View Issue Details

IDProjectCategoryView StatusLast Update
0017967mantisbtbugtrackerpublic2015-01-25 18:17
Reporterinfo4kmAssigned Todregad 
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.18 
Target Version1.2.19Fixed in Version1.2.19 
Summary0017967: Reporting an issue gives: 'Invalid argument supplied for foreach()' in '/opt/mantisbt-1.2.18/core/gpc_api.php' line 259
Description

When reporting an issue I get the following system warning:

'Invalid argument supplied for foreach()' in '/opt/mantisbt-1.2.18/core/gpc_api.php' line 259

TagsNo tags attached.

Relationships

related to 0017640 closeddregad CVE-2014-6387: Null byte poisoning in LDAP authentication 

Activities

info4km

info4km

2014-12-15 11:44

reporter   ~0042024

Last edited: 2014-12-16 11:43

View 2 revisions

I just upgraded from 1.2.17 to 1.2.18

(for now I have turned off these warnings by setting:
$g_display_errors[E_WARNING] = DISPLAY_ERROR_NONE;

as explained in issue 0017322, but I don't like that solution.

dregad

dregad

2014-12-16 11:48

developer   ~0042031

I was not able to reproduce your problem. Please provide additional information to help understanding the problem. Please follow these steps:

  1. temporarily configure your system as follows:

$g_display_errors[E_WARNING] = 'halt';
$g_show_detailed_errors = ON;

WARNING - SECURITY RISK: the 'show_detailed_errors' config can cause MantisBT to display sensitive information about your system. We recommend to restrict its activation to a Test environment, only for as long as necessary. If possible, do not turn it ON globally, instead limit it for specific user(s) using the Manage Configuration page.

  1. Reproduce the error
  2. save the output of the error screen, preferably as an HTML page
  3. be careful to remove/mask any confidential information if needed
  4. upload the results here
info4km

info4km

2014-12-17 16:41

reporter   ~0042032

OK - I followed the instructions in your note. The page I have uploaded does not look exactly as it did. When I edited the confidential stuff it got slightly messed up. All of the info that I saw is there though. See attached file Error_BugTracker_php.html.

info4km

info4km

2014-12-17 16:42

reporter  

Error_Bug Tracker_php.html (6,853 bytes)
dregad

dregad

2014-12-18 11:51

developer   ~0042036

I'm still not able to reproduce. It appears the problem occurs on a custom field of type checkbox, can you detail how it is defined ?

info4km

info4km

2014-12-18 12:33

reporter   ~0042037

I have attached two images of the custom fields that are check boxes. It's weird because I think I had trouble with these fields when I first converted to 1.2.x in the first place. Now they are finally working, and they are giving us trouble again. Images are customfield_1.jpg and customfield_2.jpg.

If its a checkbox config issue I can make it a List with a yes|no that defaults to no.

info4km

info4km

2014-12-18 12:33

reporter  

customfield_1.jpg (51,368 bytes)
customfield_1.jpg (51,368 bytes)
info4km

info4km

2014-12-18 12:34

reporter  

customfield_2.jpg (48,756 bytes)
customfield_2.jpg (48,756 bytes)
dregad

dregad

2014-12-18 18:25

developer   ~0042038

I tried with a CF with same settings as you uploaded, but it works fine for me.

According to the detailed error log you sent earlier, the custom field's name is 'custom_field_3' which does not match the field names in the 2 screenshots.

info4km

info4km

2014-12-19 08:58

reporter   ~0042043

There is no field with that name. The DB shows that custom field with an ID of 3 is "Documentation Required" which is one of the screen shots I've attached.

info4km

info4km

2014-12-19 09:04

reporter   ~0042044

FYI - I made that checkbox a List with no|yes - and set the debugging again. I get the same results but for custom_field_2 which is the other checkbox. Maybe

If no solution is found, I will change them to lists.

dregad

dregad

2014-12-21 11:26

developer   ~0042045

Last edited: 2014-12-21 11:30

View 2 revisions

I can reproduce the behavior now. According to git bisect, it is a regression introduced by commit 215968fa8ff33e327f0600765a5caa24de392cbc (see 0017640).

Related Changesets

MantisBT: master-1.2.x 215968fa

2013-10-12 17:58:43

Paul Richards


Committer: dregad Details Diff
Strip null bytes out of GPC input strings

Backporting commit fc02c46eea9d9e7cc472a7fc1801ea65d467db76 from master
branch to fix issue 0017640

Signed-off-by: Damien Regad <dregad@mantisbt.org>
mod - core/gpc_api.php Diff File

MantisBT: master-1.2.x 99ada4de

2014-12-21 11:46:35

dregad

Details Diff
Fix system warning in gpc_get_string_array()

The fix for issue 0017640 did not consider that the value returned by
gpc_get() is not necessarily an array - it can be the default value
(e.g. null) causing PHP to throw an 'Invalid argument supplied for
foreach()' warning.

Fixes 0017967, regression from 215968fa8ff33e327f0600765a5caa24de392cbc
mod - core/gpc_api.php Diff File

MantisBT: master 61c8548c

2014-12-21 11:46:35

dregad

Details Diff
Fix system warning in gpc_get_string_array()

The fix for issue 0017640 did not consider that the value returned by
gpc_get() is not necessarily an array - it can be the default value
(e.g. null) causing PHP to throw an 'Invalid argument supplied for
foreach()' warning.

Fixes 0017967 (ported from 1.2.x)
mod - core/gpc_api.php Diff File

Issue History

Date Modified Username Field Change
2014-12-15 11:43 info4km New Issue
2014-12-15 11:44 info4km Note Added: 0042024
2014-12-16 11:43 dregad Note Edited: 0042024 View Revisions
2014-12-16 11:48 dregad Note Added: 0042031
2014-12-16 11:48 dregad Status new => feedback
2014-12-16 12:16 lgo File Added: raccourcis windows.txt
2014-12-17 16:41 info4km Note Added: 0042032
2014-12-17 16:41 info4km Status feedback => new
2014-12-17 16:42 info4km File Added: Error_Bug Tracker_php.html
2014-12-18 11:45 dregad File Deleted: raccourcis windows.txt
2014-12-18 11:51 dregad Status new => feedback
2014-12-18 11:51 dregad Note Added: 0042036
2014-12-18 12:33 info4km Note Added: 0042037
2014-12-18 12:33 info4km Status feedback => new
2014-12-18 12:33 info4km File Added: customfield_1.jpg
2014-12-18 12:34 info4km File Added: customfield_2.jpg
2014-12-18 18:25 dregad Note Added: 0042038
2014-12-18 18:25 dregad Status new => feedback
2014-12-19 08:58 info4km Note Added: 0042043
2014-12-19 08:58 info4km Status feedback => new
2014-12-19 09:04 info4km Note Added: 0042044
2014-12-21 11:26 dregad Status new => confirmed
2014-12-21 11:26 dregad Note Added: 0042045
2014-12-21 11:26 dregad Relationship added related to 0017640
2014-12-21 11:30 dregad Note Edited: 0042045 View Revisions
2014-12-21 11:31 dregad Changeset attached => MantisBT master-1.2.x 215968fa
2014-12-21 11:32 dregad Product Version => 1.2.18
2014-12-21 11:32 dregad Target Version => 1.2.19
2014-12-21 11:46 dregad Assigned To => dregad
2014-12-21 11:46 dregad Status confirmed => assigned
2014-12-21 13:29 dregad Changeset attached => MantisBT master-1.2.x 99ada4de
2014-12-21 13:29 dregad Status assigned => resolved
2014-12-21 13:29 dregad Resolution open => fixed
2014-12-21 13:29 dregad Fixed in Version => 1.2.19
2014-12-21 13:29 dregad Changeset attached => MantisBT master 61c8548c
2014-12-21 13:31 dregad Changeset attached => MantisBT master f725b469
2014-12-21 13:31 dregad Changeset removed MantisBT master f725b469 =>
2015-01-25 18:17 dregadmin Status resolved => closed