18028: error downloading uploaded files from admin backend - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

18028	Bug reports	Response browsing	public	2022-04-11 16:56	2022-04-19 10:23

Reporter	fradeff	Assigned To	galads
Priority	none	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	3.25.20
Fixed in Version	3.28.x

Summary	18028: error downloading uploaded files from admin backend
Description	Hi, Since 3.28.3+220315 we meet a serious problem when a user tries to upload files (question type upload) The files upload on a provisory url But it is then unreacheable when an admin's tries to download it from a url like .../index.php/admin/responses/sa/view/surveyid/945266/id/53234/browselang/fr -> .../index.php/admin/responses?sa=actionDownloadfile&surveyid=945266&iResponseId=53234&iQID=1966&iIndex=0 The server answers a "403 : Forbidden Disable for security reasons." We found a correspondance on https://github.com/LimeSurvey/LimeSurvey/blob/3.28.3%2B220315/application/controllers/admin/responses.php#L643 I think it may be related to https://github.com/LimeSurvey/LimeSurvey/commit/dc1d35a90949bdb86dc6a7f1f91e93a6979d012f Waiting for the fix we still use 3.28.2 Thanks & best regards
Steps To Reproduce	Steps to reproduce Upload file via file upload question Browse answers, try to download the uploaded file Expected result File download Actual result 403 : Forbidden
Tags	No tags attached.

Bug heat	4
Complete LimeSurvey version number (& build)	3.28.3 and more
I will donate to the project if issue is resolved	No
Browser	FF99.0 (and many others tried)
Database type & version	10.3.31-MariaDB
Server OS (if known)	Debian GNU/Linux 10
Webserver software & version (if known)	Apache/2.4.38 (Debian)
PHP Version	PHP 7.3.31

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2022-04-11 16:56	fradeff	New Issue
2022-04-13 08:56	galads	Note Added: 69034
2022-04-13 08:56	galads	Bug heat	0 => 2
2022-04-13 08:56	galads	Assigned To	=> galads
2022-04-13 08:56	galads	Status	new => feedback
2022-04-19 07:42	fradeff	Note Added: 69114
2022-04-19 07:42	fradeff	Bug heat	2 => 4
2022-04-19 07:42	fradeff	Status	feedback => assigned
2022-04-19 10:23	c_schmitz	Status	assigned => closed
2022-04-19 10:23	c_schmitz	Resolution	open => fixed
2022-04-19 10:23	c_schmitz	Fixed in Version	=> 3.28.x

galads 2022-04-13 08:56 reporter ~69034	Please update to the latest version and check if the bug can still be reproduced. Thank you.

fradeff 2022-04-19 07:42 reporter ~69114	Thank you very much the bug is fixed, you may close this issue

View Issue Details

Steps to reproduce

Expected result

Actual result

Users monitoring this issue

Activities

Issue History