View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009123 | mantisbt | relationships | public | 2008-05-05 03:32 | 2017-02-24 13:46 |
Reporter | przemek7bc | Assigned To | vboctor | ||
Priority | normal | Severity | block | Reproducibility | always |
Status | closed | Resolution | unable to reproduce | ||
Product Version | git trunk | ||||
Summary | 0009123: Can't delete relation of a bug | ||||
Description | The link to delete a bug relation will generate a HTTP GET request, but bug_relationship_delete.php calls helper_ensure_post() to ensure the request uses POST method. I could make a patch, but I don't know which request is corrent, GET or POST. | ||||
Steps To Reproduce | Add a bug relation and try to delete it. | ||||
Tags | patch | ||||
Attached Files | relationship_delete.patch (1,665 bytes)
Index: core/relationship_api.php =================================================================== --- core/relationship_api.php (wersja 5247) +++ core/relationship_api.php (kopia robocza) @@ -652,7 +652,8 @@ # add delete link if bug not read only and user has access level if ( !bug_is_readonly( $p_bug_id ) && !current_user_is_anonymous() && ( $p_html_preview == false ) ) { if ( access_has_bug_level( config_get( 'update_bug_threshold' ), $p_bug_id ) ) { - $t_relationship_info_html .= " [<a class=\"small\" href=\"bug_relationship_delete.php?bug_id=$p_bug_id&rel_id=$p_relationship->id\">" . lang_get('delete_link') . '</a>]'; + //$t_relationship_info_html .= " [<a class=\"small\" href=\"bug_relationship_delete.php?bug_id=$p_bug_id&rel_id=$p_relationship->id\">" . lang_get('delete_link') . '</a>]'; + $t_relationship_info_html .= " [<a class=\"small\" href=\"javascript:deleteBug($p_bug_id, $p_relationship->id);\">" . lang_get('delete_link') . '</a>]'; } } @@ -698,8 +699,18 @@ } $t_summary = '<table border="0" width="100%" cellpadding="0" cellspacing="1">' . $t_summary . '</table>'; } + + $t_form = '<form action="bug_relationship_delete.php" method="post" id="deleteBugForm" style="margin: 0px"></form>'; + $t_script = '<script language="javascript">'."\n" + .'function deleteBug(bug_id, rel_id) {'."\n" + .' var form = document.getElementById(\'deleteBugForm\');'."\n" + .' form.action = form.action + \'?bug_id=\' + bug_id + \'&rel_id=\' + rel_id;'."\n" + .' form.submit();'."\n" + .'}'."\n" + .'</script>'; + - return $t_summary; + return $t_form.$t_script.$t_summary; } /** | ||||
It was decided that commands performing database write operations should be converted to POST that's why helper_ensure_post was added. |
|
This patch converts the [Delete] so it calls deleteBug() function which is generated with relationship_get_summary_html. |
|
|
|
yes, latest code will not exhibit the problem due to the removal of ensure_post. The underlying issue is still there, that is we need to move the operation to a POST form |
|
This is no longer targeted for 1.2.x given that the deletion logic work. It becomes a lower priority cleanup fix to change the link to a button. It is important to note that even if the page is crawled, it is not an issue given that there is a confirmation page that requires a post. |
|