View Issue Details

IDProjectCategoryView StatusLast Update
0023712mantisbtauthenticationpublic2019-01-02 17:25
ReporterSL-Gundam Assigned Tovboctor  
PrioritynormalSeveritytweakReproducibilityalways
Status closedResolutionfixed 
Product Version2.9.0 
Target Version2.19.0Fixed in Version2.19.0 
Summary0023712: auth_get_current_user_id can return strings while that is not expected
Description

I'm using auth_attempt_script_login in my plugin
This function calls current_user_set( $t_user_id ); while $t_user_id is still a string. current_user_set does not convert it to an integer
auth_get_current_user_id returns a integer user_id unless it already has the current user cached.

This difference in variable type is an issue when core code like this is used which expects both sides to be of the same variable type
https://github.com/mantisbt/mantisbt/blob/master/bugnote_add.php#L127

TagsNo tags attached.

Relationships

related to 0023708 closedSL-Gundam Plugin - EmailReporting change the status of existing ticket fails 
related to 0024877 closedvboctor mantisbt IssueNoteAddCommand: reassign_on_feedback doesn't work if reporter is not specified 
related to 0024931 closedatrol mantisbt PHP warnings and errors when trying to signup existing user 

Activities

atrol

atrol

2017-12-08 14:08

developer   ~0058360

Could be related http://www.mantisbt.org/forums/viewtopic.php?f=3&t=25080
Did not find the time for deeper debugging with the user how it can happen that auth_get_current_user_id returns a string .

SL-Gundam

SL-Gundam

2017-12-08 20:44

reporter   ~0058364

I believe the two are the same issue as you reference here: http://www.mantisbt.org/forums/viewtopic.php?p=63726&sid=1c99a6ef9ca7772d3a198e5d19a9e848#p63726
$t_current_user_id; is also filled by using auth_get_current_user_id

Based on what i've seen the issue is that

Easiest fix would be to make sure the cached value in auth_get_current_user_id() is also cast to int.

vboctor

vboctor

2018-10-22 01:32

manager   ~0060838

PR: https://github.com/mantisbt/mantisbt/pull/1401

Related Changesets

MantisBT: master 183a4a94

2018-10-21 00:32:20

vboctor

Details Diff
Fix IssueNoteAddCommand re-assign on feedback

The issue was caused by logged in user id being returned as a string.

Fixes 0024877, 0023712
Affected Issues
0023712, 0024877
mod - core/authentication_api.php Diff File
mod - core/current_user_api.php Diff File
mod - core/user_api.php Diff File