View Issue Details

This bug affects 1 person(s).
 4
IDProjectCategoryView StatusLast Update
18028Bug reportsResponse browsingpublic2022-04-19 10:23
Reporterfradeff Assigned Togalads  
PrioritynoneSeveritypartial_block 
Status closedResolutionfixed 
Product Version3.25.20 
Fixed in Version3.28.x 
Summary18028: error downloading uploaded files from admin backend
Description

Hi,

Since 3.28.3+220315 we meet a serious problem when a user tries to upload files (question type upload)

The files upload on a provisory url
But it is then unreacheable when an admin's tries to download it from a url like
.../index.php/admin/responses/sa/view/surveyid/945266/id/53234/browselang/fr
->
.../index.php/admin/responses?sa=actionDownloadfile&surveyid=945266&iResponseId=53234&iQID=1966&iIndex=0

The server answers a
"403 : Forbidden
Disable for security reasons."

We found a correspondance on
https://github.com/LimeSurvey/LimeSurvey/blob/3.28.3%2B220315/application/controllers/admin/responses.php#L643

I think it may be related to
https://github.com/LimeSurvey/LimeSurvey/commit/dc1d35a90949bdb86dc6a7f1f91e93a6979d012f

Waiting for the fix we still use 3.28.2

Thanks & best regards

Steps To Reproduce

Steps to reproduce

Upload file via file upload question
Browse answers, try to download the uploaded file

Expected result

File download

Actual result

403 : Forbidden

TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)3.28.3 and more
I will donate to the project if issue is resolvedNo
BrowserFF99.0 (and many others tried)
Database type & version10.3.31-MariaDB
Server OS (if known)Debian GNU/Linux 10
Webserver software & version (if known)Apache/2.4.38 (Debian)
PHP VersionPHP 7.3.31

Users monitoring this issue

User List There are no users monitoring this issue.

Activities

galads

galads

2022-04-13 08:56

administrator   ~69034

Please update to the latest version and check if the bug can still be reproduced. Thank you.

fradeff

fradeff

2022-04-19 07:42

reporter   ~69114

Thank you very much the bug is fixed, you may close this issue

Issue History

Date Modified Username Field Change
2022-04-11 16:56 fradeff New Issue
2022-04-13 08:56 galads Note Added: 69034
2022-04-13 08:56 galads Bug heat 0 => 2
2022-04-13 08:56 galads Assigned To => galads
2022-04-13 08:56 galads Status new => feedback
2022-04-19 07:42 fradeff Note Added: 69114
2022-04-19 07:42 fradeff Bug heat 2 => 4
2022-04-19 07:42 fradeff Status feedback => assigned
2022-04-19 10:23 c_schmitz Status assigned => closed
2022-04-19 10:23 c_schmitz Resolution open => fixed
2022-04-19 10:23 c_schmitz Fixed in Version => 3.28.x