View Issue Details

This bug affects 1 person(s).
 6
IDProjectCategoryView StatusLast Update
18268Bug reportsOtherpublic2023-10-04 11:28
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version5.3.x 
Fixed in Version6.2.x 
Summary18268: Unable to get any page debug set an set_time_limit disable
Description

When set_time_limit is disable for security and debug is set : whole site is broken

Steps To Reproduce

Steps to reproduce

Put set_time_limit in disable function in your PHP.ini https://www.php.net/manual/en/ini.core.php#ini.disable-functions
Set debug > 1 oin your config
Get to home page

Expected result

See the home page

Actual result

PHP Warning

TagsNo tags attached.
Attached Files
PHP warning.html (15,844 bytes)   
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>PHP warning</title>

<style type="text/css">
/*<![CDATA[*/
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-size:100%;vertical-align:baseline;background:transparent;margin:0;padding:0;}
body{line-height:1;}
ol,ul{list-style:none;}
blockquote,q{quotes:none;}
blockquote:before,blockquote:after,q:before,q:after{content:none;}
:focus{outline:0;}
ins{text-decoration:none;}
del{text-decoration:line-through;}
table{border-collapse:collapse;border-spacing:0;}

body {
	font: normal 9pt "Verdana";
	color: #000;
	background: #fff;
}

h1 {
	font: normal 18pt "Verdana";
	color: #f00;
	margin-bottom: .5em;
}

h2 {
	font: normal 14pt "Verdana";
	color: #800000;
	margin-bottom: .5em;
}

h3 {
	font: bold 11pt "Verdana";
}

pre {
	font: normal 11pt Menlo, Consolas, "Lucida Console", Monospace;
}

pre span.error {
	display: block;
	background: #fce3e3;
}

pre span.ln {
	color: #999;
	padding-right: 0.5em;
	border-right: 1px solid #ccc;
}

pre span.error-ln {
	font-weight: bold;
}

.container {
	margin: 1em 4em;
}

.version {
	color: gray;
	font-size: 8pt;
	border-top: 1px solid #aaa;
	padding-top: 1em;
	margin-bottom: 1em;
}

.message {
	color: #000;
	padding: 1em;
	font-size: 11pt;
	background: #f3f3f3;
	-webkit-border-radius: 10px;
	-moz-border-radius: 10px;
	border-radius: 10px;
	margin-bottom: 1em;
	line-height: 160%;
}

.source {
	margin-bottom: 1em;
}

.code pre {
	background-color: #ffe;
	margin: 0.5em 0;
	padding: 0.5em;
	line-height: 125%;
	border: 1px solid #eee;
}

.source .file {
	margin-bottom: 1em;
	font-weight: bold;
}

.traces {
	margin: 2em 0;
}

.trace {
	margin: 0.5em 0;
	padding: 0.5em;
}

.trace.app {
	border: 1px dashed #c00;
}

.trace .number {
	text-align: right;
	width: 2em;
	padding: 0.5em;
}

.trace .content {
	padding: 0.5em;
}

.trace .plus,
.trace .minus {
	display:inline;
	vertical-align:middle;
	text-align:center;
	border:1px solid #000;
	color:#000;
	font-size:10px;
	line-height:10px;
	margin:0;
	padding:0 1px;
	width:10px;
	height:10px;
}

.trace.collapsed .minus,
.trace.expanded .plus,
.trace.collapsed pre {
	display: none;
}

.trace-file {
	cursor: pointer;
	padding: 0.2em;
}

.trace-file:hover {
	background: #f0ffff;
}
/*]]>*/
</style>
</head>

<body>
<div class="container">
	<h1>PHP warning</h1>

	<p class="message">
		set_time_limit() has been disabled for security reasons	</p>

	<div class="source">
		<p class="file">/home/clients/939129089b83c0f6235fc9811f257387/site_dev_kce_be/limesurvey5/application/core/LSYii_Controller.php(108)</p>
		<div class="code"><pre><span class="ln">096</span>         }
<span class="ln">097</span> 
<span class="ln">098</span>         if (!function_exists('mb_convert_encoding')) {
<span class="ln">099</span>             $dieoutput .= "This script needs the PHP Multibyte String Functions library installed: See &lt;a href='http://manual.limesurvey.org/wiki/Installation_FAQ'&gt;FAQ&lt;/a&gt; and &lt;a href='http://de.php.net/manual/en/ref.mbstring.php'&gt;PHP documentation&lt;/a&gt;&lt;br /&gt;";
<span class="ln">100</span>         }
<span class="ln">101</span> 
<span class="ln">102</span>         if ($dieoutput != '') {
<span class="ln">103</span>             throw new CException($dieoutput);
<span class="ln">104</span>         }
<span class="ln">105</span> 
<span class="ln">106</span>         if (ini_get("max_execution_time") &lt; Yii::app()-&gt;getConfig('max_execution_time')) {
<span class="ln">107</span>             try {
<span class="error"><span class="ln error-ln">108</span>                 set_time_limit(Yii::app()-&gt;getConfig('max_execution_time')); // Maximum execution time - works only if safe_mode is off
</span><span class="ln">109</span>             } catch (Exception $e) {
<span class="ln">110</span>             };
<span class="ln">111</span>         }
<span class="ln">112</span>         if (ini_get('memory_limit') != -1 &amp;&amp; convertPHPSizeToBytes(ini_get("memory_limit")) &lt; convertPHPSizeToBytes(Yii::app()-&gt;getConfig('memory_limit') . 'M')) {
<span class="ln">113</span>             try {
<span class="ln">114</span>                 ini_set("memory_limit", Yii::app()-&gt;getConfig('memory_limit') . 'M'); // Set Memory Limit for big surveys
<span class="ln">115</span>             } catch (Exception $e) {
<span class="ln">116</span>             };
<span class="ln">117</span>         }
<span class="ln">118</span> 
<span class="ln">119</span>         // The following function (when called) includes FireBug Lite if true
<span class="ln">120</span>         defined('FIREBUG') or define('FIREBUG', Yii::app()-&gt;getConfig('use_firebug_lite'));
</pre></div>	</div>

	<div class="traces">
		<h2>Stack Trace</h2>
				<table style="width:100%;">
						<tbody><tr class="trace app expanded">
			<td class="number">
				#0			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										
&nbsp;/home/clients/939129089b83c0f6235fc9811f257387/site_dev_kce_be/limesurvey5/application/core/LSYii_Controller.php(108):
 <strong>set_time_limit</strong>(1200)				</div>

				<div class="code"><pre><span class="ln">103</span>             throw new CException($dieoutput);
<span class="ln">104</span>         }
<span class="ln">105</span> 
<span class="ln">106</span>         if (ini_get("max_execution_time") &lt; Yii::app()-&gt;getConfig('max_execution_time')) {
<span class="ln">107</span>             try {
<span class="error"><span class="ln error-ln">108</span>                 set_time_limit(Yii::app()-&gt;getConfig('max_execution_time')); // Maximum execution time - works only if safe_mode is off
</span><span class="ln">109</span>             } catch (Exception $e) {
<span class="ln">110</span>             };
<span class="ln">111</span>         }
<span class="ln">112</span>         if (ini_get('memory_limit') != -1 &amp;&amp; convertPHPSizeToBytes(ini_get("memory_limit")) &lt; convertPHPSizeToBytes(Yii::app()-&gt;getConfig('memory_limit') . 'M')) {
<span class="ln">113</span>             try {
</pre></div>			</td>
		</tr>
						<tr class="trace app expanded">
			<td class="number">
				#1			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										
&nbsp;/home/clients/939129089b83c0f6235fc9811f257387/site_dev_kce_be/limesurvey5/application/controllers/AdminController.php(35):
 <strong>LSYii_Controller</strong>-&gt;<strong>customInit</strong>()				</div>

				<div class="code"><pre><span class="ln">30</span>      * @access protected
<span class="ln">31</span>      * @return void
<span class="ln">32</span>      */
<span class="ln">33</span>     protected function customInit()
<span class="ln">34</span>     {
<span class="error"><span class="ln error-ln">35</span>         parent::customInit();
</span><span class="ln">36</span>         App()-&gt;getComponent('bootstrap');
<span class="ln">37</span>         $this-&gt;sessioncontrol();
<span class="ln">38</span> 
<span class="ln">39</span>         $this-&gt;user_id = Yii::app()-&gt;user-&gt;getId();
<span class="ln">40</span>         // Check if the user really exists
</pre></div>			</td>
		</tr>
						<tr class="trace app expanded">
			<td class="number">
				#2			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										
&nbsp;/home/clients/939129089b83c0f6235fc9811f257387/site_dev_kce_be/limesurvey5/application/core/LSYii_Controller.php(45):
 <strong>AdminController</strong>-&gt;<strong>customInit</strong>()				</div>

				<div class="code"><pre><span class="ln">40</span>         $this-&gt;loadHelper('globalsettings');
<span class="ln">41</span>         // tracevar function
<span class="ln">42</span>         $this-&gt;loadHelper('common');
<span class="ln">43</span>         $this-&gt;loadHelper('expressions.em_manager');
<span class="ln">44</span>         $this-&gt;loadHelper('replacements');
<span class="error"><span class="ln error-ln">45</span>         $this-&gt;customInit();
</span><span class="ln">46</span>     }
<span class="ln">47</span> 
<span class="ln">48</span>     /**
<span class="ln">49</span>      * Check that installation was already done by looking for config.php
<span class="ln">50</span>      * Will redirect to the installer script if not exists.
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#3			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										
&nbsp;/home/clients/939129089b83c0f6235fc9811f257387/site_dev_kce_be/limesurvey5/framework/web/CWebApplication.php(359):
 <strong>LSYii_Controller</strong>-&gt;<strong>__construct</strong>("admin", null)				</div>

				<div class="code"><pre><span class="ln">354</span>                     require($classFile);
<span class="ln">355</span>                 if(class_exists($className,false) &amp;&amp; is_subclass_of($className,'CController'))
<span class="ln">356</span>                 {
<span class="ln">357</span>                     $id[0]=strtolower($id[0]);
<span class="ln">358</span>                     return array(
<span class="error"><span class="ln error-ln">359</span>                         new $className($controllerID.$id,$owner===$this?null:$owner),
</span><span class="ln">360</span>                         $this-&gt;parseActionParams($route),
<span class="ln">361</span>                     );
<span class="ln">362</span>                 }
<span class="ln">363</span>                 return null;
<span class="ln">364</span>             }
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#4			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										
&nbsp;/home/clients/939129089b83c0f6235fc9811f257387/site_dev_kce_be/limesurvey5/framework/web/CWebApplication.php(276):
 <strong>CWebApplication</strong>-&gt;<strong>createController</strong>("")				</div>

				<div class="code"><pre><span class="ln">271</span>      * @param string $route the route of the current request. See {@link createController} for more details.
<span class="ln">272</span>      * @throws CHttpException if the controller could not be created.
<span class="ln">273</span>      */
<span class="ln">274</span>     public function runController($route)
<span class="ln">275</span>     {
<span class="error"><span class="ln error-ln">276</span>         if(($ca=$this-&gt;createController($route))!==null)
</span><span class="ln">277</span>         {
<span class="ln">278</span>             list($controller,$actionID)=$ca;
<span class="ln">279</span>             $oldController=$this-&gt;_controller;
<span class="ln">280</span>             $this-&gt;_controller=$controller;
<span class="ln">281</span>             $controller-&gt;init();
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#5			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										
&nbsp;/home/clients/939129089b83c0f6235fc9811f257387/site_dev_kce_be/limesurvey5/framework/web/CWebApplication.php(141):
 <strong>CWebApplication</strong>-&gt;<strong>runController</strong>("admin")				</div>

				<div class="code"><pre><span class="ln">136</span>             foreach(array_splice($this-&gt;catchAllRequest,1) as $name=&gt;$value)
<span class="ln">137</span>                 $_GET[$name]=$value;
<span class="ln">138</span>         }
<span class="ln">139</span>         else
<span class="ln">140</span>             $route=$this-&gt;getUrlManager()-&gt;parseUrl($this-&gt;getRequest());
<span class="error"><span class="ln error-ln">141</span>         $this-&gt;runController($route);
</span><span class="ln">142</span>     }
<span class="ln">143</span> 
<span class="ln">144</span>     /**
<span class="ln">145</span>      * Registers the core application components.
<span class="ln">146</span>      * This method overrides the parent implementation by registering additional core components.
</pre></div>			</td>
		</tr>
						<tr class="trace core collapsed">
			<td class="number">
				#6			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										
&nbsp;/home/clients/939129089b83c0f6235fc9811f257387/site_dev_kce_be/limesurvey5/framework/base/CApplication.php(185):
 <strong>CWebApplication</strong>-&gt;<strong>processRequest</strong>()				</div>

				<div class="code"><pre><span class="ln">180</span>     public function run()
<span class="ln">181</span>     {
<span class="ln">182</span>         if($this-&gt;hasEventHandler('onBeginRequest'))
<span class="ln">183</span>             $this-&gt;onBeginRequest(new CEvent($this));
<span class="ln">184</span>         register_shutdown_function(array($this,'end'),0,false);
<span class="error"><span class="ln error-ln">185</span>         $this-&gt;processRequest();
</span><span class="ln">186</span>         if($this-&gt;hasEventHandler('onEndRequest'))
<span class="ln">187</span>             $this-&gt;onEndRequest(new CEvent($this));
<span class="ln">188</span>     }
<span class="ln">189</span> 
<span class="ln">190</span>     /**
</pre></div>			</td>
		</tr>
						<tr class="trace app collapsed">
			<td class="number">
				#7			</td>
			<td class="content">
				<div class="trace-file">
											<div class="plus">+</div>
						<div class="minus">–</div>
										&nbsp;/home/clients/939129089b83c0f6235fc9811f257387/site_dev_kce_be/limesurvey5/index.php(192): <strong>CApplication</strong>-&gt;<strong>run</strong>()				</div>

				<div class="code"><pre><span class="ln">187</span> require_once APPPATH . 'core/LSYii_Application' . EXT;
<span class="ln">188</span> 
<span class="ln">189</span> $config = require_once(APPPATH . 'config/internal' . EXT);
<span class="ln">190</span> 
<span class="ln">191</span> Yii::$enableIncludePath = false;
<span class="error"><span class="ln error-ln">192</span> Yii::createApplication('LSYii_Application', $config)-&gt;run();
</span><span class="ln">193</span> 
<span class="ln">194</span> /* End of file index.php */
<span class="ln">195</span> /* Location: ./index.php */
</pre></div>			</td>
		</tr>
				</tbody></table>
	</div>

	<div class="version">
		2022-07-22 09:40:24 Apache <a href="http://www.yiiframework.com/">Yii Framework</a>/1.1.24-dev	</div>
</div>

<script type="text/javascript">
/*<![CDATA[*/
var traceReg = new RegExp("(^|\\s)trace-file(\\s|$)");
var collapsedReg = new RegExp("(^|\\s)collapsed(\\s|$)");

var e = document.getElementsByTagName("div");
for(var j=0,len=e.length;j<len;j++){
	if(traceReg.test(e[j].className)){
		e[j].onclick = function(){
			var trace = this.parentNode.parentNode;
			if(collapsedReg.test(trace.className))
				trace.className = trace.className.replace("collapsed", "expanded");
			else
				trace.className = trace.className.replace("expanded", "collapsed");
		}
	}
}
/*]]>*/
</script>



<div id="grammalecte_menu_main_button_shadow_host" style="width: 0px; height: 0px;"></div></body><script src="PHP%20warning_fichiers/api.js"></script></html>
PHP warning.html (15,844 bytes)   
Bug heat6
Complete LimeSurvey version number (& build)5.3.26
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2022-07-25 15:22

developer   ~71119

https://github.com/LimeSurvey/LimeSurvey/pull/2540

tibor.pacalat

tibor.pacalat

2023-09-28 17:32

administrator   ~77413

@DenisChenu I can not reproduce the original issue.
I have added "disable_functions = set_time_limit" to php.ini (image1) and restarted the server, and I have set set debug=2 in config.php file.

image1.png (59,387 bytes)   
image1.png (59,387 bytes)   
DenisChenu

DenisChenu

2023-09-28 17:40

developer   ~77414

Can you check your php config ?

DenisChenu

DenisChenu

2023-09-28 17:43

developer   ~77415

8 and 7 seems to need different way to fix

tibor.pacalat

tibor.pacalat

2023-09-28 17:48

administrator   ~77416

I tested with php 7.4.10.

tibor.pacalat

tibor.pacalat

2023-09-28 17:51

administrator   ~77417

Managed to reproduce it finally!

tibor.pacalat

tibor.pacalat

2023-09-28 17:53

administrator   ~77418

Cool! And the fix works :)

@DenisChenu regarding "8 and 7 seems to need different way to fix" - is some additional work needed on this ticket?

DenisChenu

DenisChenu

2023-09-28 17:54

developer   ~77419

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&amp;id=35559

DenisChenu

DenisChenu

2023-09-28 17:59

developer   ~77421

I think there are same issue with ini_set even with @ it show eror in 8.1

You test on a 7 8.0 or 8.1 ?

tibor.pacalat

tibor.pacalat

2023-09-28 18:04

administrator   ~77424

I tested with php 7.4.10.

DenisChenu

DenisChenu

2023-09-28 18:19

developer   ~77426

OK,
I need to create a bug for 8.A then.

BUT : my client still on 7 :D

DenisChenu

DenisChenu

2023-09-28 18:19

developer   ~77427

Fixed for 7 issue.
OK for me toi close

LimeBot

LimeBot

2023-10-04 11:28

administrator   ~77499

Fixed in Release 6.2.10+231004

Related Changesets

LimeSurvey: master 4b1a0835

2023-09-28 17:54:50

DenisChenu


Committer: GitHub Details Diff
Fixed issue 18268: Unable to get any page debug set an set_time_limit disable (#2540) Affected Issues
18268
mod - application/core/LSYii_Controller.php Diff File

Issue History

Date Modified Username Field Change
2022-07-22 10:15 DenisChenu New Issue
2022-07-22 10:15 DenisChenu File Added: PHP warning.html
2022-07-22 10:15 DenisChenu Assigned To => DenisChenu
2022-07-22 10:15 DenisChenu Status new => confirmed
2022-07-22 10:16 DenisChenu Status confirmed => assigned
2022-07-25 15:22 DenisChenu Assigned To DenisChenu =>
2022-07-25 15:22 DenisChenu Status assigned => ready for code review
2022-07-25 15:22 DenisChenu Note Added: 71119
2022-07-25 15:22 DenisChenu Bug heat 0 => 2
2022-10-03 16:09 gabrieljenik Status ready for code review => ready for testing
2023-09-28 17:32 tibor.pacalat Note Added: 77413
2023-09-28 17:32 tibor.pacalat File Added: image1.png
2023-09-28 17:32 tibor.pacalat Bug heat 2 => 4
2023-09-28 17:40 DenisChenu Note Added: 77414
2023-09-28 17:40 DenisChenu File Added: Capture d’écran du 2023-09-28 17-40-08.png
2023-09-28 17:43 DenisChenu Note Added: 77415
2023-09-28 17:48 tibor.pacalat Note Added: 77416
2023-09-28 17:51 tibor.pacalat Note Added: 77417
2023-09-28 17:53 tibor.pacalat Note Added: 77418
2023-09-28 17:54 DenisChenu Changeset attached => LimeSurvey master 4b1a0835
2023-09-28 17:54 DenisChenu Note Added: 77419
2023-09-28 17:54 DenisChenu Assigned To => DenisChenu
2023-09-28 17:54 DenisChenu Resolution open => fixed
2023-09-28 17:59 DenisChenu Note Added: 77421
2023-09-28 18:04 tibor.pacalat Note Added: 77424
2023-09-28 18:19 DenisChenu Note Added: 77426
2023-09-28 18:19 DenisChenu Status ready for testing => resolved
2023-09-28 18:19 DenisChenu Fixed in Version => 6.2.x
2023-09-28 18:19 DenisChenu Note Added: 77427
2023-10-04 11:28 LimeBot Note Added: 77499
2023-10-04 11:28 LimeBot Status resolved => closed
2023-10-04 11:28 LimeBot Bug heat 4 => 6