View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
18343 | Bug reports | Other | public | 2022-09-12 13:40 | 2022-11-28 16:31 |
Reporter | 2BITS_PL | Assigned To | |||
Priority | none | Severity | block | ||
Status | in testing | Resolution | open | ||
Product Version | 3.28.x | ||||
Summary | 18343: Problem with interpreting double slash in an URL (IIS) | ||||
Description | Hello, in our internal testing, we noticed that the app was showing us CHttpException errors when there is a double slash in the URL. This is the case if you run CKEditor while editing the notification template (inside the survey) as the question ID and group ID are NULL. So the URL in this case would be: "...gui//qid/" if ((string) (int) $ params ['iGroupId']! == (string) $ params ['iGroupId']) { The question is how to fix it? | ||||
Steps To Reproduce | Steps to reproduceAfter launching the project in IIS, when we call, for example, the URL: It mainly occurs when CKEditor is running as an inline or popup Expected resultIt should display the page linked to. Actual resultReturns CHttpException "Invalid group id" | ||||
Tags | No tags attached. | ||||
Bug heat | 8 | ||||
Complete LimeSurvey version number (& build) | Version 3.28.24+220816 | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | |||||
Database type & version | SQL Server 2019 | ||||
Server OS (if known) | Microsoft Server 2019 | ||||
Webserver software & version (if known) | |||||
PHP Version | v7.4.15 NTS x64 | ||||
User List | DenisChenu |
---|
In the following url
Isnt the GID missing actually? |
|
Yes, in fact both GID and QID are missing. I have provided a URL to make testing easier. But their absence can also be checked in the demo version (https://demo.limesurvey.org/), if we open the CKEditor (popup), the url shows that gid and qid do not have an id. In the case of IIS, this causes an error message (I haven't tested version 5.x in our environment, but I suppose the problem will be too). In a moment I will prepare screenshots of our local environment for version 3.28 and a description of how to invoke them. |
|
I can not reproduce
We check !empty at line 163 … |
|
Can not reproduce : are you sure your version is uptodate ? But right : js can be updated on email : …/admin/htmleditor_pop/sa/index/name/email_admin_notification_en/text/Basic admin notification email body:(en)/type/email_admin_notification_en/action/editemailtemplates/sid/574436/gid//qid//lang/en |
|
Oh need IIS + path format … How do you configure IIS and PATH format ? Maybe it's something that can be fixed with configuration ? (and then : i can check on my dev IIS server). |
|
No : i mean by default on IIS : rewrite is not activated : url is set to path All start by /index.php?r= Your url seems : /index.php/admin/htmleditor_pop https://manual.limesurvey.org/Optional_settings/en#URL_settings Maybe try to set url to |
|
I confirm that the problem is with the "path". But for us, this is not a solution as our top-down guidelines say that addresses must be user-friendly. |
|
OK : but need confirmation before. Then IIS allow path with showScriptName = false or only with showScriptName = true ? |
|
Yep : i think we must NOT send empty value (or send 0 if we can really not doing differently) |
|
He understands that when faced with the problem of the "path" it must be solved in a global context. |
|
PS: starting the web.config system on manual still a good idea :). You know how to deny access to ^/upload/surveys/./fu_[a-z0-9]$ files ? Denis |
|
@2BITS_PL : can you test https://github.com/LimeSurvey/LimeSurvey/pull/2630 please ? |
|
master version : https://github.com/LimeSurvey/LimeSurvey/pull/2639 |
|
Why you answer in private ? Usage of widget inside CKeditor is not fixed : maybe it must be reported as another issue soince it's surely happen with inline ckeditor. |
|
Private, because I am sending screenshots from our client's application, we don't want it to be public. The error is related to Limesurvey and not as suggested by CKEditor. The presented solution only applies to the popup options. However, there is also an inline embedding method for CKEditor that has a bug (lines 283 and 284): https://github.com/LimeSurvey/LimeSurvey/blob/15b3cfea6887465e4fbdddfcad1ddde332d96e5c/application/helpers/admin/htmleditor_helper.php#L283 |
|
Yes: but it's another issue … Can i set the Pull request to tested ? |
|
ANd clearly : here it's the inline editor … it's another issue |
|
The notification subject is for a double slash in CKEditor - it is not explicitly stated that it is just a popup. We wanted to solve the problem comprehensively, also inline. But do what you think is right (as comfortable for you) |
|
I will only add that if in the getEditor method (you set it at the beginning)
this will work for a popup and inline CKEditor, without applying the prepared patch (which changes the url structure) |
|
Yes, i know but i don't think it's the best way to do … qid is set even if it must not be set. Replacve is_empty by isset or !is_null : it broke again. |
|
I test this link locally on 5.X : No issue for me … seems only related to 3.X version … |
|
I tested version 5.4.0, IIS with the path setting for urlFormat and confirm that the problem is not. |
|
I tested the inline and popup options in v5.4, they both work fine. |
|
Yes, i report a confidentiality issue here :) test are not done … can be bad. |
|
Updated version with LimeFields |
|
I add LimeReplacementFieldsUrl on near the same way. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2022-09-12 13:40 | 2BITS_PL | New Issue | |
2022-09-12 14:02 | gabrieljenik | Note Added: 71674 | |
2022-09-12 14:02 | gabrieljenik | Bug heat | 0 => 2 |
2022-09-12 14:02 | gabrieljenik | Status | new => feedback |
2022-09-12 14:46 | 2BITS_PL | Note Added: 71677 | |
2022-09-12 14:46 | 2BITS_PL | Bug heat | 2 => 4 |
2022-09-12 14:46 | 2BITS_PL | Status | feedback => new |
2022-09-12 15:05 | DenisChenu | Note Added: 71678 | |
2022-09-12 15:05 | DenisChenu | Bug heat | 4 => 6 |
2022-09-12 15:11 | DenisChenu | Note Edited: 71678 | |
2022-09-12 15:11 | DenisChenu | Assigned To | => DenisChenu |
2022-09-12 15:11 | DenisChenu | Status | new => feedback |
2022-09-12 15:11 | DenisChenu | Note Added: 71680 | |
2022-09-12 15:13 | DenisChenu | Note Edited: 71680 | |
2022-09-12 16:41 | 2BITS_PL | Status | feedback => assigned |
2022-09-12 16:46 | DenisChenu | Note Added: 71682 | |
2022-09-12 18:04 | DenisChenu | Note Added: 71684 | |
2022-09-13 10:44 | 2BITS_PL | Note Added: 71700 | |
2022-09-13 12:01 | DenisChenu | Note Added: 71702 | |
2022-09-14 09:43 | DenisChenu | Note Added: 71707 | |
2022-09-14 09:44 | 2BITS_PL | Note Added: 71708 | |
2022-09-14 09:45 | DenisChenu | Note Added: 71709 | |
2022-09-22 18:44 | DenisChenu | Assigned To | DenisChenu => gabrieljenik |
2022-09-22 18:44 | DenisChenu | Status | assigned => ready for code review |
2022-09-22 18:44 | DenisChenu | Note Added: 71897 | |
2022-09-23 15:12 | gabrieljenik | Assigned To | gabrieljenik => DenisChenu |
2022-09-23 15:12 | gabrieljenik | Status | ready for code review => ready for testing |
2022-09-23 17:49 | DenisChenu | Note Added: 71922 | |
2022-09-28 10:51 | DenisChenu | Assigned To | DenisChenu => |
2022-09-29 12:59 | DenisChenu | Note Added: 72015 | |
2022-10-03 18:02 | DenisChenu | Note Added: 72047 | |
2022-10-04 09:35 | 2BITS_PL | Note Added: 72056 | |
2022-10-04 09:42 | DenisChenu | Note Added: 72057 | |
2022-10-04 09:44 | DenisChenu | Note Added: 72058 | |
2022-10-04 10:07 | 2BITS_PL | Note Added: 72059 | |
2022-10-04 10:14 | 2BITS_PL | Note Added: 72060 | |
2022-10-04 14:28 | DenisChenu | Note Added: 72073 | |
2022-10-04 14:42 | DenisChenu | Note Added: 72075 | |
2022-10-04 14:56 | DenisChenu | Assigned To | => DenisChenu |
2022-10-04 14:56 | DenisChenu | Status | ready for testing => assigned |
2022-10-05 10:29 | 2BITS_PL | Note Added: 72093 | |
2022-10-05 10:32 | 2BITS_PL | Note Added: 72094 | |
2022-10-05 11:03 | DenisChenu | Note Added: 72095 | |
2022-10-05 11:10 | DenisChenu | Note Added: 72098 | |
2022-10-05 11:11 | DenisChenu | Assigned To | DenisChenu => gabrieljenik |
2022-10-05 11:11 | DenisChenu | Status | assigned => ready for code review |
2022-10-05 11:11 | DenisChenu | Note Added: 72100 | |
2022-11-28 11:47 | DenisChenu | Issue Monitored: DenisChenu | |
2022-11-28 11:47 | DenisChenu | Bug heat | 6 => 8 |
2022-11-28 11:47 | DenisChenu | Assigned To | gabrieljenik => |
2022-11-28 16:31 | DenisChenu | Status | ready for code review => in testing |