View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0014478 | mantisbt | administration | public | 2012-07-12 05:07 | 2014-09-23 18:05 |
Reporter | VeMag | Assigned To | dregad | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.11 | ||||
Target Version | 1.2.12 | Fixed in Version | 1.2.12 | ||
Summary | 0014478: The global category "General" can be deleted, but the $g_default_category_for_moves must be protected from suppression | ||||
Description | The site will be blocked after the first public bug moved from a project to another where its category doesn't exist. APPLICATION ERROR # 1502 I think many other issues are child of this one : 0012945 0012431 0014189 ... | ||||
Steps To Reproduce | Create 2 public projects (Project1, Project2) Delete the category "General" in administration Move bug from Project1 to Project2 Go to "View Issues" or "My View"... Error : | ||||
Additional Information | repair with : INSERT INTO | ||||
Tags | No tags attached. | ||||
related to | 0014190 | acknowledged | When moving an issue, allow selection of both the Project and the Category | |
related to | 0015721 | closed | grangeway | Functionality to consider porting to master-2.0.x |
has duplicate | 0014528 | closed | atrol | Moving an issue from project with specific categories to project with global categories changes category to default |
related to | 0015222 | closed | rombert | mc_project_delete_category fails to delete category |
VeMag, what do you mean when writing "The global category "General" can be suppress" Edited 1: Edited 2: |
|
Do you think we can close your issue and should follow up 0014190 |
|
Only if 0014190 is implemented in 1.2.12 ... |
|
I think VeMag's suggestion makes sense and is quite straightforward to implement. The only catch is that 'default_category_for_moves' can also technically be defined on a per-project (or even per-user) basis, therefore it is not sufficient to just check for the global variable's value... Therefore I propose to prevent deletion when the category is set as default anywhere (i.e. in config_inc.php or in the config table for any project/user) - see https://github.com/dregad/mantisbt/commit/88a1f0858fbb193e4fba3331f4683f1cb6bae9cc Let me know what you think and if that works for you. |
|
dregad, I had a short look at your fix. |
|
You're probably right, it's better practice to use bind variables (also helps RDBMS parse SQL and cache it I guess, although the SQL injection does not quite apply in the case of a constant. Anyway I'll make the change. |
|
|
|
Updated as per our discussion https://github.com/dregad/mantisbt/tree/fix-14478 |
|
@VeMag - any feedback on this, or are you happy with my proposed fix ? |
|
Looks great ! Many thanks ! |
|
Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch |
|
MantisBT: master-1.2.x f50762c1 2012-07-30 10:49 Details Diff |
Protect $g_default_category_for_moves from deletion When a category defined as default_category_for_moves is deleted and an issue is subsequently moved to another project where its current category does not exist, it gets assigned a non-existing category. This causes application error 1502 to be triggered whenever MantisBT tries to display the issue's Category, which can cause a system lock up. This commit reduces the risk of this situation from happening, by preventing users from deleting categories which are used as default (either defined in config_inc.php or in the config table). Fixes 0014478 |
Affected Issues 0014478 |
|
mod - core/constant_inc.php | Diff File | ||
mod - lang/strings_english.txt | Diff File | ||
mod - manage_proj_cat_delete.php | Diff File | ||
MantisBT: master 6f76cf63 2012-07-30 10:49 Details Diff |
Protect $g_default_category_for_moves from deletion When a category defined as default_category_for_moves is deleted and an issue is subsequently moved to another project where its current category does not exist, it gets assigned a non-existing category. This causes application error 1502 to be triggered whenever MantisBT tries to display the issue's Category, which can cause a system lock up. This commit reduces the risk of this situation from happening, by preventing users from deleting categories which are used as default (either defined in config_inc.php or in the config table). Fixes 0014478 |
Affected Issues 0014478 |
|
mod - core/constant_inc.php | Diff File | ||
mod - lang/strings_english.txt | Diff File | ||
mod - manage_proj_cat_delete.php | Diff File |