08655: RemoteControl 2 API: Fails to validate session key - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

08655	Bug reports	RemoteControl	public	2014-02-03 22:25	2014-02-04 13:32

Reporter	hehemon	Assigned To	c_schmitz
Priority	normal	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	2.05+
Fixed in Version	2.05+

Summary	08655: RemoteControl 2 API: Fails to validate session key
Description	The session key retrieved with get_session_key() is unusable, because of a bug in the function application/helpers/remotecontrol/remotecontrol_handle.php::_checkSessionKey which fails to read session data. The bug results in all subsequent API requests being authenticated as Guest. The problem is reading the value of $oResult->data ($oResult is of type Session), which in PostgreSQL instalation maps to a column of type bytea. The Yii framework maps this type to a stream instead of a string. The following patch fixes the problem for me: --- rch.php 2014-02-03 22:02:22.000000000 +0100 +++ application/helpers/remotecontrol/remotecontrol_handle.php 2014-02-03 22:01:47.000000000 +0100 @@ -2440,7 +2440,8 @@ return false; else { $this->_jumpStartSession($oResult->data); $data = fread($oResult->data, 1000); $this->_jumpStartSession($data); return true; } }
Steps To Reproduce	$client = new jsonRPCClient(LIME_API_URL, $debug=true); $session_key = $client->get_session_key(LS_USER, LS_PASSWORD); $surveys = $client->list_surveys($session_key); // no surveys found
Additional Information	psql=> \d lime_sessions Table "public.lime_sessions" Column \| Type \| Modifiers --------+-----------------------+----------- id \| character varying(32) \| not null expire \| integer \| data \| bytea \|
Tags	No tags attached.

Bug heat	2
Complete LimeSurvey version number (& build)	140131
I will donate to the project if issue is resolved	No
Browser
Database type & version	PostgreSQL 9.1.3 on amd64-portbld-freebsd9.0, compiled by cc (GCC) 4.2.1 20070831 patched [FreeBSD], 64-bit
Server OS (if known)	FreeBSD 9.0-RELEASE-p3
Webserver software & version (if known)	nginx/1.2.0
PHP Version	PHP 5.3.13 with Suhosin-Patch (cli) (built: May 16 2012 12:18:36)

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2014-02-03 22:25	hehemon	New Issue
2014-02-04 00:21	c_schmitz	Assigned To	=> c_schmitz
2014-02-04 00:21	c_schmitz	Status	new => assigned
2014-02-04 12:24	c_schmitz	Status	assigned => resolved
2014-02-04 12:24	c_schmitz	Fixed in Version	=> 2.05+
2014-02-04 12:24	c_schmitz	Resolution	open => fixed
2014-02-04 12:24	c_schmitz	Changeset attached	=> LimeSurvey master 6fdf3ad9
2014-02-04 12:24	c_schmitz	Note Added: 28482
2014-02-04 13:32	c_schmitz	Note Added: 28491
2014-02-04 13:32	c_schmitz	Status	resolved => closed

c_schmitz 2014-02-04 12:24 administrator ~28482	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=13837

c_schmitz 2014-02-04 13:32 administrator ~28491	Version 2.05+ Build 140204 released

LimeSurvey: master 6fdf3ad9 2014-02-04 11:24:20 c_schmitz Details Diff	Fixed isssue 08655: RemoteControl 2 API fails to validate session key on Postgre		Affected Issues 08655
	mod - application/models/Session.php		Diff File

View Issue Details

Users monitoring this issue

Activities

Related Changesets

Issue History