View Issue Details

IDProjectCategoryView StatusLast Update
0025452mantisbtattachmentspublic2019-02-11 06:13
ReportertitovetchAssigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Product Version2.19.0 
Target VersionFixed in Version 
Summary0025452: there is no validation on $g_max_file_size
Description

i have set $g_max_file_size=500 by mistake and found that there is no validation on the attachments if you put a comments with attachment, only the comment will be posted

Steps To Reproduce

1 - set $g_max_file_size =500
2 - comment to any ticket with attachment

TagsNo tags attached.

Relationships

related to 0025463 assignedcproensa Dropzone max-filesize option is not correct 
related to 0025464 assignedcproensa Dropzone max-filesize is does nothing 

Activities

atrol

atrol

2019-02-07 12:40

developer   ~0061440

I am not able to reproduce using the given information.

When trying I get

APPLICATION ERROR #500
File upload failed. This is likely because the filesize was larger than is currently allowed by this PHP installation.

Certainly not the best possible error message, as you get it if the file size is greater than one of 3 settings.
$t_max_file_size = (int)min( ini_get_number( 'upload_max_filesize' ), ini_get_number( 'post_max_size' ), config_get( 'max_file_size' ) );

titovetch

titovetch

2019-02-08 09:06

reporter   ~0061453

i have tried the same in 2 environment and there is no error in validation and the comment posted.

Steps To Reproduce:

1- this my default setting for PHP and MYSQL
2- try to comment without $g_max_file_size using RAR file with size 11M and the comments posed without the attachment or an error
3- try to comment using the $g_max_file_size = 5000000; with the same RAR file with size 11M and the comments posed without the attachment or an error



Setting.png (11,826 bytes)
Setting.png (11,826 bytes)
atrol

atrol

2019-02-10 07:22

developer   ~0061471

Do you store attachments in database or on disk?
Do you get any error or warnings when running admin/check/index.php ?
Are there any error or warnings in web server, database or PHP logs?
Have you any 3rd party plugins installed ?
Did you change any source of Mantis?
Did you change $g_display_errors setting?

cproensa

cproensa

2019-02-10 08:20

developer   ~0061472

Dropzone is configured with a max-files-size setting. When a file in its queue is bigger that that, the file is silently ignored and not uploaded.
Thus, there is no error, but no attachment either.

Additionally, that configuration is weak, see 0025463 and 0025464

i think the scenario reported here is believable.

cproensa

cproensa

2019-02-10 08:26

developer   ~0061473

The fact that atrol reproduces the server side error, also as i have experience usually, is probably:

  • config_get( 'max_file_size' ) = 5M (as mantis default)
  • ini_get_number( 'upload_max_filesize' ) = 2M (as php default)

files between 2M and 5M will be fine in dropzone, but gets an error at server side.
files >5M will be ignored by dropzone, and get no error nor attachment at server side.

atrol

atrol

2019-02-10 08:31

developer   ~0061474

Thanks @cproensa 0025452:0061473 probably explains it.

titovetch

titovetch

2019-02-11 06:13

reporter   ~0061479

Do you store attachments in database or on disk?
==> databse
Do you get any error or warnings when running admin/check/index.php ?
==>attached
Are there any error or warnings in web server, database or PHP logs?
==>no
Have you any 3rd party plugins installed ?
==>no
Did you change any source of Mantis?
==>no
Did you change $g_display_errors setting?
==>no

i'm using WAMP server and i have updated it to the new version and forget to increase all values needed in MYSQL and PHP thats why the error happen accidentally .

i think its related to tickets 0025453 as well



check.JPG (81,430 bytes)
check.JPG (81,430 bytes)

Issue History

Date Modified Username Field Change
2019-02-07 11:15 titovetch New Issue
2019-02-07 12:40 atrol Status new => feedback
2019-02-07 12:40 atrol Note Added: 0061440
2019-02-08 09:06 titovetch File Added: Setting.png
2019-02-08 09:06 titovetch Note Added: 0061453
2019-02-08 09:06 titovetch Status feedback => new
2019-02-09 14:37 cproensa Relationship added related to 0025464
2019-02-09 14:38 cproensa Relationship added related to 0025463
2019-02-10 07:22 atrol Status new => feedback
2019-02-10 07:22 atrol Note Added: 0061471
2019-02-10 08:20 cproensa Note Added: 0061472
2019-02-10 08:26 cproensa Note Added: 0061473
2019-02-10 08:31 atrol Note Added: 0061474
2019-02-11 06:13 titovetch File Added: check.JPG
2019-02-11 06:13 titovetch Note Added: 0061479
2019-02-11 06:13 titovetch Status feedback => new