03593: Inserting more than 47 answers produces a CSRF error

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

03593	Bug reports	Survey taking	public	2009-08-20 15:37	2009-08-21 11:05

Reporter	~~user4627~~	Assigned To	jcleeland
Priority	normal	Severity	partial_block
Status	closed	Resolution	no change required
Product Version	1.85+

Summary	03593: Inserting more than 47 answers produces a CSRF error
Description	We created an question group containing a question. This multi select question contain 47 answers. We are not able to insert more than 47 answers in limesurvey: Notice: Undefined variable: sid in /DBA/www/limesurvey/admin/access_denied.php on line 119 "Zugriff verweigert! Sicherheits-Hinweis: Jemand könnte gerade versuchen Ihre LimeSurvey Sitzung zu übernehmen (Verdacht auf CSRF Angriff). Wenn Sie gerade auf einen verdächtigen Link geklickt haben, melden Sie dies bitte Ihrem System Administrator." This issue might be mssql specific as of our tests at limesurvey.org did not produce the same error. What additional data do you need to solve this issue?
Tags	No tags attached.
Attached Files	limesurvey_question_5.csv (2,179 bytes)

Bug heat	6
Complete LimeSurvey version number (& build)	7480
I will donate to the project if issue is resolved
Browser	Firefox 3.5.2
Database type & version	MSSQL 2005
Server OS (if known)	OpenSuse 10.x
Webserver software & version (if known)	Apache 2
PHP Version	5.2.10

User List	There are no users monitoring this issue.

jcleeland 2009-08-20 16:30 reporter ~09187	Please attach a sample survey, and I'll check this out on my mssql installation.

jcleeland 2009-08-21 04:09 reporter ~09190	Hmmm :-( Unable to reproduce the problem with my mssql installation so far. Would you be able to translate the error message you're getting into english?

~~user4627~~ 2009-08-21 08:15 ~09191	The translated error message is: "Access denied! Security-Notice: Somebody might try to hijack your Limesurvey session at present (suspicion of CSRF attack). In case you clicked on a suspicious link recently please contact your system administrator." Our php module is using a suhosin patch (http://www.hardened-php.net/suhosin/) is this a problem?

c_schmitz 2009-08-21 11:05 administrator ~09193	Yes, that is the problem. Suhosin prevents the submission of too many data fields (which survey naturally have on one page). Remove the module or raise the limits.

Date Modified	Username	Field	Change
2009-08-20 15:37	~~user4627~~	New Issue
2009-08-20 15:37	~~user4627~~	Status	new => assigned
2009-08-20 15:37	~~user4627~~	Assigned To	=> user372
2009-08-20 15:37	~~user4627~~	Build Number	=> 7480
2009-08-20 15:37	~~user4627~~	Browser	=> Firefox 3.5.2
2009-08-20 15:37	~~user4627~~	Database & DB-Version	=> MSSQL 2005
2009-08-20 15:37	~~user4627~~	Operating System (Server)	=> OpenSuse 10.x
2009-08-20 15:37	~~user4627~~	Webserver	=> Apache 2
2009-08-20 15:37	~~user4627~~	PHP Version	=> 5.2.10
2009-08-20 16:29	jcleeland	Assigned To	user372 => jcleeland
2009-08-20 16:30	jcleeland	Note Added: 09187
2009-08-20 16:30	~~user4627~~	File Added: limesurvey_question_5.csv
2009-08-21 04:09	jcleeland	Note Added: 09190
2009-08-21 08:15	~~user4627~~	Note Added: 09191
2009-08-21 11:05	c_schmitz	Note Added: 09193
2009-08-21 11:05	c_schmitz	Status	assigned => closed
2009-08-21 11:05	c_schmitz	Resolution	open => no change required
2010-10-25 00:18	c_schmitz	Category	Survey at Runtime => Survey taking