Anonymous Login
2016-12-09 01:03 CET

View Issue Details Jump to Notes ] Related Changesets ]
IDProjectCategoryView StatusLast Update
06536Bug reports[All Projects] Otherpublic2012-09-28 08:42
Reporternwinter 
Assigned Toc_schmitz 
PrioritynormalSeveritymajor 
StatusclosedResolutionfixed 
Product Version1.92+ 
Target VersionFixed in Version2.00+ 
Summary06536: HTML editor converts special characters to html entities within equations
DescriptionStarting with build 120822, special characters that are within equations that are part of a question get converted by the equation editor to HTML entities, thus breaking the equation.
Steps To ReproduceCreate new equation question and insert content (in "Source" view):

{if(1<2,"less","more")}

Save question. Then edit question and save without modifying.

Additional InformationDoes not seem to occur under build number 120815
TagsNo tags attached.
Complete LimeSurvey version number (& build)120822
I will donate to the project if issue is resolvedYes
Browser
Database & DB-Version155.5
Operating System (Server)Linux
Webserver software & versionApache/2.2.17 (Fedora)
PHP Version5.3.8
Attached Files

-Relationships
related to 06530closedDenisChenu Since latest update unable to upload documents in survey 
related to 06550closedDenisChenu Translation of 'Other:' comment mandatory for survey taking (And text is untranslatable) 
related to 06556closedDenisChenu 'Other:' comment mandatory with list (and condition on that question) hides entire group? 
+Relationships

-Notes

~20615

nwinter (reporter)

Just discovered this only occurs when XSS is disabled. But in prior build this does not occur either way.

~20616

nwinter (reporter)

Problem appears to be with line 1248 of limesurvey/classes/expressions/ExpressionManager.php

In 120822 this line is:

$result = $this->sProcessStringContainingExpressionsHelper($result,$questionNum, $staticReplacement);

In 120815 it is:

$result = $this->sProcessStringContainingExpressionsHelper(htmlspecialchars_decode($result,ENT_QUOTES),$questionNum, $staticReplacement);


I've confirmed that the problem goes away when the older version of that line is substituted. Of course, I don't know why that line was changed in the 120822 build, so I don't know what might be broken with this "fix".

~20636

TMSWhite (reporter)

Since this is all related to an XSS fix, Carsten should take a look at is.

~20664

c_schmitz (administrator)

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=9483

~20665

c_schmitz (administrator)

Fix committed to Yii branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=9484

~20757

nwinter (reporter)

With Version 1.92+ Build 120919, quotes no longer get changed, but other HTML entities do. So, for example, < becomes < and so on...

~20758

nwinter (reporter)

(In my note just now, it should say that the less-than character becomes the html-entity for less-than; i.e., ampersand-lt-semicolon.

~20759

nwinter (reporter)

OK - sorry - I see now. When you hit the "Source" button, the characters are turned into HTML entities in the edit window. But they are OK when the equation gets stored/executed/etc.

I think.
+Notes

+Related Changesets

-Issue History
Date Modified Username Field Change
2012-08-31 19:16 nwinter New Issue
2012-08-31 19:38 nwinter Note Added: 20615
2012-08-31 19:59 nwinter Note Added: 20616
2012-09-01 19:31 TMSWhite Relationship added related to 06530
2012-09-06 15:29 Mazi Assigned To => TMSWhite
2012-09-06 15:29 Mazi Status new => assigned
2012-09-06 15:32 TMSWhite Assigned To TMSWhite => c_schmitz
2012-09-06 15:40 TMSWhite Note Added: 20636
2012-09-13 00:23 c_schmitz Changeset attached => LimeSurvey master 8e1620c7
2012-09-13 00:23 c_schmitz Note Added: 20664
2012-09-13 00:23 c_schmitz Resolution open => fixed
2012-09-13 00:30 c_schmitz Changeset attached => LimeSurvey Yii 39f3bf3a
2012-09-13 00:30 c_schmitz Note Added: 20665
2012-09-13 00:30 c_schmitz Status assigned => resolved
2012-09-13 00:30 c_schmitz Fixed in Version => 1.92+
2012-09-19 10:37 DenisChenu Relationship added related to 06550
2012-09-20 14:12 c_schmitz Status resolved => closed
2012-09-22 00:46 nwinter Note Added: 20757
2012-09-22 00:46 nwinter Status closed => feedback
2012-09-22 00:46 nwinter Resolution fixed => reopened
2012-09-22 00:46 nwinter Note Added: 20758
2012-09-22 00:46 nwinter Status feedback => assigned
2012-09-22 01:06 nwinter Note Added: 20759
2012-09-26 09:36 c_schmitz Status assigned => closed
2012-09-26 09:36 c_schmitz Resolution reopened => fixed
2012-09-26 09:36 c_schmitz Fixed in Version 1.92+ => 2.00+
2012-09-28 08:41 DenisChenu Relationship added parent of 06556
2012-09-28 08:41 DenisChenu Relationship deleted parent of 06556
2012-09-28 08:42 DenisChenu Relationship added related to 06556
+Issue History