Hello,

i had a LS installation 4.1.4 which i used to create some surveys. This worked fine until i updatet to 4.1.6. After the update all surveys crashed at the point where the send-button is pressed. Users can see the survey and can give answers to all questions, but when they click send at the end, it crashes with Error 500 "invalid signature".

From 4.1.6 on this even happens if a make a little survey with only one question (yes/no...).
The same happens for me in 4.1.8.
When i go back to 4.1.4 all works fine.

I am on Centos 7.7 with PHP 7.3.15 (cli) (built: Feb 18 2020 09:25:23) and mysql Ver 15.1 Distrib 5.5.64-MariaDB, for Linux (x86_64) using readline 5.1

In debug-mode i see:
"throw new SodiumException('Invalid signature');" but even Google was whithout real help here.

return ParagonIE_Sodium_Core_Ed25519::sign_open($signedMessage, $pk);

Does anyone know what to do now?

Thanks!

best regards
Jörg

I think you must report this as an issue.

Best is to export lss, set your debug mode on, have the html error produced. Send the 2 files to our mantis.

Cyheck if you activate encryot some of data, and disable it for testing.

edv wrote: After the update all surveys crashed at the point where the send-button is pressed. Users can see the survey and can give answers to all questions, but when they click send at the end, it crashes with Error 500 "invalid signature".

From 4.1.6 on this even happens if a make a little survey with only one question (yes/no...).
The same happens for me in 4.1.8.
When i go back to 4.1.4 all works fine.

The error messages show a relation to cryptofunctions (sodium) for data fields.
Can you check if 4.1.6 and 4.1.6 are running the same PHP versions as 4.1.8?

Perhaps the compatibility layer for PHP 7.2. is triggered. You state Centos 7 using PHP 7.3.
It's not the shipped version. Your OS is using an additional repository for PHP 7.3.
You might check if the php-sodium package is installed.

If you create a simple survey without any encrypted fields, the sodium library shouldn't be triggered.

As DenisChenu already suggested: Open a bugticket and attach a simple LSS export which causes trouble.

Post the link to the bugticket here.

As requested i filed a bug.
Here is the ticket: bugs.limesurvey.org/view.php?id=15965

I never used encryption. I dont need it.

edv wrote: I never used encryption. I dont need it.

In my opinion : if you don't want Encryption, you don't have to setup Sodium.

Like we do for LDAP

We must just disable Encryption part/system if Sodium is not present.

> We must just disable Encryption part/system if Sodium is not present.

If i switched encryption on it was not with intention. Where could i switch it off?
In LS? Searched for it without success.

Tried to install "sodium" ,

unning transaction
Installieren : php73-php-sodium-7.3.15-1.el7.remi.x86_64

but still get the "500" error.

regards
Jörg

DenisChenu wrote: We must just disable Encryption part/system if Sodium is not present.

Correct, but the root cause is unknown and no workaround in sight.

There are more sodium issue posts coming in.
www.limesurvey.org/forum/installation-a-...m-not-defined#195198

edv wrote: > We must just disable Encryption part/system if Sodium is not present.

If i switched encryption on it was not with intention. Where could i switch it off?

For me you have it in
Each question settings :

Each token attribute

edv wrote: If i switched encryption on it was not with intention. Where could i switch it off?
In LS? Searched for it without success

Then encryption is per question. If you look in the advanced options of a question, you can find an option to encrypt the data captured by that question.

It looks like an introduced bug, which is not depending on any activated encryption.
The only workaround for you might be to switch to PHP 7.2, cause there is the sodium lib not bundled but an alternative routine in LS is in place. Perhaps the bug is not raised in that scenario. But that is just a guess.

jelo wrote: It looks like an introduced bug, which is not depending on any activated encryption.

This muts be fixed : no Encryption set : no Sodiuym call.

2nd issue : No Encyoption enable : must show all encryotion disable and deactivated

Hello DenisChenu,

thanks for your advise. I never noticed this encryption option for questions.
Probably because i dont needed it. Sorry....

But in fact it is "off" (aus == german "off")




Double checked the options on my test user. They are "off" also.

Thank you for your support

regards
Jörg