View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0010776 | mantisbt | api soap | public | 2009-07-29 04:59 | 2009-10-07 14:19 |
Reporter | rombert | Assigned To | vboctor | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0rc1 | ||||
Target Version | 1.2.0rc2 | Fixed in Version | 1.2.0rc2 | ||
Summary | 0010776: Retrieving an attachment with the SOAP API fails due to SYSTEM NOTICE | ||||
Description | I'm calling mc_issue_attachment_get with a correct username/password/attachment id. The error response is: <SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"> It seems to me that mci_file_get unconditionally reads $row['project_id'] at line 163, but that field is not present in mantis_bug_file_table: mysql> describe mantis_bug_file_table; Please consider fixing this for the next 1.2 RC or release, as it's a showstopper for most consumers of the SOAP API. | ||||
Tags | patch | ||||
Attached Files | 0001-Avoid-unconditionally-referencing-project_id.patch (1,596 bytes)
From 5a3c72a8378977ca99980e779e72b3cd0f6edfdd Mon Sep 17 00:00:00 2001 From: Robert Munteanu <robert.munteanu@gmail.com> Date: Fri, 31 Jul 2009 12:30:38 +0300 Subject: [PATCH] Avoid unconditionally referencing project_id The SOAP api mc_file_get function unconditionally references $row['project_id'], but that field is only set for 'doc' attachments. That access is now guarded by if checks, to avoid system notices and thus errors being sent to the SOAP client. --- api/soap/mc_file_api.php | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/api/soap/mc_file_api.php b/api/soap/mc_file_api.php index b40242d..90df93f 100644 --- a/api/soap/mc_file_api.php +++ b/api/soap/mc_file_api.php @@ -160,7 +160,9 @@ function mci_file_get( $p_file_id, $p_type, $p_user_id ) { $row = db_fetch_array( $result ); $t_bug_id = $row['bug_id']; - $t_project_id = $row['project_id']; + if ( $p_type == 'doc' ) { + $t_project_id = $row['project_id']; + } $t_diskfile = $row['diskfile']; $t_content = base64_encode( $row['content'] ); @@ -177,7 +179,7 @@ function mci_file_get( $p_file_id, $p_type, $p_user_id ) { if( OFF == config_get( 'enable_project_documentation' ) ) { return new soap_fault( 'Client', '', 'Access Denied' ); } - if( !access_has_project_level( config_get( 'view_proj_doc_threshold' ), $t_project_id, $p_user_id ) ) { + if( $p_type == 'doc' && !access_has_project_level( config_get( 'view_proj_doc_threshold' ), $t_project_id, $p_user_id ) ) { return new soap_fault( 'Client', '', 'Access Denied' ); } break; -- 1.6.3.3 0001-Avoid-unconditionally-referencing-project_id_v2.patch (1,069 bytes)
From 40f19df302982c94d02a87a5768171fad687b7b3 Mon Sep 17 00:00:00 2001 From: Robert Munteanu <robert.munteanu@gmail.com> Date: Fri, 31 Jul 2009 12:30:38 +0300 Subject: [PATCH] Avoid unconditionally referencing project_id The SOAP api mc_file_get function unconditionally references $row['project_id'], but that field is only set for 'doc' attachments. That access is now guarded by if checks, to avoid system notices and thus errors being sent to the SOAP client. --- api/soap/mc_file_api.php | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/api/soap/mc_file_api.php b/api/soap/mc_file_api.php index b40242d..695ed4a 100644 --- a/api/soap/mc_file_api.php +++ b/api/soap/mc_file_api.php @@ -160,7 +160,9 @@ function mci_file_get( $p_file_id, $p_type, $p_user_id ) { $row = db_fetch_array( $result ); $t_bug_id = $row['bug_id']; - $t_project_id = $row['project_id']; + if ( $p_type == 'doc' ) { + $t_project_id = $row['project_id']; + } $t_diskfile = $row['diskfile']; $t_content = base64_encode( $row['content'] ); -- 1.6.3.3 | ||||
Added patch: Avoid unconditionally referencing project_id The SOAP api mc_file_get function unconditionally references |
|
The patch has been tested on current master ( bba71f0a3b493783dc1c4de37d5ecf3389f9239b ) , 1.2.0a3 and 1.2.0rc1 . |
|
Removed an unnecessary double check. |
|
MantisBT: master-1.2.x bbb8e44a 2009-10-06 02:34 Details Diff |
Fix 0010776: Retrieving an attachment with the SOAP API fails due to SYSTEM NOTICE. |
Affected Issues 0010776 |
|
mod - api/soap/mc_file_api.php | Diff File | ||
mod - core/file_api.php | Diff File | ||
MantisBT: master 00f35a43 2009-10-06 02:34 Details Diff |
Fix 0010776: Retrieving an attachment with the SOAP API fails due to SYSTEM NOTICE. |
Affected Issues 0010776 |
|
mod - api/soap/mc_file_api.php | Diff File | ||
mod - core/file_api.php | Diff File |