View Issue Details

IDProjectCategoryView StatusLast Update
0026542mantisbtapi restpublic2020-02-17 04:46
Reportermnewnham Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.22.1 
Target Version2.24.0Fixed in Version2.24.0 
Summary0026542: Passing out of range custom field id causes multiple PHP warnings / incorrect response
Description

Passing an out of range custom field id through the API causes multiple PHP warnings and an incorrect error response:

Rest Error

Custom field '' not found

Apache Log

[Mon Dec 30 10:57:00 2019] [error] [client 192.168.10.35] PHP Notice: Undefined index: name in /home/mantisbt/mantisbt-2.22.1/api/soap/mc_custom_field_api.php on line 41
[Mon Dec 30 10:57:00 2019] [error] [client 192.168.10.35] PHP Notice: Undefined index: name in /home/mantisbt/mantisbt-2.22.1/api/soap/mc_issue_api.php on line 419

Steps To Reproduce

$c = new stdClass;
$c->id = $id;
$c->custom_fields = array(
array(
'field'=>array('id'=>999999999999999999999999999999999999), //At least 36 9s
'value'=>123)
);

$jsonData = json_encode($c);

---------------------------> PUSH TO API

TagsNo tags attached.

Relationships

related to 0026541 resolveddregad Passing invalid id to rest api custom field update causes program crash 
related to 0026540 resolveddregad Passing unsanitized data to type hinted function causes program crash 

Activities

Related Changesets

MantisBT: master 94c96ac8

2020-02-02 16:31:27

dregad

Details Diff
Fix undefined index PHP notice

If 'name' key is not defined, mci_get_custom_field_id_from_objectref()
throws a PHP notice, causing Slim to segfault.

Fixes 0026542
Affected Issues
0026542
mod - api/soap/mc_custom_field_api.php Diff File

Issue History

Date Modified Username Field Change
2019-12-30 13:11 mnewnham New Issue
2020-02-02 16:41 dregad Status new => assigned
2020-02-02 16:41 dregad Assigned To => dregad
2020-02-02 16:46 dregad Relationship added related to 0026541
2020-02-02 16:47 dregad Relationship added related to 0026540
2020-02-02 17:00 dregad Note Added: 0063554
2020-02-02 17:00 dregad Target Version => 2.24.0
2020-02-17 04:46 dregad Changeset attached => MantisBT master 94c96ac8
2020-02-17 04:46 dregad Status assigned => resolved
2020-02-17 04:46 dregad Resolution open => fixed
2020-02-17 04:46 dregad Fixed in Version => 2.24.0