View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0020002||mantisbt||custom fields||public||2015-08-04 20:59||2015-09-13 18:27|
|Target Version||1.3.0-beta.3||Fixed in Version||1.3.0-beta.3|
|Summary||0020002: Custom field value may not be purged|
Setup an 'email' or 'string' type custom field with min_length=max_length=0. Open an issue and give such field a value. Then try changing it with bug_update_page.php. Setting an empty value would do nothing.
With bug_actiongroup_page.php you could set any value, including empty.
I can reproduce this. This bug was introduced as part of a fix for the set of bugs that were introduced when the bug_update.php action page started being used for multiple actions: update issue and change status.
Another scenario that I included in the pull request is the following:
The fix is to only require the field if a user has access to set and hence it is rendered in the form.
Regarding the scenario described in 0020002:0051300, I am not sure this is a good thing to do, as it essentially defeats the purpose of making the field mandatory when reporting, which may lead to data inconsistencies down the line.
In other words, since C1 is mandatory, you expect to find some value in it, but issues reported by X will have C1 == null.
In my opinion, preventing X from reporting issues in such case is the correct behavior; the appropriate fix is to revise the configuration (lower C1 write access level or increase X's)
Follow up fix PR: https://github.com/mantisbt/mantisbt/pull/638
@vboctor, since you did the root cause analysis, maybe you could update product version from 'git trunk' to the appropriate value.
Updated product version based on related issue 0019570
MantisBT: master 047f5aad
2015-08-27 22:53:35Details Diff
|Fix ability to purge value of a custom field
|mod - bug_update.php||Diff File|
|mod - core/custom_field_api.php||Diff File|
MantisBT: master ba13782f
2015-09-05 01:30:34Details Diff
|Fix custom field access denied on bug update page
The previous fix caused triggering of access_denied due to the addition of the BUG_UPDATE_TYPE_NORMAL.
|mod - bug_update.php||Diff File|
|2015-08-04 20:59||badfiles||New Issue|
|2015-08-22 17:12||vboctor||Assigned To||=> vboctor|
|2015-08-22 17:12||vboctor||Status||new => assigned|
|2015-08-23 14:17||vboctor||Note Added: 0051298|
|2015-08-23 16:58||vboctor||Note Added: 0051299|
|2015-08-23 17:00||vboctor||Target Version||=> 1.3.0-beta.3|
|2015-08-23 17:01||vboctor||Severity||minor => major|
|2015-08-23 17:01||vboctor||Tag Attached: mantishub|
|2015-08-23 17:33||vboctor||Note Added: 0051300|
|2015-08-27 05:07||dregad||Note Added: 0051319|
|2015-08-27 22:55||vboctor||Changeset attached||=> MantisBT master 047f5aad|
|2015-08-27 22:55||vboctor||Status||assigned => resolved|
|2015-08-27 22:55||vboctor||Resolution||open => fixed|
|2015-08-27 22:55||vboctor||Fixed in Version||=> 1.3.0-beta.3|
|2015-09-05 02:02||vboctor||Note Added: 0051375|
|2015-09-06 05:32||dregad||Note Added: 0051378|
|2015-09-06 12:24||vboctor||Changeset attached||=> MantisBT master ba13782f|
|2015-09-06 17:37||vboctoradmin||Status||resolved => closed|
|2015-09-13 18:26||dregad||Product Version||git trunk => 1.3.0-beta.2|
|2015-09-13 18:26||dregad||Note Added: 0051457|
|2015-09-13 18:26||dregad||Relationship added||related to 0019570|
|2015-09-13 18:27||dregad||Relationship replaced||has duplicate 0019570|