20261: Create 400 http error code exception when invalid and potentially harmful parameter values are sent

This bug affects 1 person(s).

252

ID	Project	Category	View Status	Date Submitted	Last Update

20261	Bug reports	Security	public	2025-09-10 12:35	2025-09-10 14:49

Reporter	tibor.pacalat	Assigned To	DenisChenu
Priority	none	Severity	minor
Status	assigned	Resolution	open
Product Version	6.6.x

Summary	20261: Create 400 http error code exception when invalid and potentially harmful parameter values are sent
Description	This is a follow up to the ticket https://bugs.limesurvey.org/view.php?id=2023 Create 400 http error code exception when invalid and potentially harmful parameter values are sent. This will then be visible in the normal webserver log.
Steps To Reproduce	Steps to reproduce (Replace this text with detailed step-by-step instructions on how to reproduce the issue) Expected result (Write here what you expected to happen) Actual result (Write here what happened instead)
Tags	No tags attached.

Bug heat	252
Complete LimeSurvey version number (& build)	6.15.10+250901
I will donate to the project if issue is resolved	No
Browser
Database type & version	.
Server OS (if known)
Webserver software & version (if known)
PHP Version	.

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2025-09-10 12:35	tibor.pacalat	New Issue
2025-09-10 12:35	tibor.pacalat	Assigned To	=> DenisChenu
2025-09-10 12:35	tibor.pacalat	Status	new => assigned
2025-09-10 14:48	DenisChenu	Note Added: 83396
2025-09-10 14:48	DenisChenu	Bug heat	250 => 252
2025-09-10 14:49	DenisChenu	Note Edited: 83396

DenisChenu 2025-09-10 14:48 developer ~83396 Last edited: 2025-09-10 14:49	It's not a global issue : it must be done for each parameter, and move to controller. It's a way to fix when when update.