View Issue Details

IDProjectCategoryView StatusLast Update
0026542mantisbtapi restpublic2020-03-15 15:23
Reportermnewnham Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.22.1 
Target Version2.24.0Fixed in Version2.24.0 
Summary0026542: Passing out of range custom field id causes multiple PHP warnings / incorrect response
Description

Passing an out of range custom field id through the API causes multiple PHP warnings and an incorrect error response:

Rest Error

Custom field '' not found

Apache Log

[Mon Dec 30 10:57:00 2019] [error] [client 192.168.10.35] PHP Notice: Undefined index: name in /home/mantisbt/mantisbt-2.22.1/api/soap/mc_custom_field_api.php on line 41
[Mon Dec 30 10:57:00 2019] [error] [client 192.168.10.35] PHP Notice: Undefined index: name in /home/mantisbt/mantisbt-2.22.1/api/soap/mc_issue_api.php on line 419

Steps To Reproduce

$c = new stdClass;
$c->id = $id;
$c->custom_fields = array(
array(
'field'=>array('id'=>999999999999999999999999999999999999), //At least 36 9s
'value'=>123)
);

$jsonData = json_encode($c);

---------------------------> PUSH TO API

TagsNo tags attached.

Relationships

related to 0026541 closeddregad Passing invalid id to rest api custom field update causes program crash 
related to 0026540 closeddregad Passing unsanitized data to type hinted function causes program crash 

Activities

Related Changesets

MantisBT: master 94c96ac8

2020-02-02 11:31

dregad


Details Diff
Fix undefined index PHP notice

If 'name' key is not defined, mci_get_custom_field_id_from_objectref()
throws a PHP notice, causing Slim to segfault.

Fixes 0026542
Affected Issues
0026542
mod - api/soap/mc_custom_field_api.php Diff File