search

GLOBALEAKS / globaleaks-whistleblowing-software

GlobaLeaks is free, open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
https://www.globaleaks.org
Other
1.23k stars 269 forks source link

Incorrect export of questionnaires leads to export only one language #4190

Closed diegolagoglez closed 3 weeks ago

diegolagoglez commented 4 weeks ago

What version of GlobaLeaks are you using?

5.0.7

What browser(s) are you seeing the problem on?

Chrome, Firefox

What operating system(s) are you seeing the problem on?

Windows, Android, Linux

Describe the issue

Just after upgrade on Ubuntu 22.04 using apt (from version 5.0.6 to 5.0.7, and only that package; no more packages were upgraded), all the text in the main page and subpages of the Globaleaks application are missing. Buttons with text are shown, some buttons work, but all the text is missing.

I've tested it in Windows, Linux and Android, with both Chrome and Firefox.

I have custom CSS but I've checked it disabling my custom CSS and the problem persist.

Javascript console raises this error:

Content-Security-Policy: La configuración de la página bloqueó la aplicación de un estilo en línea (style-src-elem) porque viola la siguiente directiva: “style-src 'self' 'sha256-pru43GdcNLwb4MwzOriCI9/9cKBzE5xeoLWHlKai1As='” [platform-browser.mjs:356:17](webpack:///node_modules/@angular/platform-browser/fesm2022/platform-browser.mjs)

Automatic translation is: Content-Security-Policy: The page configuration blocked the application of an inline style (style-src-elem) because it violates the following directive: “style-src 'self' 'sha256-pru43GdcNLwb4MwzOriCI9/9cKBzE5xeoLWHlKai1As='” platform-browser.mjs:356:17

I attach some (limited) screenshots to show the problem:

globaleaks-missing-text-1 globaleaks-missing-text-2 globaleaks-missing-text-3

Proposed solution

No response

evilaliv3 commented 4 weeks ago

Thank you @diegolagoglez for reporting this.

Are you able to proide me a lin to your platform or on community.globaleaks.org?

Thanm yuu

diegolagoglez commented 4 weeks ago

Sorry, @evilaliv3, at this moment my platform is still confidential :(

JaviAlama commented 3 weeks ago

Hello, the same thing happened to us in our test environment after upgrading to version 5.0.7.

evilaliv3 commented 3 weeks ago

Thank you @JaviAlama , do you have a link to your platform that i could test?

evilaliv3 commented 3 weeks ago

@JaviAlama @diegolagoglez @marcopvl: I think i've found the reason of the failure.

The problem is not in the update to 5.0.7, but in the function that export the questionnaires on version 5.

Do you confirm that you have updated to version 5, tried to export your questionnaires and then reimport them?

I noticed that the export function is currently exporting only one language.

diegolagoglez commented 3 weeks ago

With version 5.0.8 the error persist, and I haven't been able to remove a questionnaire after an export (export worked well) due to the same error:

Content-Security-Policy: La configuración de la página bloqueó la aplicación de un estilo en línea (style-src-attr) porque viola la siguiente directiva: “style-src 'self' 'sha256-pru43GdcNLwb4MwzOriCI9/9cKBzE5xeoLWHlKai1As='” platform-browser.mjs:593:15
Content-Security-Policy: La configuración de la página bloqueó la aplicación de un estilo en línea (style-src-attr) porque viola la siguiente directiva: “style-src 'self' 'sha256-pru43GdcNLwb4MwzOriCI9/9cKBzE5xeoLWHlKai1As='” ng-bootstrap.mjs:7441:20
Content-Security-Policy: La configuración de la página bloqueó la aplicación de un estilo en línea (style-src-elem) porque viola la siguiente directiva: “style-src 'self' 'sha256-pru43GdcNLwb4MwzOriCI9/9cKBzE5xeoLWHlKai1As='” platform-browser.mjs:356:17
XHRDELETE
https://globaleaks.example.org/api/admin/questionnaires/c541f5c2-24ed-4081-9298-98397d8ba8f3
[HTTP/2 500  16ms]

ERROR 
Object { headers: {…}, status: 500, statusText: "OK", url: "https://globaleaks.example.org/api/admin/questionnaires/c541f5c2-24ed-4081-9298-98397d8ba8f3", ok: false, name: "HttpErrorResponse", message: "Http failure response for https://globaleaks.example.org/api/admin/questionnaires/c541f5c2-24ed-4081-9298-98397d8ba8f3: 500 OK", error: {…} }
error: Object { error_message: "InternalServerError [Unexpected]", error_code: 1, arguments: (1) […] }
headers: Object { normalizedNames: Map(0), lazyUpdate: null, lazyInit: lazyInit()
}
message: "Http failure response for https://globaleaks.example.org/api/admin/questionnaires/c541f5c2-24ed-4081-9298-98397d8ba8f3: 500 OK"
name: "HttpErrorResponse"
ok: false
status: 500
statusText: "OK"
url: "https://globaleaks.example.org/api/admin/questionnaires/c541f5c2-24ed-4081-9298-98397d8ba8f3"
<prototype>: Object { … }
evilaliv3 commented 3 weeks ago

Thank you @diegolagoglez

Actually the errors on the content security policy are unrelated.

Are you able to create a platform on try.globaleaks.org where to reproduce the error? this would be really helpful. Thank you

diegolagoglez commented 3 weeks ago

I've just installed version 5.0.9 and it partially fixes the problem.

Almost all text is shown but the questionnaires' buttons' text are not shown and, when clicked, they also don't work (they don't go to the next tab).

This image is an example of the main form button that should show "Siguiente" (Next).

imagen

Javascript console error on button click is:

ERROR TypeError: n.stepForms is undefined
    checkForInvalidFields whistleblower-submission.service.ts:14
    runValidation submission.component.ts:303
    incrementStep whistleblower-submission.service.ts:43
    Ns submission.component.html:91
    Angular 24
    Ns submission.component.html:91
    Angular 4
    Ls submission.component.html:90
    Angular 52
    RxJS 6
    Angular 25
    template disclaimer.component.html:10
    Angular 7
    _createFromComponent ng-bootstrap.mjs:7491
    _getContentRef ng-bootstrap.mjs:7465
    open ng-bootstrap.mjs:7391
    open ng-bootstrap.mjs:7581

There is another Javascript recurrent error shown every 2-5 seconds:

ERROR TypeError: t[Symbol.iterator] is not a function
    Angular 2
    template form.component.html:1
    Angular 69
    RxJS 6
    Angular 7
    nt ng-idle-core.mjs:506
    Angular 13
    setIdleIntervalOutsideOfZone ng-idle-core.mjs:524
    Angular 3
    setIdleIntervalOutsideOfZone ng-idle-core.mjs:523
    nt ng-idle-core.mjs:510
    Angular 5
    nt ng-idle-core.mjs:506
    Angular 13
    setIdleIntervalOutsideOfZone ng-idle-core.mjs:524
    Angular 3
    setIdleIntervalOutsideOfZone ng-idle-core.mjs:523
JaviAlama commented 3 weeks ago

It's true! Same behaviour on our test project after updating from 5.0.3 to 5.0.9.

evilaliv3 commented 3 weeks ago

Thank you, it should be all fixed now in 5.0.10, would you please confirm?

JaviAlama commented 3 weeks ago

Good morning. After upgrading to 5.0.10, submit button and other texts and functionalities seem to be fixed.

evilaliv3 commented 3 weeks ago

Thank you @JaviAlama . I'm closing the ticket then, please feel free to reopen it if you notice any defect.

diegolagoglez commented 3 weeks ago

Little late but I can confirm that version 5.0.10 fixes the error.

Thanks very much.