View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0026798||mantisbt||administration||public||2020-03-19 12:26||2020-03-28 12:57|
|Target Version||2.25.0||Fixed in Version||2.25.0|
|Summary||0026798: PHP warning in config_get_global|
In some cases config_get_global gives ERROR_CONFIG_OPT_NOT_FOUND warning
This is WAD at the moment and happens for any string configuration option where function config_eval is not able to reference a variable.
In typical use cases there is no problem, but the approach itself is not clean and can lead to real life issues, e.g this post in forum
Most of the time there is just the warning without any visible side effect, e.g. set
but there are also strange restrictions because of this, e.g. you can't set something like
|Tags||No tags attached.|
Options to fix
Not sure if you are aware that since 1.2.0rc1, as a workaround
While it is true that there are a few config options such as
A simple check in config_eval(), making sure that the matched value is an existing global variable would probably do the trick (except for an improbable scenario where
An alternative would be to define a global variable, whitelisting all the configs that should never be eval'ed, similar to $g_public_config_names, e.g.
Then a simple in_array() lookup in config_eval() could skip the preg_match and replacement loop for those configs.
Of course we could also consider reversing the logic, i.e. implement this array as a list of configs where eval is allowed; I guess this would be closer to your intention of removing config_eval() (0021604), which I'm not convinced is something we should do.
EDIT: submitted the note by mistake, before I was done typing...
@atrol let me know if you feel it's worth pursuing the whitelist config option alternative, in that case it should probably be tracked separately.
Thanks for the hint, I wasn't aware of that
Sounds good as it fixes > 99,99% of real use cases, but complicates the rule when you have to use the escape workaround and when it works without escaping.
Not as an alternative, but an additional functionality.
I still think that removing wouldn't be that bad.
MantisBT: master 7fffd663
2020-03-21 13:02:01Details Diff
|Fix warning in config_get_global()
When config_eval() references an unknown config option, the code throws
an ERROR_CONFIG_OPT_NOT_FOUND warning.
To avoid this unwanted behavior, we now check that the config option to
replace actually exists before calling config_get()/config_get_global().
If not, the variable will be left as-is in the returned value.
|mod - core/config_api.php||Diff File|
MantisBT: master c2d6c3dd
2020-03-28 12:51:37Details Diff
|Fix warning and code cleanup in config_eval()
|mod - core/config_api.php||Diff File|
|2020-03-19 12:26||atrol||New Issue|
|2020-03-19 12:28||atrol||Description Updated||View Revisions|
|2020-03-19 12:28||atrol||Note Added: 0063778|
|2020-03-19 12:28||atrol||Relationship added||related to 0021604|
|2020-03-19 12:29||atrol||Note Edited: 0063778||View Revisions|
|2020-03-19 12:34||atrol||Description Updated||View Revisions|
|2020-03-21 10:37||dregad||Note Added: 0063782|
|2020-03-21 11:21||dregad||Note Added: 0063783|
|2020-03-21 11:21||dregad||Status||new => confirmed|
|2020-03-21 11:28||dregad||Note Edited: 0063783||View Revisions|
|2020-03-21 13:09||dregad||Assigned To||=> dregad|
|2020-03-21 13:09||dregad||Status||confirmed => assigned|
|2020-03-21 13:09||dregad||Note Added: 0063784|
|2020-03-21 20:30||atrol||Note Added: 0063785|
|2020-03-21 20:31||atrol||Target Version||=> 2.25.0|
|2020-03-23 17:24||atrol||Note Edited: 0063785||View Revisions|
|2020-03-26 09:19||atrol||Note Edited: 0063785||View Revisions|
|2020-03-28 12:57||dregad||Changeset attached||=> MantisBT master 7fffd663|
|2020-03-28 12:57||dregad||Changeset attached||=> MantisBT master c2d6c3dd|
|2020-03-28 12:57||dregad||Status||assigned => resolved|
|2020-03-28 12:57||dregad||Resolution||open => fixed|
|2020-03-28 12:57||dregad||Fixed in Version||=> 2.25.0|