This project aims at achieving the following functionalities.

  • survey participants can upload one or more files.
    • file upload feature with a beautiful interface (see mockups below)
    • an option to preview the file and/or edit its metadata like title, comments etc
    • The use of the file' URL for uploading from the web instead uploading from one's own computer
  • configuration options
    • max num of files
    • max/min filesize
    • file type(s) allowed
  • Safe storage in file system:
    • Validation of the User input
    • Take other security measures
  • Implementation in
    • statistics
    • data entry
    • printable survey
    • response browsing
    • response editing
    • RemoteControl
  • download response(s) in zipped format (see mockup below)
  • hooks for 3rd party processing tools


This project consists of the following basic components


Every file upload question type will have a upload button. When the surveyee clicks on the upload button, he comes across a loading screen. (See mockup)


Figure: Once you click on the upload file button for the file upload question, the loading bar comes up.

Then a box comes up where the surveyee can upload one or more files to the question. It also displays the file types that are permitted for this question. (The number of 'browse & upload' buttons will depend on the maximum number of files allowed for that question). Every file being uploaded has its own progress bar and cancel button. (See mockup)


Figure: A progress bar shows the progress of individual files, it also has an option to cancel the file uploads in the middle of the process.

While uploading files, we need to make sure that the server actually support a certain filesize because often servers are restricted on the post max size. This check can be added to the sanity checklist for the survey activation.

Also, once the file has been uploaded, a thumbnail should be created for easier browsing of results.

Once the files have been uploaded, the surveyee is taken to the gallery view. Here he can preview the file, edit its metadata like title, comments etc. If he wishes, he can also delete individual files or cancel the entire upload at this stage. (See mockup)


Figure: The gallery gives a preview of all the files uploaded. Here you can edit the title and add comments to the file. If you do not want to save it, you can also delete the file. Once done with editing etc, you can submit the files.

  • Some of the salient features of this uploader are as follows:
    • Rich progress and status information
    • Applying filters to file on the basis of filetype and filesize
    • Option to cancel the upload anytime
    • ability to keep a upper bound on the number of files uploaded per user/question/survey
  • Simple Uploader: A simple PHP uploader can be used as a backup If one has trouble uploading via the advanced uploader.
  • In-built error handling for the following errors
    • Invalid filetype
    • File too large
    • error while saving to filesystem


Database Schema

In the edited schema, I will not create any new tables. When a new file upload question type is created, the following attributes will be saved into the already existing question_attributes table. I will not making any modification to the database schema for saving the question attribute.

   max_filesize (int)

   max_num_of_files (int)

   min_num_of_files (int)

   allowed_filetype (string)

So, basically no new field/attribute is being created for questions, they are all being saved into the pre-existing question_attributes table. The question_attribute table would look something like this:

   qaid    qid           attribute              value

   110     12            max_filesize            2048

   111     12            max_num_of_files        3

   112     12            min_num_of_files        2

   113     12            allowed_filetype        "JPEG, png, bmp"

But, in the case of answers, we'll have to create the following fields in the survey_x table to save metadata information such as

`file_json` (string)

 number_of_files (int)

where file_json will be a JSON string which will contain the following information for all the files belonging to that particular question:

  • title : The name the surveyee would like the admin to see
  • filename : The random filename generated by LS and used for saving into the filesystem
  • file_comments : The file comments added by the surveyee while submitting the survey
  • extension : The extension of the file
  • file_size : The actual size of the file
  • order : The order in which the surveyee wants the uploaded files to be arranged

The attributes such as file_comments, title, order are configurable, i.e. the admin can decide weather he wants these attributes to exist or not.

Compress (Zip) and download

PHP:ZipArchive class

  • From PHP 5.3.0, zip extension comes preinstalled.
  • Following is a code snippet to demonstrate the beauty with which the zipping task can be handled.


   $za = new ZipArchive();




   echo "numFiles: " . $za->numFiles . "\n";

   echo "status: " . $za->status  . "\n";

   echo "statusSys: " . $za->statusSys . "\n";

   echo "filename: " . $za->filename . "\n";

   echo "comment: " . $za->comment . "\n";

   for ($i=0; $i<$za->numFiles;$i++) {

       echo "index: $i\n";

       // process the file contents


   echo "numFile:" . $za->numFiles . "\n";



Figure: The admin can select the response(s) by checking the checkboxes and download them in zipped format.

System Security

"Security is a process, not a product, and adopting a sound approach to security during the process of application development helps produce tighter, more robust code."

In order to make the upload process secure, the following security measures and practices will be taken into consideration during development.

1. Restrict Filetypes: Check the mime-type and file extension and only allow certain types to be uploaded.

2. Rename Files: Rename the files that are uploaded. Eliminate the files with extensions that are not allowed.

3. Blacklist Files: Blacklist files such as exe, zip, .php, .js, .py etc using a preg match and prevent upload of any such file.

4. Change Permissions: The files within the upload folder shouldn't be executable, hence change the upload folder's permissions to make sure that it is not executable.

5. .htaccess files: Place a .htaccess file inside the uploads and tmp directory to make them inaccessible

6. Disable Directory Indexes: add a index.php file into all the directories including tmp/ and upload/ to make sure that they are never exposed if they somehow become accessible due to administrative errors. If the directories are not supposed to be exposed or user accessible, the index.php must redirect them to the home page.

7. Upload folder outside WWW root: Doing so might not be a possibility for shared hosting. (Brainstorming on this issue)

8. Access Control flaw: do a user authentication check on every page to make sure that the enduser is unable to access sensitive information that the admin can access. The user authentication project idea should take care of it. (if that idea is selected for gsoc this year)

9. Make sure that you never create a non PHP file in the web-exposed directory for files containing sensitive information. For example, renaming a file to fileName.php.bak would be a huge security risk. If someone stumbles upon the URL, it will be displayed as it is without being parsed by the webserver. And if the file contains password or other sensitive information, it can be read by the user. It could even end up being indexed by Google if the spider stumbled upon it !!!

10. Do Not display PHP's Inbuild Error Messages: Ensure that display_errors in php.ini is set to "0". Outputting errors especially database connection errors to the browser is a very bad idea. Implement own error handler which takes control if an error occurs. Log all the errors so that they can be used for debugging later.

11. Email admin on suspicious activity : Send an email to the admin if any sucpicious activity like forcefully uploading zip/exe files in carried out

12. User Input validation: The reason behind most of the cyber attacks is the absence of user validation in forms. Never trust a user and always use input validation before feeding into the system.

File Security

Given that the surveyee can upload files to the system, it becomes very essential to ensure that the uploaded file is not malicious.

I don't have any prior experience in the field of file system security. Hence I did quite a lot of research on the issue, googled, exchanged emails, discussed over forums and mailing lists, and also had some interesting conversations with developers on #mantishelp (Mantis - the bugtracker used by a lot of organizations) as they have a similar file upload feature. This section on file security is more like a discussion of the various available options and not a precise plan. Implementation of this feature will require quite a lot of brainstorming and discussion because each of the techniques mentioned here have their own merits and demerits.

  • Sandbox: The best and most efficient means to secure a filesystem is sandboxing. Sandbox provides a security mechanism for running unverified programs. We'll need to process the uploaded files using third party tools etc. A malacious file could take undue advantage of a security hole in the third party tool. Hence, all the third party tools will execute in a sandbox which will provide a tightly controlled set of resources with strict permissions.
  • Principle of least previlege: Eevery module or file must be able to access only such information and resources that are necessary to its legitimate purpose. There is no reason why the uploaded directory should be executable. Hence, we must strip the directory permissions to the bare minimum. If a file needs to be manipulated, it can be moved to the sandbox, and manipulated. After the required manipulation has been done, it can be moved back to the upload directory. It will involve some overhead, but it would be a foolproof method against any malware/virus etc
  • PHP Fileinfo Extension: This extension tries to guess the content type and encoding of a file by looking for certain magic byte sequences at specific positions within the file. Hence, this file allows PHP to guess MIME type of the uploaded file. This information can be used to ensure fool proof blacklisting of dangerous files.

Hence, even if we get a virus or malware in our system, we can make sure that it never gets an opportunity to execute and hence prevent any damage to the server. This technique is very popular in virtual systems as well as software testing.

I also observed that the file upload task is something very similar to the adding attachment feature in the Mantis bugtracker. I got in touch with the Mantis developers on their mailing list, and also had quite an interesting conversation with them on their IRC channel #mantishelp.

I was surprized to discover that currently Mantis doesn't have any protection measures against threats. They do have some specific usecases though. It turns out the primary reason behind this is that most webservers have their own proprietary Anti virus software and the uploaded files are never executed on the server. And when a file is uploaded, it is by default checked for virus by the antivirus.

But, we obviously cannot count on this, so I've come up with the following idea for explicit virus checking:

  • Clamscan: Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX. It provides several utilities such as command line scanner as well as automatic database updates (virus definitions). It can be called from a PHP script.
  • The admin can configure whether to use clamAV or his own proprietary Anti virus software. He can browse to locate his Anit virus executable on his system or enter the path to AV/clamAV . The antivirus can be triggered from a PHP script and the uploaded file can be checked for malware.

Response Browser

Once the files have been uploaded, the admin should be able to view them online (i.e. without having to download them to his system). I'll attempt to add support for as many file types as time permits. But, the support for the following is the required mininum:

  1. Images: Gallery to browse images
  2. Vidoes: support for various video formats
  3. Text files: ability to view and edit text files

If time permits, we can add support for several other document formats such as excel, odt and ppt etc.

Hooks for third party tools

Once the files have been uploaded, there should be an option to modify them using third party tools. For example, the admin should be able to perform a batch operation like converting all videos from .mp4 format to .avi format. Once the admin selects these files by checking the checkboxes corresponding to these responses (similar to compress and download screen - see above), the third party tool will be triggered and the operation will be performed on all the files.

Disk Space Issues

Given that we will be saving the files to the hard drive, running out of disk space is quite an issue here. We can use a PHP script with the PHP's inbuilt total_disk_space() and free_disk_space() functions to find out the amount of free disk space available with the system.

We can also configure a predefined limit (say 80% disk full), after which an email will be sent by the Limesurvey's email notification system informing him about the low disk space issues. The admin can zip and download the files onto another drive.

We can have the following restrictions built into the system and can be configured while creating the file upload type question.

  1. maximum file size
  2. total disk space per question
  3. total disk space per user
  4. total disk space per survey

If any of these limits are reached, we can flash an error to the surveyee and prevent him from uploading any more files to the system.

We can also include a total_filesize_per_user stat in the statistics so that the admin can get an idea of the per user diskspace requirement and he can accordingly tweak the allowed_file_size in the configuration.


I strongly believe in Agile methodology and stick to it. Agile practices make all the more sense in open source projects like Limesurvey, where the features are added/modified on the basis of the user's feedback. We should have the ability to swiftly modify the product or feature on the basis of the feedback from the community.

The following gives a brief idea about the iteration cycle that I'll be following during the development period:

The iteration cycle is of 1 week's duration starting Tuesday night

  • Tuesday night: developer's meeting: Discuss the deliverables for the next iteration with mentor and community. Also elaborate on the functionality and implementation methodology.
  • Wednesday morning to Saturday night: Work on the implementation
  • Saturday night: Check in the implemented functionality. Send an email to the Limesurvey developers mailing-list announcing the new features implemented in this iteration.
  • Sunday - Monday: The developers and enthusiastic users can play with the feature and send feedback, bug report etc.
  • Tuesday (all day): fix bugs, tweak UI etc depending on the feedback. Also document everything while its still fresh in my mind.
  • Tuesday night: developer's meeting: disucss last iteration. Discuss the deliverables for next iteration.

I spend over 12 hours idling on the Limesurvey's IRC channel. I can use IRC as a medium to collect feedback from the users about the features.

Week and corresponding activities:

  •    Community Bonding Period starts: April 26
  •    I've been associated with limesurvey since last one month and by the time the Community bonding period starts I'd have over 2 months of experience with limesurvey.
  •    I have quite a decent understanding of the mechanics of Limesurvey.
  •    I spend quite some time on the IRC and hence feel that I'm pretty much well versed with who takes care of what in Limesurvey project.
  •    I feel confident enough to start cracking on the project without spending any time explicitly on Community bonding.
  • Week 1 (April 26): Brainstorm proposal with peers and mentor: Discuss the Database schema, implementation details, technologies etc. and collect feedback. At the end of the first week, create a dedicated page for upload question type on limesurvey's tikiwiki. It will enlist all the deliverables for this project along with the timeline, so that we can keep a track of the project's progress. This page will be updated with status of the project at the end of each iteration. (1 week)
    • Status: Completed
    • Work done this week:
      • DB schema discussed and finalized
      • Dedicated wikipage for FUQT created on tikiwiki
      • introduction mails on mailing list, posts on forum
  • Week 2 (May 3): Implement Simple Uploader: one can upload multiple files to the system using the file upload feature. This iteration will be more or less dedicated to backend implementation in the database. Modify survey creation to be able to add fields to survey_x table for file metadata information. (1 week)
  • Week 3 (May 10): Implement Advanced Browser Uploader: show progress bar, cancel upload and other cool GUI features (2 week)
  May 24: Coding period starts (as per official GSOC rules)
  • Week 5 (May 24): Gallery: The surveyee can preview the uploaded file before submitting it While previewing it, he has the option to edit the file's metadata like title, comments and even delete it ! (1 week)
  • Week 6 (May 31): Implementation in Data Entry screen, response browsing and response editing. No advanced online browsing of images, videos etc yet (1 week)
  • Week 7 (June 7): Zipper cum downloader: The admin can selectively download files using the data entry/browse screen on the admin panel (1 week)
  • Week 8 (June 14): Testing cum Documentation: writing tests and collecting feedback, try to breach the filesystem security and fix any holes/flaws in the implementation. Put up the file upload feature in staging mode and let endusers and fellow developers play with it and report any bugs. On the basis of the bug report and feedback, I'll fix the bugs and tweak UI. (1 week)
  • Week 9 (June 21): Implementation in statistics and printable survey (1 week)
  • Week 10 (June 28): Implementation in Remote control: This is one area that I am not very well versed with. I'll spend a week getting acquainted with it and another week in implementation (2 weeks)
   July 16 Mid-term evaluation
  • Week 12 (July 12): Adding hooks for third party tools (2 weeks)
  • Week 14 (July 26): On the basis of feedback from end users and developers, fix bugs, beautify GUI, add/remove minor features (1 week)
   Release the file upload feature in staging mode, let endusers and developers give some feedback. (1 week)
  • Week 16 (Aug 2): Advanced browsing implementation for user response. Adding support for browsing images, watching videos, viewing text files and listening to audio files online. (2 weeks)
   August 16: Firm Pencils Down
  • Week 18 (Aug 16): Fix bugs, sweep the bugtracker for any Limesurvey 1 bugs, especially the ones related to file upload question type.
   August 20: Final Evaluation