Anonymous Login
2016-10-23 18:06 CEST

View Issue Details Jump to Notes ] Related Changesets ]
IDProjectCategoryView StatusLast Update
06536Bug reports[All Projects] Otherpublic2012-09-28 08:42
Assigned Toc_schmitz 
Product Version1.92+ 
Target VersionFixed in Version2.00+ 
Summary06536: HTML editor converts special characters to html entities within equations
DescriptionStarting with build 120822, special characters that are within equations that are part of a question get converted by the equation editor to HTML entities, thus breaking the equation.
Steps To ReproduceCreate new equation question and insert content (in "Source" view):


Save question. Then edit question and save without modifying.

Additional InformationDoes not seem to occur under build number 120815
TagsNo tags attached.
Complete LimeSurvey version number (& build)120822
I will donate to the project if issue is resolvedYes
Database & DB-Version155.5
Operating System (Server)Linux
Webserver software & versionApache/2.2.17 (Fedora)
PHP Version5.3.8
Attached Files

related to 06530closedDenisChenu Since latest update unable to upload documents in survey 
related to 06550closedDenisChenu Translation of 'Other:' comment mandatory for survey taking (And text is untranslatable) 
related to 06556closedDenisChenu 'Other:' comment mandatory with list (and condition on that question) hides entire group? 



nwinter (reporter)

Just discovered this only occurs when XSS is disabled. But in prior build this does not occur either way.


nwinter (reporter)

Problem appears to be with line 1248 of limesurvey/classes/expressions/ExpressionManager.php

In 120822 this line is:

$result = $this->sProcessStringContainingExpressionsHelper($result,$questionNum, $staticReplacement);

In 120815 it is:

$result = $this->sProcessStringContainingExpressionsHelper(htmlspecialchars_decode($result,ENT_QUOTES),$questionNum, $staticReplacement);

I've confirmed that the problem goes away when the older version of that line is substituted. Of course, I don't know why that line was changed in the 120822 build, so I don't know what might be broken with this "fix".


TMSWhite (reporter)

Since this is all related to an XSS fix, Carsten should take a look at is.


c_schmitz (administrator)

Fix committed to master branch:


c_schmitz (administrator)

Fix committed to Yii branch:


nwinter (reporter)

With Version 1.92+ Build 120919, quotes no longer get changed, but other HTML entities do. So, for example, < becomes < and so on...


nwinter (reporter)

(In my note just now, it should say that the less-than character becomes the html-entity for less-than; i.e., ampersand-lt-semicolon.


nwinter (reporter)

OK - sorry - I see now. When you hit the "Source" button, the characters are turned into HTML entities in the edit window. But they are OK when the equation gets stored/executed/etc.

I think.

+Related Changesets

-Issue History
Date Modified Username Field Change
2012-08-31 19:16 nwinter New Issue
2012-08-31 19:38 nwinter Note Added: 20615
2012-08-31 19:59 nwinter Note Added: 20616
2012-09-01 19:31 TMSWhite Relationship added related to 06530
2012-09-06 15:29 Mazi Assigned To => TMSWhite
2012-09-06 15:29 Mazi Status new => assigned
2012-09-06 15:32 TMSWhite Assigned To TMSWhite => c_schmitz
2012-09-06 15:40 TMSWhite Note Added: 20636
2012-09-13 00:23 c_schmitz Changeset attached => LimeSurvey master 8e1620c7
2012-09-13 00:23 c_schmitz Note Added: 20664
2012-09-13 00:23 c_schmitz Resolution open => fixed
2012-09-13 00:30 c_schmitz Changeset attached => LimeSurvey Yii 39f3bf3a
2012-09-13 00:30 c_schmitz Note Added: 20665
2012-09-13 00:30 c_schmitz Status assigned => resolved
2012-09-13 00:30 c_schmitz Fixed in Version => 1.92+
2012-09-19 10:37 DenisChenu Relationship added related to 06550
2012-09-20 14:12 c_schmitz Status resolved => closed
2012-09-22 00:46 nwinter Note Added: 20757
2012-09-22 00:46 nwinter Status closed => feedback
2012-09-22 00:46 nwinter Resolution fixed => reopened
2012-09-22 00:46 nwinter Note Added: 20758
2012-09-22 00:46 nwinter Status feedback => assigned
2012-09-22 01:06 nwinter Note Added: 20759
2012-09-26 09:36 c_schmitz Status assigned => closed
2012-09-26 09:36 c_schmitz Resolution reopened => fixed
2012-09-26 09:36 c_schmitz Fixed in Version 1.92+ => 2.00+
2012-09-28 08:41 DenisChenu Relationship added parent of 06556
2012-09-28 08:41 DenisChenu Relationship deleted parent of 06556
2012-09-28 08:42 DenisChenu Relationship added related to 06556
+Issue History