View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0026539 | mantisbt | custom fields | public | 2019-12-30 11:39 | 2020-02-03 04:35 |
Reporter | mnewnham | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 2.22.1 | ||||
Summary | 0026539: Enumeration type of custom fields does not sanitize option input for trailing spaces | ||||
Description | The enumeration option allows input of options in the form a|b|c|d, and in the main application presents the option as a select list. However, the option allows for trailing spaces inside of individual options, i.e. 'A|B_|C|D'. Because of the nature of browser formatting and the use of select lists, It is impossible to see that they are in the record. They are however visible in the mantis_custom_field_table. This causes a problem in the API, as the option must exactly match to pass validation, i.e the passing of value "B" above must be passed as "B__" and the error returned: The solution for this is : on save of enum type : explode on "| " -> array_map('trim') -> implode on "|" This would leave any spaces deliberately left inside the custom fields untouched e.g. |Level 1|Level 2| etc... | ||||
Tags | No tags attached. | ||||
I can confirm that the system's behavior is as described, i.e. if the enum custom field is defined as That being said, creating an issue from the GUI and selecting value
Do I understand correctly, that you're suggesting to remove leading/trailing spaces when saving the custom field's definition (i.e. in manage_custom_field_update.php / custom_field_update() function? If so, I am concerned that this might introduce data discrepancies in systems that have custom field values stored with leading/trailing spaces, and some data cleanup would need to take place either as a one-shot upgrade task, or everytime an enum custom field is read/written. |
|
I think that the input should be sanitized.
|
|