View Issue Details

IDProjectCategoryView StatusLast Update
0020822mantisbtbugtrackerpublic2016-08-15 09:02
ReporterdregadAssigned Todregad 
PrioritynormalSeveritycrashReproducibilitysometimes
Status closedResolutionfixed 
Product Version1.2.19 
Target Version1.2.20Fixed in Version1.2.20 
Summary0020822: Collapsing/Expanding sections triggers error 2300
Description

On some platforms (e.g. Cloud9 IDE), collapsing/expanding a section and reloading the page causes APPLICATION ERROR 2300: Token could not be found. This prevents use of Mantis as it's no longer possible to load any page (the error is triggered in core.php, see call stack).

/core/tokens_api.php    64  -   -   trigger_error   ( <string>'2300', <integer>256 )
/core/tokens_api.php    134 -   -   token_ensure_exists ( <integer>5 )
/core/collapse_api.php  224 -   -   token_touch ( <integer>5 )
/core.php       265 -   -   collapse_cache_token    -
/view.php       28  -   -   require_once    ( <string>'/home/ubuntu/workspace/mantisbt/core.php' )
Steps To Reproduce
  • Navigate to bug view page
  • Collapse a section (e.g. relationship)
  • Reload the page
TagsNo tags attached.

Relationships

related to 0020824 closeddregad collapse_cache_token() always update token ID # 5 

Activities

dregad

dregad

2016-04-18 07:16

developer   ~0052971

After investigation, it appears that the Cookie is set as follows on the client side:

MANTIS_collapse_settings = "|relationships,0"

However, on the server side it is retrieved as (note the missing ',0'):

$_COOKIE['MANTIS_collapse_settings'] = "|relationships"

Consequently, collapse_cache_token() does not detect this as a valid {section,value} pair and fails to touch the token since it does not exist.

The ToggleDiv() function in common.js sets the cookie's value as

t_cookie + "|" + p_div + ",1" (or ",0" for a collapsed section)

Per RFC6265 section 4.1.1 [1] a comma is not a valid character in a cookie:

cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
                       ; whitespace DQUOTE, comma, semicolon,
                       ; and backslash 

[1] http://tools.ietf.org/html/rfc6265#section-4.2.1

dregad

dregad

2016-04-18 07:23

developer   ~0052972

In addition, the token_touch() call is incorrect: we give it a TOKEN_COLLAPSE token type, but the API actually expects a token ID, so collapse_cache_token() always tries to update token # 5 instead of the user's token.

dregad

dregad

2016-04-18 08:19

developer   ~0052975

PR https://github.com/mantisbt/mantisbt/pull/759

dregad

dregad

2016-05-12 07:58

developer   ~0053132

Backported to 1.2.x branch as the same problem exists there.

Related Changesets

MantisBT: master e3956c28

2016-04-18 07:24:52

dregad

Details Diff
Use ':' as separator in collapse_settings cookie

Previously we were using a comma, which is not a valid character in a
cookie (per RFC6265 section 4.1.1 [1]).

Fixes 0020822

[1] http://tools.ietf.org/html/rfc6265#section-4.2.1 [^]
mod - core/collapse_api.php Diff File
mod - js/common.js Diff File

MantisBT: master-1.2.x f8ea0a03

2016-04-18 07:24:52

dregad

Details Diff
Use ':' as separator in collapse_settings cookie

Previously we were using a comma, which is not a valid character in a
cookie (per RFC6265 section 4.1.1 [1]).

Fixes 0020822

[1] http://tools.ietf.org/html/rfc6265#section-4.2.1 [^]

Backported from master e3956c28762877e041671427b59d24c927b08521
Conflicts:
js/common.js
mod - core/collapse_api.php Diff File
mod - javascript/dev/common.js Diff File

Issue History

Date Modified Username Field Change
2016-04-18 06:45 dregad New Issue
2016-04-18 06:45 dregad Status new => assigned
2016-04-18 06:45 dregad Assigned To => dregad
2016-04-18 07:16 dregad Note Added: 0052971
2016-04-18 07:23 dregad Note Added: 0052972
2016-04-18 08:01 dregad Relationship added related to 0020824
2016-04-18 08:19 dregad Note Added: 0052975
2016-04-19 18:32 dregad Changeset attached => MantisBT master e3956c28
2016-04-19 18:32 dregad Status assigned => resolved
2016-04-19 18:32 dregad Resolution open => fixed
2016-04-19 18:32 dregad Fixed in Version => 1.3.0-rc.2
2016-05-12 07:55 dregad Changeset attached => MantisBT master-1.2.x f8ea0a03
2016-05-12 07:56 dregad Fixed in Version 1.3.0-rc.2 => 1.2.20
2016-05-12 07:57 dregad Target Version 1.3.0-rc.2 => 1.2.20
2016-05-12 07:57 dregad Product Version => 1.2.19
2016-05-12 07:58 dregad Note Added: 0053132
2016-08-15 09:02 dregad Status resolved => closed