View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
18687Bug reportsSurvey editingpublic2023-03-16 12:062023-09-20 14:37
Reporter2BITS_PL Assigned Togabrieljenik  
PrioritynoneSeveritypartial_block 
Status closedResolutionunable to reproduce 
Product Version5.6.x 
Summary18687: Unable to add images via CKeditor
Description

I discovered the problem during internal tests, I used the demo for verification - there the problem occurs all the time.

After creating a survey with any question (I chose the default text field), after clicking on the image icon (inside CKeditor embedded inline) in the new window, when I click browse, the app tries to run the resource upload script but close automatically and then returns a permission denied message.

In the local environment (on my side) I changed the CSP settings:

  • form-action 'self' https: blob:;
  • base-uri self' https: blob:;
  • script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com blob:;
    Previously it was without 'blob' but some actions didn't work.

We also added a domain to session settings:
'cookieParams' => array (
'httponly' => true,
'safe' => true,
'domain' => '.mydomain'
),

Now in editing the question the problem does not appear. But when I add a question like "Select multiple choice image" then in subquestion edit I still get the same error with permissions.

By analyzing the file: \third_party\kcfinder\core\class\browser.php (line 90) here I set this message with permissions, it enters here because the 'disabled' parameter is set to 1 - I don't know what it sets, but how it changes on 0 then everything works fine.

I can't determine if it's a bug or a configuration issue.
Previously, we used LS v3.28 and there was no problem, now after switching to v5, adding images does not work.

TagsNo tags attached.
Bug heat6
Complete LimeSurvey version number (& build)Version 5.4.11+221114
I will donate to the project if issue is resolvedNo
Browser
Database type & versionSQL Server 2019
Server OS (if known)Microsoft Server 2019
Webserver software & version (if known)
PHP Versionv8.0.27 NTS x64

Users monitoring this issue

2BITS_PL

Activities

2BITS_PL

2BITS_PL

2023-03-17 10:35

reporter   ~74146

Steps to repeat:

  1. Create a survey, add a group
  2. Add a new question and choose a type: "Select multiple choice image" >> without saving
  3. Go to the list of sub-questions, click on the editor, then browse >> here's the problem
  4. If I click Save question and then go to the subquestion and follow the instructions from point 3 >> the problem still occurs
  5. Reload the page and follow the steps from point 3 >> now it works, you can add an image
  6. Add some sub-questions (may be blank), click Save and reload the page. Now go to edit each of the sub questions you added, you can add an image.
  7. Add a new subquestion to the list from point 6 (without saving and reloading), follow the instructions from point 3 - a message will appear that you cannot add a photo, go to edit the previous subquestion and try to add a photo > > this appears same error message although it worked before.

In my opinion, something is missing when adding a subquery, until the page reloads, it doesn't see it for the new subquestion, and blocks the image from being added. Worse, because triggering this lock disables this mechanism for all previous subqueries.
2BITS_PL

2BITS_PL

2023-03-30 13:15

reporter   ~74314

I installed LS v5.6.13 locally to verify the issue with this version (pure instance without our dedicated plugins).

Adds a new survey with a sample question created. I change the question type to "Select multiple choice image" (without saving), go to the list of sub questions, click edit and a new window opens "403, Invalid Group ID"

After saving the changes, I go to edit the subquestion, still the same error message.
I reload the page, go to edit the question and then edit the subquestion, ckeditor opens in a new window - there is no error.
gabrieljenik

gabrieljenik

2023-09-01 17:32

manager   ~76851

Hello 2BITS_PL,
I checked this with the latest version and could not reproduce, so this is most likely fixed for good.
Therefore, I am closing this issue. If you still can reproduce the issue using the latest version, please feel free to re-open the issue.
Thank you!

gabrieljenik
gabrieljenik

gabrieljenik

2023-09-01 17:46

manager   ~76853

Hello 2BITS_PL,

We have tried different ways and couldn't reproduce it.
I guess to know more about it the best would be to add some debug info on:

application/helpers/admin/htmleditor_helper.php
initKcfinder()

var_dump(Yii::app()->session['FileManagerContext']);
var_dump(Yii::app()->session['loginID']);
var_dump($_SESSION['KCFINDER']);
2BITS_PL

2BITS_PL

2023-09-05 11:48

reporter   ~76882

I have no way to verify it now, I need a few days.
2BITS_PL

2BITS_PL

2023-09-14 13:42

reporter   ~77029

demo.limesurvey.org (v6.2.5) - not resolved, step to repeat:

  1. create new syrvey
  2. go to the structure tab and add a new question
  3. Open the question text edit
  4. click on the image icon
  5. click the "Browse Sever" button, then it returns the error "You don't have permissions to browse server."

Locally on v5.4.11 - I have the same thing.

2023-09-14_13h30_26.mp4 (1,190,190 bytes)   
2023-09-14_13h30_26.mp4 (1,190,190 bytes)   
gabrieljenik

gabrieljenik

2023-09-14 13:57

manager   ~77032

I think demo is limited on purpose in terms of the resources browsing.
Sorry, that will not be enough for reproducing the issue.

Best chance is for you to do the debugging steps.
2BITS_PL

2BITS_PL

2023-09-14 15:27

reporter   ~77039

The topic must wait until I return from vacation, because I have no way of verifying it now. I will download the latest version 5.6.x and check.
2BITS_PL

2BITS_PL

2023-09-20 13:52

reporter   ~77201

Sorry for the notes in private mode - it's a habit from work ;)

I confirm that the bug does not occur in v5.6.37.
gabrieljenik

gabrieljenik

2023-09-20 14:37

manager   ~77203

As per the comments, will be closing the ticket.
Please add any comments in case it should be reopened.
Thanks

Issue History

Date Modified Username Field Change
2023-03-16 12:06 2BITS_PL New Issue
2023-03-17 10:35 2BITS_PL Note Added: 74146
2023-03-17 10:35 2BITS_PL Bug heat 0 => 2
2023-03-17 10:35 2BITS_PL Issue Monitored: 2BITS_PL
2023-03-17 10:35 2BITS_PL Bug heat 2 => 4
2023-03-30 13:15 2BITS_PL Note Added: 74314
2023-08-31 18:38 gabrieljenik Assigned To => gabrieljenik
2023-08-31 18:38 gabrieljenik Status new => assigned
2023-09-01 17:32 gabrieljenik Assigned To gabrieljenik =>
2023-09-01 17:32 gabrieljenik Status assigned => feedback
2023-09-01 17:32 gabrieljenik Note Added: 76851
2023-09-01 17:32 gabrieljenik Bug heat 4 => 6
2023-09-01 17:46 gabrieljenik Note Added: 76853
2023-09-05 11:48 2BITS_PL Note Added: 76882
2023-09-05 11:48 2BITS_PL Status feedback => new
2023-09-05 16:39 gabrieljenik Assigned To => gabrieljenik
2023-09-05 16:39 gabrieljenik Status new => feedback
2023-09-14 13:42 2BITS_PL Note Added: 77029
2023-09-14 13:42 2BITS_PL File Added: 2023-09-14_13h30_26.mp4
2023-09-14 13:42 2BITS_PL Status feedback => assigned
2023-09-14 13:57 gabrieljenik Note Added: 77032
2023-09-14 13:57 gabrieljenik Status assigned => feedback
2023-09-14 15:27 2BITS_PL Note Added: 77039
2023-09-14 15:27 2BITS_PL Status feedback => assigned
2023-09-20 13:52 2BITS_PL Note Added: 77201
2023-09-20 14:37 gabrieljenik Status assigned => closed
2023-09-20 14:37 gabrieljenik Resolution open => unable to reproduce
2023-09-20 14:37 gabrieljenik Note Added: 77203