View Issue Details

This bug affects 1 person(s).
IDProjectCategoryView StatusLast Update
18687Bug reportsSurvey editingpublic2023-03-30 13:15
Reporter2BITS_PL Assigned To 
Status newResolutionopen 
Product Version5.6.x 
Summary18687: Unable to add images via CKeditor

I discovered the problem during internal tests, I used the demo for verification - there the problem occurs all the time.

After creating a survey with any question (I chose the default text field), after clicking on the image icon (inside CKeditor embedded inline) in the new window, when I click browse, the app tries to run the resource upload script but close automatically and then returns a permission denied message.

In the local environment (on my side) I changed the CSP settings:

  • form-action 'self' https: blob:;
  • base-uri self' https: blob:;
  • script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:;
    Previously it was without 'blob' but some actions didn't work.

We also added a domain to session settings:
'cookieParams' => array (
'httponly' => true,
'safe' => true,
'domain' => '.mydomain'

Now in editing the question the problem does not appear. But when I add a question like "Select multiple choice image" then in subquestion edit I still get the same error with permissions.

By analyzing the file: \third_party\kcfinder\core\class\browser.php (line 90) here I set this message with permissions, it enters here because the 'disabled' parameter is set to 1 - I don't know what it sets, but how it changes on 0 then everything works fine.

I can't determine if it's a bug or a configuration issue.
Previously, we used LS v3.28 and there was no problem, now after switching to v5, adding images does not work.

TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)Version 5.4.11+221114
I will donate to the project if issue is resolvedNo
Database type & versionSQL Server 2019
Server OS (if known)Microsoft Server 2019
Webserver software & version (if known)
PHP Versionv8.0.27 NTS x64

Users monitoring this issue

User List 2BITS_PL




2023-03-17 10:35

reporter   ~74146

Steps to repeat:

  1. Create a survey, add a group
  2. Add a new question and choose a type: "Select multiple choice image" >> without saving
  3. Go to the list of sub-questions, click on the editor, then browse >> here's the problem
  4. If I click Save question and then go to the subquestion and follow the instructions from point 3 >> the problem still occurs
  5. Reload the page and follow the steps from point 3 >> now it works, you can add an image
  6. Add some sub-questions (may be blank), click Save and reload the page. Now go to edit each of the sub questions you added, you can add an image.
  7. Add a new subquestion to the list from point 6 (without saving and reloading), follow the instructions from point 3 - a message will appear that you cannot add a photo, go to edit the previous subquestion and try to add a photo > > this appears same error message although it worked before.

In my opinion, something is missing when adding a subquery, until the page reloads, it doesn't see it for the new subquestion, and blocks the image from being added. Worse, because triggering this lock disables this mechanism for all previous subqueries.



2023-03-30 13:15

reporter   ~74314

I installed LS v5.6.13 locally to verify the issue with this version (pure instance without our dedicated plugins).

Adds a new survey with a sample question created. I change the question type to "Select multiple choice image" (without saving), go to the list of sub questions, click edit and a new window opens "403, Invalid Group ID"

After saving the changes, I go to edit the subquestion, still the same error message.
I reload the page, go to edit the question and then edit the subquestion, ckeditor opens in a new window - there is no error.

Issue History

Date Modified Username Field Change
2023-03-16 12:06 2BITS_PL New Issue
2023-03-17 10:35 2BITS_PL Note Added: 74146
2023-03-17 10:35 2BITS_PL Bug heat 0 => 2
2023-03-17 10:35 2BITS_PL Issue Monitored: 2BITS_PL
2023-03-17 10:35 2BITS_PL Bug heat 2 => 4
2023-03-30 13:15 2BITS_PL Note Added: 74314