0014478: The global category "General" can be deleted, but the $g_default_category_for_moves must be protected from suppression - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0014478	mantisbt	administration	public	2012-07-12 05:07	2014-09-23 18:05

Reporter	VeMag	Assigned To	dregad
Priority	high	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	1.2.11
Target Version	1.2.12	Fixed in Version	1.2.12

Summary	0014478: The global category "General" can be deleted, but the $g_default_category_for_moves must be protected from suppression
Description	The site will be blocked after the first public bug moved from a project to another where its category doesn't exist. The error is : APPLICATION ERROR # 1502 Category not found I think many other issues are child of this one : 0012945 0012431 0014189 ...
Steps To Reproduce	Create 2 public projects (Project1, Project2) Create "category1" only in Project1 Create a bug in Project1 with category1 Delete the category "General" in administration Move bug from Project1 to Project2 Go to "View Issues" or "My View"... Error : APPLICATION ERROR 0001502 Category not found
Additional Information	repair with : INSERT INTO `mantis`.`mantis_category_table` (`id`, `project_id`, `user_id`, `name`, `status`) VALUES ('1', '0', '0', 'General', '0');
Tags	No tags attached.

atrol 2012-07-12 06:37 developer ~0032310 Last edited: 2012-07-13 05:15	VeMag, what do you mean when writing "The global category "General" can be suppress" Unchecking "Inherit Global Categories" in the project settings? Edited 1: Forget my question, I didn't read in "Steps to reproduce" You probably mean unchecking "Inherit Global Categories" Edited 2: German tries to understand French in English ;-) You mean "deletion" and not "supression" So what I wrote in Edited 1 is wrong. You mean "Manage" > "Manage Projects" and push the "Delete" button for category "General"

atrol 2012-07-12 06:55 developer ~0032311	Do you think we can close your issue and should follow up 0014190

VeMag 2012-07-12 07:31 reporter ~0032312	Only if 0014190 is implemented in 1.2.12 ... it seams easier to return an error and refuse to delete the category if its ID is equal to $g_default_category_for_moves

dregad 2012-07-30 19:24 developer ~0032409	I think VeMag's suggestion makes sense and is quite straightforward to implement. The only catch is that 'default_category_for_moves' can also technically be defined on a per-project (or even per-user) basis, therefore it is not sufficient to just check for the global variable's value... Therefore I propose to prevent deletion when the category is set as default anywhere (i.e. in config_inc.php or in the config table for any project/user) - see https://github.com/dregad/mantisbt/commit/88a1f0858fbb193e4fba3331f4683f1cb6bae9cc Let me know what you think and if that works for you.

atrol 2012-07-31 07:17 developer ~0032416	dregad, I had a short look at your fix. Concatenating the where clause of the statment instead of using bind variables (db_param) is not the typical MantisBT programming style. I think this is to prevent SQL injections. (a bit theoretic in this case)

dregad 2012-07-31 07:36 developer ~0032418	You're probably right, it's better practice to use bind variables (also helps RDBMS parse SQL and cache it I guess, although the SQL injection does not quite apply in the case of a constant. Anyway I'll make the change.

atrol 2012-07-31 09:39 developer ~0032423	although the SQL injection does not quite apply in the case of a constant. You are right, my mistake was that I had the value of the configuration option in my head when writing this.

dregad 2012-08-03 18:05 developer ~0032462	Updated as per our discussion https://github.com/dregad/mantisbt/tree/fix-14478

dregad 2012-08-16 04:59 developer ~0032576	@VeMag - any feedback on this, or are you happy with my proposed fix ?

VeMag 2012-08-21 08:14 reporter ~0032617	Looks great ! Many thanks !

grangeway 2013-04-05 17:56 reporter ~0036138	Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch

MantisBT: master-1.2.x f50762c1 2012-07-30 10:49 dregad Details Diff	Protect $g_default_category_for_moves from deletion When a category defined as default_category_for_moves is deleted and an issue is subsequently moved to another project where its current category does not exist, it gets assigned a non-existing category. This causes application error 1502 to be triggered whenever MantisBT tries to display the issue's Category, which can cause a system lock up. This commit reduces the risk of this situation from happening, by preventing users from deleting categories which are used as default (either defined in config_inc.php or in the config table). Fixes 0014478	Affected Issues 0014478
	mod - core/constant_inc.php	Diff File
	mod - lang/strings_english.txt	Diff File
	mod - manage_proj_cat_delete.php	Diff File
MantisBT: master 6f76cf63 2012-07-30 10:49 dregad Details Diff	Protect $g_default_category_for_moves from deletion When a category defined as default_category_for_moves is deleted and an issue is subsequently moved to another project where its current category does not exist, it gets assigned a non-existing category. This causes application error 1502 to be triggered whenever MantisBT tries to display the issue's Category, which can cause a system lock up. This commit reduces the risk of this situation from happening, by preventing users from deleting categories which are used as default (either defined in config_inc.php or in the config table). Fixes 0014478	Affected Issues 0014478
	mod - core/constant_inc.php	Diff File
	mod - lang/strings_english.txt	Diff File
	mod - manage_proj_cat_delete.php	Diff File

related to	0014190	acknowledged		When moving an issue, allow selection of both the Project and the Category
related to	0015721	closed	grangeway	Functionality to consider porting to master-2.0.x
has duplicate	0014528	closed	atrol	Moving an issue from project with specific categories to project with global categories changes category to default
related to	0015222	closed	rombert	mc_project_delete_category fails to delete category

View Issue Details

Relationships

Activities

Related Changesets