436/gid//qid//lang/en

Oh need IIS + path format …

How do you configure IIS and PATH format ?
I have IIS with PHP setup, but have get format only : /index.php?r=admin/htmleditor_pop/sa/index/name/email_admin_notification_en/text/Basic admin notification email body:(en)/type/email_admin_notification_en/action/editemailtemplates/sid/754644/gid//qid//lang/en

Maybe it's something that can be fixed with configuration ?
It can be interesting to have it on manual
https://manual.limesurvey.org/General_FAQ#How_can_I_remove_index.php_from_the_URL_path_to_get_a_shorter_URL

(and then : i can check on my dev IIS server).

No : i mean by default on IIS : rewrite is not activated : url is set to path

All start by /index.php?r=
Seems you didn't have , but on my instance : i have it

Your url seems : /index.php/admin/htmleditor_pop
Mine /index.php?r=admin/htmleditor_pop

https://manual.limesurvey.org/Optional_settings/en#URL_settings

Maybe try to set url to get in config.php and check.
(i think it didn't work on IIS …)

I confirm that the problem is with the "path".
After changing the configuration to 'get' - it works.

But for us, this is not a solution as our top-down guidelines say that addresses must be user-friendly.

OK : but need confirmation before.

Then IIS allow path with showScriptName = false or only with showScriptName = true ?

Yep : i think we must NOT send empty value (or send 0 if we can really not doing differently)

He understands that when faced with the problem of the "path" it must be solved in a global context.
But the reported problem was only visible in CKEditor. And the fastest solution for us is to cast to integer for $gID and $qID in the getEditor method (application\helpers\admin\htmleditor_helper.php)

PS: starting the web.config system on manual still a good idea :).

You know how to deny access to ^/upload/surveys/./fu_[a-z0-9]$ files ?
And maybe to ^/(application|docs|framework|locale|protected|tests|themes/\w+/views) ? too.

Denis

https://github.com/LimeSurvey/LimeSurvey/pull/2630

@2BITS_PL : can you test https://github.com/LimeSurvey/LimeSurvey/pull/2630 please ?

master version : https://github.com/LimeSurvey/LimeSurvey/pull/2639

Why you answer in private ?
This issue is fixed : right ?

Usage of widget inside CKeditor is not fixed : maybe it must be reported as another issue soince it's surely happen with inline ckeditor.

Private, because I am sending screenshots from our client's application, we don't want it to be public.

The error is related to Limesurvey and not as suggested by CKEditor. The presented solution only applies to the popup options. However, there is also an inline embedding method for CKEditor that has a bug (lines 283 and 284): https://github.com/LimeSurvey/LimeSurvey/blob/15b3cfea6887465e4fbdddfcad1ddde332d96e5c/application/helpers/admin/htmleditor_helper.php#L283

The presented solution only applies to the popup options. However, there is also an inline embedding

Yes: but it's another issue … Can i set the Pull request to tested ?
Then it can be merged …

ANd clearly : here it's the inline editor … it's another issue

The notification subject is for a double slash in CKEditor - it is not explicitly stated that it is just a popup. We wanted to solve the problem comprehensively, also inline.

But do what you think is right (as comfortable for you)

I will only add that if in the getEditor method (you set it at the beginning)

    $gID = (int) $gID;
    $qID = (int) $qID;

this will work for a popup and inline CKEditor, without applying the prepared patch (which changes the url structure)

this will work for a popup and inline CKEditor, without applying the prepared patch (which changes the url structure)

Yes, i know but i don't think it's the best way to do … qid is set even if it must not be set. Replacve is_empty by isset or !is_null : it broke again.

I test this link locally on 5.X :
http://limesurvey.local/limereplacementfields/index/fieldtype/email_invitation_en/action/editemailtemplates/surveyid/248756/gid/qid/

No issue for me … seems only related to 3.X version …

I tested version 5.4.0, IIS with the path setting for urlFormat and confirm that the problem is not.
Although the URL contains a double slash: "... gid//qid/...", Survey_Common_Action does not set the iGroupId and iQuestionId parameters.

I tested the inline and popup options in v5.4, they both work fine.

I tested the inline and popup options in v5.4, they both work fine.

Yes, i report a confidentiality issue here :) test are not done … can be bad.
I need to check if there are potential XSS too :)

Updated version with LimeFields
https://github.com/LimeSurvey/LimeSurvey/pull/2630

I add LimeReplacementFieldsUrl on near the same way.

Fixed in Release 6.0.5+230502

Still open
master : https://github.com/LimeSurvey/LimeSurvey/pull/3087
5.X : https://github.com/LimeSurvey/LimeSurvey/pull/2639
3.X : https://github.com/LimeSurvey/LimeSurvey/pull/2630

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=34613

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=34614

I fix the version.php for 5.X
It's need for 3.X too @2BITS_PL use 3.X

OK to merge ? (I can do it)

Sure, go for it.

Fix committed to 3.x-LTS branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=34619

Thanks :)
Still the 5.X to test : https://github.com/LimeSurvey/LimeSurvey/pull/2639

Fixed in Release 6.0.6+230508

Reopen for 3.28

Need to be reverted.

Solution to fix 18811 are totally different and need more work …

Fix committed to 3.x-LTS branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=34645

Fixed in Release 3.28.59+230517

reopen to fix it on 3.X and 5.X
Totally fixed in 6.X

Already fixed but with a more complete solution on 6.X and before,
Reverted on 3 and 5 due to issue https://bugs.limesurvey.org/view.php?id=18811

Use a more simple solution, just set 0 via intval.

I have no idea on How to test …

3.X : https://github.com/LimeSurvey/LimeSurvey/pull/3154
5.X : https://github.com/LimeSurvey/LimeSurvey/pull/3155

Fix committed to 3.x-LTS branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=34694

Fix committed to 3.x-LTS branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=34695

Merged.

Fix committed to 5.x branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=34696

Fix committed to 3.x-LTS branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=34757