View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0009869mantisbtbugtrackerpublic2008-11-22 07:082009-02-18 08:10
Reporterdirkdatzert Assigned Tojreese  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version1.1.6 
Summary0009869: application error 2800 still in version 1.1.5
Description

after clearing the cache and updating from 1.1.4 to 1.1.5 the bug report page failes always on the second new bug trying to add.

TagsNo tags attached.

Relationships

has duplicate 0009950 closedjreese Upgrade to 1.1.5 did not fix bug posting error found on issue 0009754 
has duplicate 0009977 closedjreese Report Issue -> Jumps in wrong project -> Application Error 2800 
has duplicate 0010049 closedjreese Error 2008 
has duplicate 0010195 closedjreese Reporting Issue 

Activities

dirkdatzert

dirkdatzert

2008-11-22 07:32

reporter   ~0019981

As far as I tracked down the problem the form_security_token named 'bug_report_token' is in the form, but isn't validated correct by form_security_validate which returns false on the second bug report.

I fixed it for my local version by form_security_validate will always return true now.
dirkdatzert

dirkdatzert

2008-11-22 10:49

reporter   ~0019982

An other solution special for IE would be the change in core.php:

            if ( isset( $g_allow_browser_cache ) && ON == $g_allow_browser_cache ) {
                    switch ( $t_browser_name ) {
                    case 'IE':
                            #header( 'Cache-Control: private, proxy-revalidate' );
                            header( 'Cache-Control: no-cache' );
                            break;
                    default:
                            header( 'Cache-Control: private, must-revalidate' );
                            break;
                    }

            } else {
                    header( 'Cache-Control: no-store, no-cache, must-revalidate' );
            }
jreese

jreese

2008-11-22 10:49

reporter   ~0019983

The problem I assume is that the 'bug_report_token' doesn't change (which it should), which is why form_security_validate() will fail.

Do you have a proxy server between you and the web server? I'm just trying to gather as much data as I can to figure this out...
tmatijas

tmatijas

2008-11-23 03:38

reporter   ~0019990

Ok - I wanted to make sure I eliminated 2800 entirely before I posted this.. It is a backward simplistic fix but it works. It seems I have defeated it.. It has not reapeared in firefox 3.x or ie7 for windows vista since i changed these and I tested on Apache 2.x and IIS7. The approach I used forces IE to refresh the cache every time automatically without having to press alt key then refresh or without changing ie config or clearing cache manually. I have not disabled proxy-revalidate yet but dont think I will need to since this has NOT failed yet and I am on like 20 posts to several projects most of which were done sequencially one after another.

Add the 3 lines listed below to 4 files:
bug_report_advanced_page.php
bug_report_page.php
login_select_project_page.php
set_project.php

  1. Put this in top of file BEFORE <?php start tag:
    <input type="hidden" name="refresh" value="<?php echo time(); ?>" />
    NOTE: THis forces server to process time and puts it into hidden feild. See also step 3. BTW - I think someone else on this forum troed the time server trick and put it somewhere in one of the core files (cant remmber where). I tried that at some point and it didnt seem to work. I think step 2 is what actually works.

  2. Then, somewhere in the middle of your page, put the following:
    <img src="images/1pix.gif?q=1"><img src="images/1pix.gif?q=2">
    NOTE: You must make a small transparent gif file. I use a blank 1x1 pixel file. This tricks server into thinking same gif is 2 different files and forces refresh.

  3. Add this somewhere in the page as well:
    <font color="ffffff"><?php echo time(); ?></font>
    NOTE: This is a repeat of step one for redundancy.. Make sure the font color is same as your background. White is mantis default. This is an optional step and I included it since I was not sure step one was going to work... just left it in anyway and have not tested without it.

SOME MORE ADVICE: You can just make one file and call it something like 2800fix.php and just use includes in those 4 files. You can probably put it in config_inc.php or core.php so every page on the site does this but I dont recommnend that.

P.S. I am using 1.1.4
P.S2. Question to jreese.. Did you fix the mail password hash problem in 1.1.5? Since I included the auto url forward I have had no problem in 1.1.4. But then again, this was also a backward way of doing it.. Anyway, please refer me to the dif file so I can patch 1.1.4 the right way.
tmatijas

tmatijas

2008-11-23 05:02

reporter   ~0019996

BTW - Forgot to mention.. The page does nto fully refresh until you submit a trouble report meaning when you hit back button after you get an error for like not filling in a required feild, your browser WILL retain all feilds so you dont have to fill them in again. This is NOT the case if you use the recommnded file.. i.e. commenting out the dollowing line:

#case 'IE':
#header( 'Cache-Control: private, proxy-revalidate' );
#break;

With the recommnded fix, mantis becomes a headache since you MUST fill in all feilds again which can take minutes or even hours with long complicated posts.
dirkdatzert

dirkdatzert

2008-11-24 08:13

reporter   ~0020007

There is no proxy between browser and server. I compared the values of 'bug_report_token' which were different on the two form pages.
jreese

jreese

2008-11-24 09:26

reporter   ~0020010

Ok, I think we finally have this issue nailed down. The appropriate patches for each branch have been committed, which adds 'Last-Modified' headers to the output of core.php. This fixes the root problem of the server returning 302 Not Modified, and because of that, fixes the problems where IE6 and friends did not pull a new form security token. At the same time, we were able to return back to sending the necessary caching headers for IE6 and IE7 to retain form contents when pressing the back button, in case of mistakes.

The patches listed below can be applied to 1.1.5 to solve the problem, until we can get a 1.1.6 release tested and out the door. Again, clear your browser's cache after applying the fix to be sure the issue has been resolved.
tmatijas

tmatijas

2008-11-24 14:16

reporter   ~0020013

jreese - thank you for the fix. this was a tough assignment. no problems on my end reported at all. did you ever fix the issue related to password hashing in emails - the one that when you click on the verify password link you get the mantis error? please email me or add a quick blurb to this post. Thanks, TOm
jreese

jreese

2008-11-24 14:24

reporter   ~0020014

Yes, that problem was fixed in the normal 1.1.5 release. See issue 0009713.

Related Changesets

MantisBT: master 14d3d357

2008-11-24 09:11

jreese


Details Diff		 Revert <a class="text" href="/?p=mantisbt.git;a=object;h=c6821f71">c6821f71</a>, fix 0009754, 0009869, 0009323 by adding Last-Modified headers to match Expires.

Commit has been tested on:
FF 2.0.14
FF 3.0.4
IE 8.0.6001.18241
IE 6.0.2900.5122
GC 0.4.154.23
Opera 9.51.10081		 Affected Issues
0009323, 0009754, 0009869
mod - core.php Diff File

MantisBT: master-1.1.x 161a677e

2008-11-24 09:11

jreese


Details Diff		 Revert <a class="text" href="/?p=mantisbt.git;a=object;h=4ee424e1">4ee424e1</a>, fix 0009754, 0009869, 0009323 by adding Last-Modified headers to match Expires.

Commit has been tested on:
FF 2.0.14
FF 3.0.4
IE 8.0.6001.18241
IE 6.0.2900.5122
GC 0.4.154.23
Opera 9.51.10081		 Affected Issues
0009323, 0009754, 0009869, 0009892
mod - core.php Diff File