View Issue Details

IDProjectCategoryView StatusLast Update
0010776mantisbtapi soappublic2009-10-07 14:19
ReporterrombertAssigned Tovboctor 
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.0rc1 
Target Version1.2.0rc2Fixed in Version1.2.0rc2 
Summary0010776: Retrieving an attachment with the SOAP API fails due to SYSTEM NOTICE
Description

I'm calling mc_issue_attachment_get with a correct username/password/attachment id.

The error response is:

<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/">
   <SOAP-ENV:Body>
      <SOAP-ENV:Fault>
         <faultcode xsi:type="xsd:string">Server</faultcode>
         <faultactor xsi:type="xsd:string"/>
         <faultstring xsi:type="xsd:string"><![CDATA[Error Type: SYSTEM NOTICE,
Error Description:
Undefined index:  project_id,
Stack Trace:
mc_issue_attachment_api.php L24 mci_file_get(<integer>2, <string>'bug', <string>'1')
UnknownFile L? mc_issue_attachment_get(<string>'administrator', <string>'root', <integer>2)
nusoap.php L3997 call_user_func_array(<string>'mc_issue_attachment_get', <Array> { [0] => 'administrator', [1] => 'root', [2] => 2 })
nusoap.php L3686 invoke_method()
mantisconnect.php L1391 service(<string>'<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:man="http://futureware.biz/mantisconnect">
   <soapenv:Header/>
   <soapenv:Body>
      <man:mc_issue_attachment_get soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
         <username xsi:type="xsd:string">xxx</username>
         <password xsi:type="xsd:string">xxx</password>
         <issue_attachment_id xsi:type="xsd:integer">2</issue_attachment_id>
      </man:mc_issue_attachment_get>
   </soapenv:Body>
</soapenv:Envelope>')]]></faultstring>
         <detail xsi:type="xsd:string"/>
      </SOAP-ENV:Fault>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

It seems to me that mci_file_get unconditionally reads $row['project_id'] at line 163, but that field is not present in mantis_bug_file_table:

mysql> describe mantis_bug_file_table;
+-------------+------------------+------+-----+---------+----------------+
| Field       | Type             | Null | Key | Default | Extra          |
+-------------+------------------+------+-----+---------+----------------+
| id          | int(10) unsigned | NO   | PRI | NULL    | auto_increment |
| bug_id      | int(10) unsigned | NO   | MUL | 0       |                |
| title       | varchar(250)     | NO   |     |         |                |
| description | varchar(250)     | NO   |     |         |                |
| diskfile    | varchar(250)     | NO   | MUL |         |                |
| filename    | varchar(250)     | NO   |     |         |                |
| folder      | varchar(250)     | NO   |     |         |                |
| filesize    | int(11)          | NO   |     | 0       |                |
| file_type   | varchar(250)     | NO   |     |         |                |
| content     | longblob         | NO   |     | NULL    |                |
| date_added  | int(10) unsigned | NO   |     | 1       |                |
| user_id     | int(10) unsigned | NO   |     | 0       |                |
+-------------+------------------+------+-----+---------+----------------+
12 rows in set (0.00 sec)

Please consider fixing this for the next 1.2 RC or release, as it's a showstopper for most consumers of the SOAP API.

Tagspatch

Relationships

Activities

rombert

rombert

2009-07-31 05:34

developer  

0001-Avoid-unconditionally-referencing-project_id.patch (1,596 bytes)
From 5a3c72a8378977ca99980e779e72b3cd0f6edfdd Mon Sep 17 00:00:00 2001
From: Robert Munteanu <robert.munteanu@gmail.com>
Date: Fri, 31 Jul 2009 12:30:38 +0300
Subject: [PATCH] Avoid unconditionally referencing project_id

The SOAP api mc_file_get function unconditionally references
$row['project_id'], but that field is only set for 'doc' attachments.
That access is now guarded by if checks, to avoid system notices
and thus errors being sent to the SOAP client.
---
 api/soap/mc_file_api.php |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/api/soap/mc_file_api.php b/api/soap/mc_file_api.php
index b40242d..90df93f 100644
--- a/api/soap/mc_file_api.php
+++ b/api/soap/mc_file_api.php
@@ -160,7 +160,9 @@ function mci_file_get( $p_file_id, $p_type, $p_user_id ) {
 	$row = db_fetch_array( $result );
 
 	$t_bug_id = $row['bug_id'];
-	$t_project_id = $row['project_id'];
+	if ( $p_type == 'doc' ) {
+		$t_project_id = $row['project_id'];
+	}
 	$t_diskfile = $row['diskfile'];
 	$t_content = base64_encode( $row['content'] );
 
@@ -177,7 +179,7 @@ function mci_file_get( $p_file_id, $p_type, $p_user_id ) {
 			if( OFF == config_get( 'enable_project_documentation' ) ) {
 				return new soap_fault( 'Client', '', 'Access Denied' );
 			}
-			if( !access_has_project_level( config_get( 'view_proj_doc_threshold' ), $t_project_id, $p_user_id ) ) {
+			if( $p_type == 'doc' &&  !access_has_project_level( config_get( 'view_proj_doc_threshold' ), $t_project_id, $p_user_id ) ) {
 				return new soap_fault( 'Client', '', 'Access Denied' );
 			}
 			break;
-- 
1.6.3.3

rombert

rombert

2009-07-31 05:35

developer   ~0022629

Added patch: Avoid unconditionally referencing project_id

The SOAP api mc_file_get function unconditionally references
$row['project_id'], but that field is only set for 'doc' attachments.
That access is now guarded by if checks, to avoid system notices
and thus errors being sent to the SOAP client.

rombert

rombert

2009-07-31 05:43

developer   ~0022630

The patch has been tested on current master ( bba71f0a3b493783dc1c4de37d5ecf3389f9239b ) , 1.2.0a3 and 1.2.0rc1 .

rombert

rombert

2009-07-31 05:51

developer  

0001-Avoid-unconditionally-referencing-project_id_v2.patch (1,069 bytes)
From 40f19df302982c94d02a87a5768171fad687b7b3 Mon Sep 17 00:00:00 2001
From: Robert Munteanu <robert.munteanu@gmail.com>
Date: Fri, 31 Jul 2009 12:30:38 +0300
Subject: [PATCH] Avoid unconditionally referencing project_id

The SOAP api mc_file_get function unconditionally references
$row['project_id'], but that field is only set for 'doc' attachments.
That access is now guarded by if checks, to avoid system notices
and thus errors being sent to the SOAP client.
---
 api/soap/mc_file_api.php |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/api/soap/mc_file_api.php b/api/soap/mc_file_api.php
index b40242d..695ed4a 100644
--- a/api/soap/mc_file_api.php
+++ b/api/soap/mc_file_api.php
@@ -160,7 +160,9 @@ function mci_file_get( $p_file_id, $p_type, $p_user_id ) {
 	$row = db_fetch_array( $result );
 
 	$t_bug_id = $row['bug_id'];
-	$t_project_id = $row['project_id'];
+	if ( $p_type == 'doc' ) {
+		$t_project_id = $row['project_id'];
+	}
 	$t_diskfile = $row['diskfile'];
 	$t_content = base64_encode( $row['content'] );
 
-- 
1.6.3.3

rombert

rombert

2009-07-31 05:52

developer   ~0022631

Removed an unnecessary double check.

Related Changesets

MantisBT: master-1.2.x bbb8e44a

2009-10-06 06:34:55

vboctor

Details Diff
Fix 0010776: Retrieving an attachment with the SOAP API fails due to SYSTEM NOTICE.
mod - api/soap/mc_file_api.php Diff File
mod - core/file_api.php Diff File

MantisBT: master 00f35a43

2009-10-06 06:34:55

vboctor

Details Diff
Fix 0010776: Retrieving an attachment with the SOAP API fails due to SYSTEM NOTICE.
mod - api/soap/mc_file_api.php Diff File
mod - core/file_api.php Diff File

Issue History

Date Modified Username Field Change
2009-07-29 04:59 rombert New Issue
2009-07-31 05:34 rombert File Added: 0001-Avoid-unconditionally-referencing-project_id.patch
2009-07-31 05:35 rombert Tag Attached: patch
2009-07-31 05:35 rombert Note Added: 0022629
2009-07-31 05:43 rombert Note Added: 0022630
2009-07-31 05:51 rombert File Added: 0001-Avoid-unconditionally-referencing-project_id_v2.patch
2009-07-31 05:52 rombert Note Added: 0022631
2009-10-05 02:48 vboctor Status new => acknowledged
2009-10-05 04:59 dhx Target Version => 1.2.2
2009-10-06 02:36 vboctor Status acknowledged => resolved
2009-10-06 02:36 vboctor Fixed in Version => 1.2.2
2009-10-06 02:36 vboctor Resolution open => fixed
2009-10-06 02:36 vboctor Assigned To => vboctor
2009-10-06 02:40 vboctor Changeset attached master-1.2.x bbb8e44a =>
2009-10-06 02:40 vboctor Changeset attached master 00f35a43 =>
2009-10-07 14:19 jreese Status resolved => closed