View Issue Details

IDProjectCategoryView StatusLast Update
06536Bug reports[All Projects] Otherpublic2012-09-28 08:42
ReporternwinterAssigned Toc_schmitz 
PrioritynormalSeveritymajor 
Status closedResolutionfixed 
Product Version1.92+ 
Target VersionFixed in Version2.00+ 
Summary06536: HTML editor converts special characters to html entities within equations
DescriptionStarting with build 120822, special characters that are within equations that are part of a question get converted by the equation editor to HTML entities, thus breaking the equation.
Steps To ReproduceCreate new equation question and insert content (in "Source" view):

{if(1<2,"less","more")}

Save question. Then edit question and save without modifying.

Additional InformationDoes not seem to occur under build number 120815
TagsNo tags attached.
Complete LimeSurvey version number (& build)120822
I will donate to the project if issue is resolvedYes
Browser
Database & DB-Version155.5
Operating System (Server)Linux
Webserver software & versionApache/2.2.17 (Fedora)
PHP Version5.3.8

Relationships

related to 06530 closedDenisChenu Since latest update unable to upload documents in survey 
related to 06550 closedDenisChenu Translation of 'Other:' comment mandatory for survey taking (And text is untranslatable) 
related to 06556 closedDenisChenu 'Other:' comment mandatory with list (and condition on that question) hides entire group? 

Activities

nwinter

nwinter

2012-08-31 19:38

reporter   ~20615

Just discovered this only occurs when XSS is disabled. But in prior build this does not occur either way.
nwinter

nwinter

2012-08-31 19:59

reporter   ~20616

Problem appears to be with line 1248 of limesurvey/classes/expressions/ExpressionManager.php

In 120822 this line is:

$result = $this->sProcessStringContainingExpressionsHelper($result,$questionNum, $staticReplacement);

In 120815 it is:

$result = $this->sProcessStringContainingExpressionsHelper(htmlspecialchars_decode($result,ENT_QUOTES),$questionNum, $staticReplacement);


I've confirmed that the problem goes away when the older version of that line is substituted. Of course, I don't know why that line was changed in the 120822 build, so I don't know what might be broken with this "fix".
TMSWhite

TMSWhite

2012-09-06 15:40

reporter   ~20636

Since this is all related to an XSS fix, Carsten should take a look at is.
c_schmitz

c_schmitz

2012-09-13 00:23

administrator   ~20664

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=9483
c_schmitz

c_schmitz

2012-09-13 00:30

administrator   ~20665

Fix committed to Yii branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=9484
nwinter

nwinter

2012-09-22 00:46

reporter   ~20757

With Version 1.92+ Build 120919, quotes no longer get changed, but other HTML entities do. So, for example, < becomes < and so on...
nwinter

nwinter

2012-09-22 00:46

reporter   ~20758

(In my note just now, it should say that the less-than character becomes the html-entity for less-than; i.e., ampersand-lt-semicolon.
nwinter

nwinter

2012-09-22 01:06

reporter   ~20759

OK - sorry - I see now. When you hit the "Source" button, the characters are turned into HTML entities in the edit window. But they are OK when the equation gets stored/executed/etc.

I think.

Related Changesets

LimeSurvey: master 8e1620c7

2012-09-12 15:22:57

c_schmitz

Details Diff
Fixed issue 06536: HTML editor converts special characters to html entities within equations
mod - admin/database.php Diff File
mod - admin/scripts/ckeditor.36/limesurvey-config.js Diff File

LimeSurvey: Yii 39f3bf3a

2012-09-12 15:29:33

c_schmitz

Details Diff
Fixed issue 06536: HTML editor converts special characters to html entities within equations
mod - application/config/config-defaults.php Diff File
mod - application/helpers/admin/htmleditor_helper.php Diff File
mod - scripts/admin/ckeditor-config.js Diff File

Issue History

Date Modified Username Field Change
2012-08-31 19:16 nwinter New Issue
2012-08-31 19:38 nwinter Note Added: 20615
2012-08-31 19:59 nwinter Note Added: 20616
2012-09-01 19:31 TMSWhite Relationship added related to 06530
2012-09-06 15:29 Mazi Assigned To => TMSWhite
2012-09-06 15:29 Mazi Status new => assigned
2012-09-06 15:32 TMSWhite Assigned To TMSWhite => c_schmitz
2012-09-06 15:40 TMSWhite Note Added: 20636
2012-09-13 00:23 c_schmitz Changeset attached => LimeSurvey master 8e1620c7
2012-09-13 00:23 c_schmitz Note Added: 20664
2012-09-13 00:23 c_schmitz Resolution open => fixed
2012-09-13 00:30 c_schmitz Changeset attached => LimeSurvey Yii 39f3bf3a
2012-09-13 00:30 c_schmitz Note Added: 20665
2012-09-13 00:30 c_schmitz Status assigned => resolved
2012-09-13 00:30 c_schmitz Fixed in Version => 1.92+
2012-09-19 10:37 DenisChenu Relationship added related to 06550
2012-09-20 14:12 c_schmitz Status resolved => closed
2012-09-22 00:46 nwinter Note Added: 20757
2012-09-22 00:46 nwinter Status closed => feedback
2012-09-22 00:46 nwinter Resolution fixed => reopened
2012-09-22 00:46 nwinter Note Added: 20758
2012-09-22 00:46 nwinter Status feedback => assigned
2012-09-22 01:06 nwinter Note Added: 20759
2012-09-26 09:36 c_schmitz Status assigned => closed
2012-09-26 09:36 c_schmitz Resolution reopened => fixed
2012-09-26 09:36 c_schmitz Fixed in Version 1.92+ => 2.00+
2012-09-28 08:41 DenisChenu Relationship added parent of 06556
2012-09-28 08:41 DenisChenu Relationship deleted parent of 06556
2012-09-28 08:42 DenisChenu Relationship added related to 06556