2014-11-23 03:23 EST

View Issue Details Jump to Notes ] Wiki ] Related Changesets ]
IDProjectCategoryView StatusLast Update
0010776mantisbtapi soappublic2009-10-07 14:19
Reporterrombert 
Assigned Tovboctor 
PriorityhighSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
Product Version1.2.0rc1 
Target Version1.2.0rc2Fixed in Version1.2.0rc2 
Summary0010776: Retrieving an attachment with the SOAP API fails due to SYSTEM NOTICE
DescriptionI'm calling mc_issue_attachment_get with a correct username/password/attachment id.

The error response is:

<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" [^] 
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" [^] xmlns:xsd="http://www.w3.org/2001/XMLSchema" [^] 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" [^] xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"> [^]
   
<SOAP-ENV:Body>
      <SOAP-ENV:Fault>
         <faultcode xsi:type="xsd:string">Server</faultcode>
         <faultactor xsi:type="xsd:string"/>
         <faultstring xsi:type="xsd:string"><![CDATA[Error Type: SYSTEM NOTICE,
Error Description:
Undefined index:  project_id,
Stack Trace:
mc_issue_attachment_api.php L24 mci_file_get(<integer>2, <string>'bug', <string>'1')

UnknownFile L? mc_issue_attachment_get(<string>'administrator', <string>'root', <integer>2)

nusoap.php L3997 call_user_func_array(<string>'mc_issue_attachment_get', <Array> { [0] => 
'administrator', [1] => 'root', [2] => 2 })
nusoap.php L3686 invoke_method()
mantisconnect.php L1391 service(<string>'<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" [^] 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" [^] xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" [^] 
xmlns:man="http://futureware.biz/mantisconnect"> [^]
   <soapenv:Header/>
   <soapenv:Body>
      <man:mc_issue_attachment_get soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> [^]
         
<username xsi:type="xsd:string">xxx</username>
         <password xsi:type="xsd:string">xxx</password>
         <issue_attachment_id xsi:type="xsd:integer">2</issue_attachment_id>
      </man:mc_issue_attachment_get>
   </soapenv:Body>
</soapenv:Envelope>')]]></faultstring>
         <detail xsi:type="xsd:string"/>
      </SOAP-ENV:Fault>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>


It seems to me that mci_file_get unconditionally reads $row['project_id'] at line 163, but that field is not present in mantis_bug_file_table:

mysql> describe mantis_bug_file_table;
+-------------+------------------+------+-----+---------+----------------+
| Field       | Type             | Null | Key | Default | Extra          |
+-------------+------------------+------+-----+---------+----------------+
| id          | int(10) unsigned | NO   | PRI | NULL    | auto_increment |
| bug_id      | int(10) unsigned | NO   | MUL | 0       |                |
| title       | varchar(250)     | NO   |     |         |                |
| description | varchar(250)     | NO   |     |         |                |
| diskfile    | varchar(250)     | NO   | MUL |         |                |
| filename    | varchar(250)     | NO   |     |         |                |
| folder      | varchar(250)     | NO   |     |         |                |
| filesize    | int(11)          | NO   |     | 0       |                |
| file_type   | varchar(250)     | NO   |     |         |                |
| content     | longblob         | NO   |     | NULL    |                |
| date_added  | int(10) unsigned | NO   |     | 1       |                |
| user_id     | int(10) unsigned | NO   |     | 0       |                |
+-------------+------------------+------+-----+---------+----------------+
12 rows in set (0.00 sec)


Please consider fixing this for the next 1.2 RC or release, as it's a showstopper for most consumers of the SOAP API.
Tagspatch
Attached Files
  • patch file icon 0001-Avoid-unconditionally-referencing-project_id.patch (1,596 bytes) 2009-07-31 05:34 - 
    From 5a3c72a8378977ca99980e779e72b3cd0f6edfdd Mon Sep 17 00:00:00 2001
    From: Robert Munteanu <robert.munteanu@gmail.com>
    Date: Fri, 31 Jul 2009 12:30:38 +0300
    Subject: [PATCH] Avoid unconditionally referencing project_id
    
    The SOAP api mc_file_get function unconditionally references
    $row['project_id'], but that field is only set for 'doc' attachments.
    That access is now guarded by if checks, to avoid system notices
    and thus errors being sent to the SOAP client.
    ---
     api/soap/mc_file_api.php |    6 ++++--
     1 files changed, 4 insertions(+), 2 deletions(-)
    
    diff --git a/api/soap/mc_file_api.php b/api/soap/mc_file_api.php
    index b40242d..90df93f 100644
    --- a/api/soap/mc_file_api.php
    +++ b/api/soap/mc_file_api.php
    @@ -160,7 +160,9 @@ function mci_file_get( $p_file_id, $p_type, $p_user_id ) {
     	$row = db_fetch_array( $result );
     
     	$t_bug_id = $row['bug_id'];
    -	$t_project_id = $row['project_id'];
    +	if ( $p_type == 'doc' ) {
    +		$t_project_id = $row['project_id'];
    +	}
     	$t_diskfile = $row['diskfile'];
     	$t_content = base64_encode( $row['content'] );
     
    @@ -177,7 +179,7 @@ function mci_file_get( $p_file_id, $p_type, $p_user_id ) {
     			if( OFF == config_get( 'enable_project_documentation' ) ) {
     				return new soap_fault( 'Client', '', 'Access Denied' );
     			}
    -			if( !access_has_project_level( config_get( 'view_proj_doc_threshold' ), $t_project_id, $p_user_id ) ) {
    +			if( $p_type == 'doc' &&  !access_has_project_level( config_get( 'view_proj_doc_threshold' ), $t_project_id, $p_user_id ) ) {
     				return new soap_fault( 'Client', '', 'Access Denied' );
     			}
     			break;
    -- 
    1.6.3.3
    
    
  • patch file icon 0001-Avoid-unconditionally-referencing-project_id_v2.patch (1,069 bytes) 2009-07-31 05:51 - 
    From 40f19df302982c94d02a87a5768171fad687b7b3 Mon Sep 17 00:00:00 2001
    From: Robert Munteanu <robert.munteanu@gmail.com>
    Date: Fri, 31 Jul 2009 12:30:38 +0300
    Subject: [PATCH] Avoid unconditionally referencing project_id
    
    The SOAP api mc_file_get function unconditionally references
    $row['project_id'], but that field is only set for 'doc' attachments.
    That access is now guarded by if checks, to avoid system notices
    and thus errors being sent to the SOAP client.
    ---
     api/soap/mc_file_api.php |    4 +++-
     1 files changed, 3 insertions(+), 1 deletions(-)
    
    diff --git a/api/soap/mc_file_api.php b/api/soap/mc_file_api.php
    index b40242d..695ed4a 100644
    --- a/api/soap/mc_file_api.php
    +++ b/api/soap/mc_file_api.php
    @@ -160,7 +160,9 @@ function mci_file_get( $p_file_id, $p_type, $p_user_id ) {
     	$row = db_fetch_array( $result );
     
     	$t_bug_id = $row['bug_id'];
    -	$t_project_id = $row['project_id'];
    +	if ( $p_type == 'doc' ) {
    +		$t_project_id = $row['project_id'];
    +	}
     	$t_diskfile = $row['diskfile'];
     	$t_content = base64_encode( $row['content'] );
     
    -- 
    1.6.3.3
    
    

- Relationships
+ Relationships

-  Notes
User avatar

~0022629

rombert (developer)

Added patch: Avoid unconditionally referencing project_id

The SOAP api mc_file_get function unconditionally references
$row['project_id'], but that field is only set for 'doc' attachments.
That access is now guarded by if checks, to avoid system notices
and thus errors being sent to the SOAP client.
User avatar

~0022630

rombert (developer)

The patch has been tested on current master ( bba71f0a3b493783dc1c4de37d5ecf3389f9239b ) , 1.2.0a3 and 1.2.0rc1 .
User avatar

~0022631

rombert (developer)

Removed an unnecessary double check.
+  Notes

+ Related Changesets

- Issue History
Date Modified Username Field Change
2009-07-29 04:59 rombert New Issue
2009-07-31 05:34 rombert File Added: 0001-Avoid-unconditionally-referencing-project_id.patch
2009-07-31 05:35 rombert Tag Attached: patch
2009-07-31 05:35 rombert Note Added: 0022629
2009-07-31 05:43 rombert Note Added: 0022630
2009-07-31 05:51 rombert File Added: 0001-Avoid-unconditionally-referencing-project_id_v2.patch
2009-07-31 05:52 rombert Note Added: 0022631
2009-10-05 02:48 vboctor Status new => acknowledged
2009-10-05 04:59 dhx Target Version => 1.2.2
2009-10-06 02:36 vboctor Status acknowledged => resolved
2009-10-06 02:36 vboctor Fixed in Version => 1.2.2
2009-10-06 02:36 vboctor Resolution open => fixed
2009-10-06 02:36 vboctor Assigned To => vboctor
2009-10-06 02:40 vboctor Changeset attached master-1.2.x bbb8e44a =>
2009-10-06 02:40 vboctor Changeset attached master 00f35a43 =>
2009-10-07 14:19 jreese Status resolved => closed
+ Issue History