View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007774 | mantisbt | custom fields | public | 2007-02-20 18:25 | 2007-05-08 03:42 |
| Reporter | daudo | Assigned To | vboctor | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.0.6 | ||||
| Target Version | 1.0.7 | Fixed in Version | 1.0.7 | ||
| Summary | 0007774: custom fields not stored correctly in bug history | ||||
| Description | the maximum field length for field names does not allow all custom field names to fit in, see this: ---------CUT--------- This again leads to a real security issue where custom fields are still print out because the access check is unable to determine the access level of a custom field with a name exceeding 32 characters. This is something that hit us along with bug 0007772. | ||||
| Tags | No tags attached. | ||||
| Attached Files | 7774.patch (2,546 bytes)
Index: core/custom_field_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/custom_field_api.php,v
retrieving revision 1.61
diff -u -r1.61 custom_field_api.php
--- core/custom_field_api.php 6 Mar 2007 07:05:19 -0000 1.61
+++ core/custom_field_api.php 1 Apr 2007 07:41:52 -0000
@@ -588,12 +588,20 @@
# --------------------
# Get the id of the custom field with the specified name.
# false is returned if no custom field found with the specified name.
- function custom_field_get_id_from_name( $p_field_name ) {
+ function custom_field_get_id_from_name( $p_field_name, $p_truncated_length = null ) {
$t_custom_field_table = config_get( 'mantis_custom_field_table' );
$c_field_name = db_prepare_string( $p_field_name );
- $query = "SELECT id FROM $t_custom_field_table WHERE name = '$c_field_name'";
+ if ( ( null === $p_truncated_length ) || ( strlen( $c_field_name ) != $p_truncated_length ) ) {
+ $query = "SELECT id FROM $t_custom_field_table WHERE name = '$c_field_name'";
+ } else {
+ # @@@ This is to handle the case where we only have a truncated part of the name. This happens in the case where
+ # we are getting the custom field name from the history logs, since history is 32 and custom field name is 64.
+ # This fix will handle entries already in the database, future entries should be handled by making the field name max lengths match.
+ $query = "SELECT id FROM $t_custom_field_table WHERE name LIKE '$c_field_name%'";
+ }
+
$t_result = db_query( $query, 1 );
if ( db_num_rows( $t_result ) == 0 ) {
Index: core/history_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/history_api.php,v
retrieving revision 1.39
diff -u -r1.39 history_api.php
--- core/history_api.php 6 Mar 2007 07:05:19 -0000 1.39
+++ core/history_api.php 1 Apr 2007 07:42:51 -0000
@@ -133,8 +133,8 @@
extract( $row, EXTR_PREFIX_ALL, 'v' );
// check that the item should be visible to the user
- // custom fields
- $t_field_id = custom_field_get_id_from_name( $v_field_name );
+ // custom fields - we are passing 32 here to notify the API that the custom field name is truncated by the history column from 64 to 32 characters.
+ $t_field_id = custom_field_get_id_from_name( $v_field_name, 32 );
if ( false !== $t_field_id &&
!custom_field_has_read_access( $t_field_id, $p_bug_id, $t_user_id ) ) {
continue;
| ||||
