View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
19830 | Bug reports | Survey taking | public | 2024-11-10 19:52 | 2024-11-18 09:39 |
Reporter | DenisChenu | Assigned To | tibor.pacalat | ||
Priority | none | Severity | crash | ||
Status | assigned | Resolution | reopened | ||
Product Version | 6.6.x | ||||
Summary | 19830: Calling "sSurveyUrl" property on a "Survey" object is not allowed in | ||||
Description | Not able to take any survey : Home page show 500: Internal Server Error - Calling "sSurveyUrl" property on a "Survey" object is not allowed in | ||||
Steps To Reproduce | Steps to reproduceUpdate to the last GIT version Expected resultWork Actual resultDon't work | ||||
Tags | No tags attached. | ||||
Attached Files | Twig_Sandbox_SecurityNotAllowedPropertyError.html (31,871 bytes)
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" data-lt-installed="true"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Twig\Sandbox\SecurityNotAllowedPropertyError</title> <style type="text/css"> /*<![CDATA[*/ html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-size:100%;vertical-align:baseline;background:transparent;margin:0;padding:0;} body{line-height:1;} ol,ul{list-style:none;} blockquote,q{quotes:none;} blockquote:before,blockquote:after,q:before,q:after{content:none;} :focus{outline:0;} ins{text-decoration:none;} del{text-decoration:line-through;} table{border-collapse:collapse;border-spacing:0;} body { font: normal 9pt "Verdana"; color: #000; background: #fff; } h1 { font: normal 18pt "Verdana"; color: #f00; margin-bottom: .5em; } h2 { font: normal 14pt "Verdana"; color: #800000; margin-bottom: .5em; } h3 { font: bold 11pt "Verdana"; } pre { font: normal 11pt Menlo, Consolas, "Lucida Console", Monospace; } pre span.error { display: block; background: #fce3e3; } pre span.ln { color: #999; padding-right: 0.5em; border-right: 1px solid #ccc; } pre span.error-ln { font-weight: bold; } .container { margin: 1em 4em; } .version { color: gray; font-size: 8pt; border-top: 1px solid #aaa; padding-top: 1em; margin-bottom: 1em; } .message { color: #000; padding: 1em; font-size: 11pt; background: #f3f3f3; -webkit-border-radius: 10px; -moz-border-radius: 10px; border-radius: 10px; margin-bottom: 1em; line-height: 160%; } .source { margin-bottom: 1em; } .code pre { background-color: #ffe; margin: 0.5em 0; padding: 0.5em; line-height: 125%; border: 1px solid #eee; } .source .file { margin-bottom: 1em; font-weight: bold; } .traces { margin: 2em 0; } .trace { margin: 0.5em 0; padding: 0.5em; } .trace.app { border: 1px dashed #c00; } .trace .number { text-align: right; width: 2em; padding: 0.5em; } .trace .content { padding: 0.5em; } .trace .plus, .trace .minus { display:inline; vertical-align:middle; text-align:center; border:1px solid #000; color:#000; font-size:10px; line-height:10px; margin:0; padding:0 1px; width:10px; height:10px; } .trace.collapsed .minus, .trace.expanded .plus, .trace.collapsed pre { display: none; } .trace-file { cursor: pointer; padding: 0.2em; } .trace-file:hover { background: #f0ffff; } /*]]>*/ </style> </head> <body> <div class="container"> <h1>Twig\Sandbox\SecurityNotAllowedPropertyError</h1> <p class="message"> Calling "sSurveyUrl" property on a "Survey" object is not allowed in "__string_template__49d60551aa67aa57298068c9a575fdfd" at line 158. </p> <div class="source"> <p class="file">/media/shnoulle/data/webdev/master/vendor/twig/twig/src/Sandbox/SecurityPolicy.php(121)</p> <div class="code"><pre><span class="ln">109</span> public function checkPropertyAllowed($obj, $property): void <span class="ln">110</span> { <span class="ln">111</span> $allowed = false; <span class="ln">112</span> foreach ($this->allowedProperties as $class => $properties) { <span class="ln">113</span> if ($obj instanceof $class && \in_array($property, \is_array($properties) ? $properties : [$properties])) { <span class="ln">114</span> $allowed = true; <span class="ln">115</span> break; <span class="ln">116</span> } <span class="ln">117</span> } <span class="ln">118</span> <span class="ln">119</span> if (!$allowed) { <span class="ln">120</span> $class = \get_class($obj); <span class="error"><span class="ln error-ln">121</span> throw new SecurityNotAllowedPropertyError(\sprintf('Calling "%s" property on a "%s" object is not allowed.', $property, $class), $class, $property); </span><span class="ln">122</span> } <span class="ln">123</span> } <span class="ln">124</span> } </pre></div> </div> <div class="traces"> <h2>Stack Trace</h2> <table style="width:100%;"> <tbody><tr class="trace app expanded"> <td class="number"> #0 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/twig/twig/src/Extension/SandboxExtension.php(110): <strong>Twig\Sandbox\SecurityPolicy</strong>-><strong>checkPropertyAllowed</strong>() </div> <div class="code"><pre><span class="ln">105</span> <span class="ln">106</span> public function checkPropertyAllowed($obj, $property, int $lineno = -1, ?Source $source = null): void <span class="ln">107</span> { <span class="ln">108</span> if ($this->isSandboxed($source)) { <span class="ln">109</span> try { <span class="error"><span class="ln error-ln">110</span> $this->policy->checkPropertyAllowed($obj, $property); </span><span class="ln">111</span> } catch (SecurityNotAllowedPropertyError $e) { <span class="ln">112</span> $e->setSourceContext($source); <span class="ln">113</span> $e->setTemplateLine($lineno); <span class="ln">114</span> <span class="ln">115</span> throw $e; </pre></div> </td> </tr> <tr class="trace app expanded"> <td class="number"> #1 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/twig/twig/src/Extension/CoreExtension.php(1576): <strong>Twig\Extension\SandboxExtension</strong>-><strong>checkPropertyAllowed</strong>() </div> <div class="code"><pre><span class="ln">1571</span> if (/* Template::METHOD_CALL */ 'method' !== $type) { <span class="ln">1572</span> $arrayItem = \is_bool($item) || \is_float($item) ? (int) $item : $item; <span class="ln">1573</span> <span class="ln">1574</span> if ($sandboxed && $object instanceof \ArrayAccess && !\in_array(get_class($object), self::ARRAY_LIKE_CLASSES, true)) { <span class="ln">1575</span> try { <span class="error"><span class="ln error-ln">1576</span> $env->getExtension(SandboxExtension::class)->checkPropertyAllowed($object, $arrayItem, $lineno, $source); </span><span class="ln">1577</span> } catch (SecurityNotAllowedPropertyError $propertyNotAllowedError) { <span class="ln">1578</span> goto methodCheck; <span class="ln">1579</span> } <span class="ln">1580</span> } <span class="ln">1581</span> </pre></div> </td> </tr> <tr class="trace app expanded"> <td class="number"> #2 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/tmp/runtime/twig_cache/aa/aa11a0758884fd6f3c0b22d9314a7caa.php(285): <strong>Twig\Extension\CoreExtension</strong>::<strong>getAttribute</strong>() </div> <div class="code"><pre><span class="ln">280</span> yield $this->sandbox->ensureToStringAllowed(CoreExtension::getAttribute($this->env, $this->source, CoreExtension::getAttribute($this->env, $this->source, ($context["aSurveyInfo"] ?? null), "attr", [], "any", false, false, true, 156), "surveylistrowdivbdivulli", [], "any", false, false, true, 156), 156, $this->source); <span class="ln">281</span> yield "> <span class="ln">282</span> <a <span class="ln">283</span> href=\""; <span class="ln">284</span> // line 158 <span class="error"><span class="ln error-ln">285</span> yield $this->sandbox->ensureToStringAllowed(CoreExtension::getAttribute($this->env, $this->source, $context["oSurvey"], "sSurveyUrl", [], "any", false, false, true, 158), 158, $this->source); </span><span class="ln">286</span> yield "\" <span class="ln">287</span> title=\""; <span class="ln">288</span> // line 159 <span class="ln">289</span> yield gT("Start survey"); <span class="ln">290</span> yield "\" </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #3 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/twig/twig/src/Template.php(430): <strong>__TwigTemplate_1f46ea44ded24ae89312651216062761</strong>-><strong>block_content</strong>() </div> <div class="code"><pre><span class="ln">425</span> } <span class="ln">426</span> <span class="ln">427</span> $level = ob_get_level(); <span class="ln">428</span> ob_start(); <span class="ln">429</span> <span class="error"><span class="ln error-ln">430</span> foreach ($template->$block($context, $blocks) as $data) { </span><span class="ln">431</span> if (ob_get_length()) { <span class="ln">432</span> $data = ob_get_clean().$data; <span class="ln">433</span> ob_start(); <span class="ln">434</span> } <span class="ln">435</span> </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #4 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/tmp/runtime/twig_cache/aa/aa11a0758884fd6f3c0b22d9314a7caa.php(144): <strong>Twig\Template</strong>-><strong>yieldBlock</strong>() </div> <div class="code"><pre><span class="ln">139</span> yield " <span class="ln">140</span> <span class="ln">141</span> "; <span class="ln">142</span> // line 114 <span class="ln">143</span> yield " "; <span class="error"><span class="ln error-ln">144</span> yield from $this->unwrap()->yieldBlock('content', $context, $blocks); </span><span class="ln">145</span> // line 205 <span class="ln">146</span> yield " <span class="ln">147</span> <span class="ln">148</span> "; <span class="ln">149</span> // line 208 </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #5 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/twig/twig/src/Template.php(430): <strong>__TwigTemplate_1f46ea44ded24ae89312651216062761</strong>-><strong>block_body</strong>() </div> <div class="code"><pre><span class="ln">425</span> } <span class="ln">426</span> <span class="ln">427</span> $level = ob_get_level(); <span class="ln">428</span> ob_start(); <span class="ln">429</span> <span class="error"><span class="ln error-ln">430</span> foreach ($template->$block($context, $blocks) as $data) { </span><span class="ln">431</span> if (ob_get_length()) { <span class="ln">432</span> $data = ob_get_clean().$data; <span class="ln">433</span> ob_start(); <span class="ln">434</span> } <span class="ln">435</span> </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #6 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/tmp/runtime/twig_cache/aa/aa11a0758884fd6f3c0b22d9314a7caa.php(108): <strong>Twig\Template</strong>-><strong>yieldBlock</strong>() </div> <div class="code"><pre><span class="ln">103</span> // line 105 <span class="ln">104</span> yield $this->sandbox->ensureToStringAllowed(CoreExtension::getAttribute($this->env, $this->source, CoreExtension::getAttribute($this->env, $this->source, ($context["aSurveyInfo"] ?? null), "id", [], "any", false, false, true, 105), "dynamicreload", [], "any", false, false, true, 105), 105, $this->source); <span class="ln">105</span> yield "\"> <span class="ln">106</span> "; <span class="ln">107</span> // line 106 <span class="error"><span class="ln error-ln">108</span> yield from $this->unwrap()->yieldBlock('body', $context, $blocks); </span><span class="ln">109</span> // line 211 <span class="ln">110</span> yield " </div> <span class="ln">111</span> </article> <span class="ln">112</span> "; <span class="ln">113</span> // line 213 </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #7 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/twig/twig/src/Template.php(360): <strong>__TwigTemplate_1f46ea44ded24ae89312651216062761</strong>-><strong>doDisplay</strong>() </div> <div class="code"><pre><span class="ln">355</span> } <span class="ln">356</span> <span class="ln">357</span> $level = ob_get_level(); <span class="ln">358</span> ob_start(); <span class="ln">359</span> <span class="error"><span class="ln error-ln">360</span> foreach ($this->doDisplay($context, $blocks) as $data) { </span><span class="ln">361</span> if (ob_get_length()) { <span class="ln">362</span> $data = ob_get_clean().$data; <span class="ln">363</span> ob_start(); <span class="ln">364</span> } <span class="ln">365</span> </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #8 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/twig/twig/src/Template.php(335): <strong>Twig\Template</strong>-><strong>yield</strong>() </div> <div class="code"><pre><span class="ln">330</span> } <span class="ln">331</span> <span class="ln">332</span> public function render(array $context): string <span class="ln">333</span> { <span class="ln">334</span> $content = ''; <span class="error"><span class="ln error-ln">335</span> foreach ($this->yield($context) as $data) { </span><span class="ln">336</span> $content .= $data; <span class="ln">337</span> } <span class="ln">338</span> <span class="ln">339</span> return $content; <span class="ln">340</span> } </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #9 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/twig/twig/src/TemplateWrapper.php(38): <strong>Twig\Template</strong>-><strong>render</strong>() </div> <div class="code"><pre><span class="ln">33</span> $this->template = $template; <span class="ln">34</span> } <span class="ln">35</span> <span class="ln">36</span> public function render(array $context = []): string <span class="ln">37</span> { <span class="error"><span class="ln error-ln">38</span> return $this->template->render($context); </span><span class="ln">39</span> } <span class="ln">40</span> <span class="ln">41</span> public function display(array $context = []) <span class="ln">42</span> { <span class="ln">43</span> // using func_get_args() allows to not expose the blocks argument </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #10 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/application/core/LSETwigViewRenderer.php(519): <strong>Twig\TemplateWrapper</strong>-><strong>render</strong>() </div> <div class="code"><pre><span class="ln">514</span> list($sString, $aData) = $this->getPluginsData($sString, $aData); <span class="ln">515</span> } <span class="ln">516</span> <span class="ln">517</span> // Twig rendering <span class="ln">518</span> $oTwigTemplate = $twig->createTemplate($sString); <span class="error"><span class="ln error-ln">519</span> $sHtml = $oTwigTemplate->render($aData, false); </span><span class="ln">520</span> <span class="ln">521</span> return $sHtml; <span class="ln">522</span> } <span class="ln">523</span> <span class="ln">524</span> /** </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #11 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/application/core/LSETwigViewRenderer.php(72): <strong>LSETwigViewRenderer</strong>-><strong>convertTwigToHtml</strong>() </div> <div class="code"><pre><span class="ln">67</span> { <span class="ln">68</span> $oTemplate = Template::getLastInstance(); <span class="ln">69</span> $oLayoutTemplate = $this->getTemplateForView($sLayout, $oTemplate); <span class="ln">70</span> if ($oLayoutTemplate) { <span class="ln">71</span> $line = file_get_contents($oLayoutTemplate->viewPath . $sLayout); <span class="error"><span class="ln error-ln">72</span> $sHtml = $this->convertTwigToHtml($line, $aData, $oTemplate); </span><span class="ln">73</span> $sEmHiddenInputs = LimeExpressionManager::FinishProcessPublicPage(true); <span class="ln">74</span> if ($sEmHiddenInputs) { <span class="ln">75</span> $sHtml = str_replace( <span class="ln">76</span> "<!-- emScriptsAndHiddenInputs -->", <span class="ln">77</span> "<!-- emScriptsAndHiddenInputs updated -->\n" . </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #12 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/application/controllers/SurveysController.php(63): <strong>LSETwigViewRenderer</strong>-><strong>renderTemplateFromFile</strong>() </div> <div class="code"><pre><span class="ln">58</span> // maintenance mode <span class="ln">59</span> $sMaintenanceMode = getGlobalSetting('maintenancemode'); <span class="ln">60</span> if ($sMaintenanceMode == 'hard' || $sMaintenanceMode == 'soft') { <span class="ln">61</span> Yii::app()->twigRenderer->renderTemplateFromFile("layout_maintenance.twig", array('aSurveyInfo' => $aData), false); <span class="ln">62</span> } else { <span class="error"><span class="ln error-ln">63</span> Yii::app()->twigRenderer->renderTemplateFromFile("layout_survey_list.twig", array('aSurveyInfo' => $aData), false); </span><span class="ln">64</span> } <span class="ln">65</span> } <span class="ln">66</span> <span class="ln">67</span> /** <span class="ln">68</span> * System error : only 404 error are managed here (2016-11-29) </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #13 </td> <td class="content"> <div class="trace-file"> unknown(0): <strong>SurveysController</strong>-><strong>actionPublicList</strong>() </div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #14 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/yiisoft/yii/framework/web/actions/CAction.php(114): <strong>ReflectionMethod</strong>-><strong>invokeArgs</strong>() </div> <div class="code"><pre><span class="ln">109</span> elseif($param->isDefaultValueAvailable()) <span class="ln">110</span> $ps[]=$param->getDefaultValue(); <span class="ln">111</span> else <span class="ln">112</span> return false; <span class="ln">113</span> } <span class="error"><span class="ln error-ln">114</span> $method->invokeArgs($object,$ps); </span><span class="ln">115</span> return true; <span class="ln">116</span> } <span class="ln">117</span> } </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #15 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/yiisoft/yii/framework/web/actions/CInlineAction.php(47): <strong>CAction</strong>-><strong>runWithParamsInternal</strong>() </div> <div class="code"><pre><span class="ln">42</span> { <span class="ln">43</span> $methodName='action'.$this->getId(); <span class="ln">44</span> $controller=$this->getController(); <span class="ln">45</span> $method=new ReflectionMethod($controller, $methodName); <span class="ln">46</span> if($method->getNumberOfParameters()>0) <span class="error"><span class="ln error-ln">47</span> return $this->runWithParamsInternal($controller, $method, $params); </span><span class="ln">48</span> <span class="ln">49</span> $controller->$methodName(); <span class="ln">50</span> return true; <span class="ln">51</span> } <span class="ln">52</span> } </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #16 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/yiisoft/yii/framework/web/CController.php(308): <strong>CInlineAction</strong>-><strong>runWithParams</strong>() </div> <div class="code"><pre><span class="ln">303</span> { <span class="ln">304</span> $priorAction=$this->_action; <span class="ln">305</span> $this->_action=$action; <span class="ln">306</span> if($this->beforeAction($action)) <span class="ln">307</span> { <span class="error"><span class="ln error-ln">308</span> if($action->runWithParams($this->getActionParams())===false) </span><span class="ln">309</span> $this->invalidActionParams($action); <span class="ln">310</span> else <span class="ln">311</span> $this->afterAction($action); <span class="ln">312</span> } <span class="ln">313</span> $this->_action=$priorAction; </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #17 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/yiisoft/yii/framework/web/CController.php(286): <strong>CController</strong>-><strong>runAction</strong>() </div> <div class="code"><pre><span class="ln">281</span> * @see runAction <span class="ln">282</span> */ <span class="ln">283</span> public function runActionWithFilters($action,$filters) <span class="ln">284</span> { <span class="ln">285</span> if(empty($filters)) <span class="error"><span class="ln error-ln">286</span> $this->runAction($action); </span><span class="ln">287</span> else <span class="ln">288</span> { <span class="ln">289</span> $priorAction=$this->_action; <span class="ln">290</span> $this->_action=$action; <span class="ln">291</span> CFilterChain::create($this,$action,$filters)->run(); </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #18 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/yiisoft/yii/framework/web/CController.php(265): <strong>CController</strong>-><strong>runActionWithFilters</strong>() </div> <div class="code"><pre><span class="ln">260</span> { <span class="ln">261</span> if(($parent=$this->getModule())===null) <span class="ln">262</span> $parent=Yii::app(); <span class="ln">263</span> if($parent->beforeControllerAction($this,$action)) <span class="ln">264</span> { <span class="error"><span class="ln error-ln">265</span> $this->runActionWithFilters($action,$this->filters()); </span><span class="ln">266</span> $parent->afterControllerAction($this,$action); <span class="ln">267</span> } <span class="ln">268</span> } <span class="ln">269</span> else <span class="ln">270</span> $this->missingAction($actionID); </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #19 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/yiisoft/yii/framework/web/CWebApplication.php(282): <strong>CController</strong>-><strong>run</strong>() </div> <div class="code"><pre><span class="ln">277</span> { <span class="ln">278</span> list($controller,$actionID)=$ca; <span class="ln">279</span> $oldController=$this->_controller; <span class="ln">280</span> $this->_controller=$controller; <span class="ln">281</span> $controller->init(); <span class="error"><span class="ln error-ln">282</span> $controller->run($actionID); </span><span class="ln">283</span> $this->_controller=$oldController; <span class="ln">284</span> } <span class="ln">285</span> else <span class="ln">286</span> throw new CHttpException(404,Yii::t('yii','Unable to resolve the request "{route}".', <span class="ln">287</span> array('{route}'=>$route===''?$this->defaultController:$route))); </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #20 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/yiisoft/yii/framework/web/CWebApplication.php(141): <strong>CWebApplication</strong>-><strong>runController</strong>() </div> <div class="code"><pre><span class="ln">136</span> foreach(array_splice($this->catchAllRequest,1) as $name=>$value) <span class="ln">137</span> $_GET[$name]=$value; <span class="ln">138</span> } <span class="ln">139</span> else <span class="ln">140</span> $route=$this->getUrlManager()->parseUrl($this->getRequest()); <span class="error"><span class="ln error-ln">141</span> $this->runController($route); </span><span class="ln">142</span> } <span class="ln">143</span> <span class="ln">144</span> /** <span class="ln">145</span> * Registers the core application components. <span class="ln">146</span> * This method overrides the parent implementation by registering additional core components. </pre></div> </td> </tr> <tr class="trace core collapsed"> <td class="number"> #21 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/vendor/yiisoft/yii/framework/base/CApplication.php(185): <strong>CWebApplication</strong>-><strong>processRequest</strong>() </div> <div class="code"><pre><span class="ln">180</span> public function run() <span class="ln">181</span> { <span class="ln">182</span> if($this->hasEventHandler('onBeginRequest')) <span class="ln">183</span> $this->onBeginRequest(new CEvent($this)); <span class="ln">184</span> register_shutdown_function(array($this,'end'),0,false); <span class="error"><span class="ln error-ln">185</span> $this->processRequest(); </span><span class="ln">186</span> if($this->hasEventHandler('onEndRequest')) <span class="ln">187</span> $this->onEndRequest(new CEvent($this)); <span class="ln">188</span> } <span class="ln">189</span> <span class="ln">190</span> /** </pre></div> </td> </tr> <tr class="trace app collapsed"> <td class="number"> #22 </td> <td class="content"> <div class="trace-file"> <div class="plus">+</div> <div class="minus">–</div> /media/shnoulle/data/webdev/master/index.php(161): <strong>CApplication</strong>-><strong>run</strong>() </div> <div class="code"><pre><span class="ln">156</span> require_once APPPATH . 'core/LSYii_Application' . EXT; <span class="ln">157</span> <span class="ln">158</span> $config = require_once(APPPATH . 'config/internal' . EXT); <span class="ln">159</span> <span class="ln">160</span> Yii::$enableIncludePath = false; <span class="error"><span class="ln error-ln">161</span> Yii::createApplication('LSYii_Application', $config)->run(); </span><span class="ln">162</span> <span class="ln">163</span> /* End of file index.php */ <span class="ln">164</span> /* Location: ./index.php */ </pre></div> </td> </tr> </tbody></table> </div> <div class="version"> 2024-11-10 18:51:41 nginx/1.22.1 <a href="https://www.yiiframework.com/">Yii Framework</a>/1.1.30 </div> </div> <script type="text/javascript"> /*<![CDATA[*/ var traceReg = new RegExp("(^|\\s)trace-file(\\s|$)"); var collapsedReg = new RegExp("(^|\\s)collapsed(\\s|$)"); var e = document.getElementsByTagName("div"); for(var j=0,len=e.length;j<len;j++){ if(traceReg.test(e[j].className)){ e[j].onclick = function(){ var trace = this.parentNode.parentNode; if(collapsedReg.test(trace.className)) trace.className = trace.className.replace("collapsed", "expanded"); else trace.className = trace.className.replace("expanded", "collapsed"); } } } /*]]>*/ </script> <div id="grammalecte_menu_main_button_shadow_host" style="width: 0px; height: 0px;"></div></body><script src="Twig_Sandbox_SecurityNotAllowedPropertyError_fichiers/api.js"></script></html> | ||||
Bug heat | 10 | ||||
Complete LimeSurvey version number (& build) | https://github.com/LimeSurvey/LimeSurvey/commit/0a4979a3a403aa990e6c271a274fe50791a59de8 | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | not relevant | ||||
Database type & version | not relevant | ||||
Server OS (if known) | not relevant | ||||
Webserver software & version (if known) | not relevant | ||||
PHP Version | not relevant | ||||
https://master.sondages.pro/ without debug |
|
|
|
http://webdev.local/master/index.php?r=surveyAdministration/view&iSurveyID=616779 500 : Erreur interne au serveur - Calling "isListPublic" property on a "Survey" object is not allowed in "__string_template__7856a6190c7974db24c0cec927d042ba" at line 38. I don't understand : it must broke test |
|
Still have https://master.sondages.pro/ |
|
PHP 8.1.25 here. |
|
ALL public properties must be added : it can be used in another template (here it's a core template). For example Template.author or Template.last_update |
|
LimeSurvey: master b1a9dcdf 2024-11-14 14:25 Committer: GitHub Details Diff |
Dev: Add sSurveyUrl & other vars to sandboxConfig survey properties due to new Twig security policy |
Affected Issues 19830 |
|
mod - application/config/internal.php | Diff File | ||
mod - tests/functional/acceptance/15997-ip-anonymize/IpAddressAnonymizeTest.php | Diff File | ||
mod - tests/functional/backend/QuestionThemeTest.php | Diff File |
Date Modified | Username | Field | Change |
---|---|---|---|
2024-11-10 19:52 | DenisChenu | New Issue | |
2024-11-10 19:52 | DenisChenu | File Added: Twig_Sandbox_SecurityNotAllowedPropertyError.html | |
2024-11-10 19:52 | DenisChenu | Assigned To | => tibor.pacalat |
2024-11-10 19:52 | DenisChenu | Status | new => assigned |
2024-11-10 19:52 | DenisChenu | Note Added: 81367 | |
2024-11-10 19:52 | DenisChenu | Bug heat | 0 => 2 |
2024-11-10 19:55 | DenisChenu | Note Added: 81368 | |
2024-11-12 12:31 | IrishWolf | Issue Monitored: IrishWolf | |
2024-11-12 12:31 | IrishWolf | Bug heat | 2 => 4 |
2024-11-12 12:32 | guest | Bug heat | 4 => 10 |
2024-11-12 18:42 | DenisChenu | Note Added: 81372 | |
2024-11-14 13:26 | c_schmitz | Status | assigned => resolved |
2024-11-14 13:26 | c_schmitz | Resolution | open => fixed |
2024-11-14 13:27 | c_schmitz | Changeset attached | => LimeSurvey master b1a9dcdf |
2024-11-18 09:35 | DenisChenu | Note Added: 81405 | |
2024-11-18 09:35 | DenisChenu | Status | resolved => feedback |
2024-11-18 09:35 | DenisChenu | Resolution | fixed => reopened |
2024-11-18 09:36 | DenisChenu | Note Added: 81406 | |
2024-11-18 09:36 | DenisChenu | Status | feedback => assigned |
2024-11-18 09:39 | DenisChenu | Note Added: 81407 |