20553: 500 server error when survey is accessed directly via movesubmit parameter under PHP 8.x

This issue affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update
20553	Bug reports	Survey taking	public	2026-06-06 18:52	2026-06-10 18:41

Reporter	Mazi	Assigned To
Priority	none	Severity	block
Status	new	Resolution	open
Product Version	6.17.x

Summary	20553: 500 server error when survey is accessed directly via movesubmit parameter under PHP 8.x
Description	When a survey is called directly with move=movesubmit in the URL (without going through the normal survey start flow), the session is never fully initialized. As a result, $_SESSION[$this->LEMsessid]['insertarray'] is null when setArgs() is called during the submit process. Under PHP 7.4, in_array() accepted null as the second argument silently. Under PHP 8.x, this throws a fatal TypeError, causing a 500 Internal Server Error. This affects installations where surveys are triggered externally via direct submit URLs, for example: /index.php/survey/index?move=movesubmit&thisstep=0&sid=999991&token={TOKEN}&lang=en This is a common use case in panel research workflows where respondents are redirected directly to a completion/screenout/quota-full survey without going through the normal survey navigation. Root Cause: In application/helpers/SurveyRuntimeHelper.php, line 692, $_SESSION[$this->LEMsessid]['insertarray'] is accessed without checking whether it is set: php// Current code (line 692): if ($this->LEMsessid && !in_array("refurl", $_SESSION[$this->LEMsessid]['insertarray'])) { When the session has not been initialized through the normal survey flow, insertarray is null, causing the fatal error under PHP 8.x. Proposed Fix: Add an isset check before the in_array call: phpif ($this->LEMsessid && isset($_SESSION[$this->LEMsessid]['insertarray']) && !in_array("refurl", $_SESSION[$this->LEMsessid]['insertarray'])) { This is a minimal, non-breaking fix that makes the behavior consistent with how PHP 7.4 handled the same situation silently.
Steps To Reproduce	Steps to reproduce Create a survey with "Save referrer URL" (refurl) set to Y in survey settings Activate the survey and generate a token Call the survey directly with move=movesubmit in the URL: /index.php/survey/index?move=movesubmit&thisstep=0&sid={SID}&token={TOKEN} Observe the 500 error under PHP 8.x Expected result Survey submit completes successfully, session missing keys are handled gracefully. Actual result 500: Internal Server Error in_array(): Argument #2 ($haystack) must be of type array, null given /application/helpers/SurveyRuntimeHelper.php(692)
Tags	No tags attached.

Bug heat	8
Complete LimeSurvey version number (& build)	6.17.4
I will donate to the project if issue is resolved	No
Browser
Database type & version	MySQL 5
Server OS (if known)
Webserver software & version (if known)
PHP Version	PHP 8.3

User List	DenisChenu

Mazi 2026-06-06 19:07 updater ~85004	@DenisChenu, can you comment on this minor "adding isset() check" adjustment?! @tibor.pacalat: It should do no harm so I'd appreciate if this could get added to the next release.

DenisChenu 2026-06-08 08:59 developer ~85006	My opinion here: the move action must come only from the `$_POST` action, no ? And a isset can always be cool. We have near same issue with Start survey Move next Update a question in survey Move next

Mazi 2026-06-08 09:53 updater ~85008	@DenisChenu, currently the simple isset() fix will do the trick.

DenisChenu 2026-06-08 09:56 developer ~85009	Yes but a bug can hide other bug. With isset : you hide the error :) Maybe we need to fix why we came here before :)

c_schmitz 2026-06-09 13:28 administrator ~85014	I agree that params should only be read from POST. The mentioned usage should not be allowed.

Mazi 2026-06-09 14:21 updater ~85016	@c_schmitz, changing that behavior will cause a regression for several users. Why don't we just fix the PHP 8.x incompatibility? The same code has worked like this for years.

c_schmitz 2026-06-09 15:26 administrator ~85017	Because it should never be possible to write/modify data by a simple GET. That is basic security.

DenisChenu 2026-06-09 17:04 developer ~85019	Because it should never be possible to write/modify data by a simple GET. That is basic security. +1 have a step=3 if survey as full index can be great. But without updating anything in DB :)

DenisChenu 2026-06-09 17:05 developer ~85020	This is a common use case in panel research workflows where respondents are redirected directly to a completion/screenout/quota-full survey without going through the normal survey navigation. If I don't make an error, you can already do it without move=submit neither JS.

Mazi 2026-06-10 18:41 updater ~85025	@DenisChenu, how would you set this up instead?

Date Modified	Username	Field	Change
2026-06-06 18:52	Mazi	New Issue
2026-06-06 19:07	Mazi	Note Added: 85004
2026-06-06 19:07	Mazi	Bug heat	0 => 2
2026-06-08 08:59	DenisChenu	Note Added: 85006
2026-06-08 08:59	DenisChenu	Bug heat	2 => 4
2026-06-08 08:59	DenisChenu	Issue Monitored: DenisChenu
2026-06-08 08:59	DenisChenu	Bug heat	4 => 6
2026-06-08 09:53	Mazi	Note Added: 85008
2026-06-08 09:56	DenisChenu	Note Added: 85009
2026-06-09 13:28	c_schmitz	Note Added: 85014
2026-06-09 13:28	c_schmitz	Bug heat	6 => 8
2026-06-09 14:21	Mazi	Note Added: 85016
2026-06-09 15:26	c_schmitz	Note Added: 85017
2026-06-09 17:04	DenisChenu	Note Added: 85019
2026-06-09 17:05	DenisChenu	Note Added: 85020
2026-06-10 18:41	Mazi	Note Added: 85025

View Issue Details

Steps to reproduce

Expected result

Actual result

Users monitoring this issue

Activities

Issue History