View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0020002 | mantisbt | custom fields | public | 2015-08-04 20:59 | 2015-09-13 18:27 |
Reporter | badfiles | Assigned To | vboctor | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.3.0-beta.2 | ||||
Target Version | 1.3.0-beta.3 | Fixed in Version | 1.3.0-beta.3 | ||
Summary | 0020002: Custom field value may not be purged | ||||
Description | Setup an 'email' or 'string' type custom field with min_length=max_length=0. Open an issue and give such field a value. Then try changing it with bug_update_page.php. Setting an empty value would do nothing. With bug_actiongroup_page.php you could set any value, including empty. | ||||
Tags | mantishub | ||||
I can reproduce this. This bug was introduced as part of a fix for the set of bugs that were introduced when the bug_update.php action page started being used for multiple actions: update issue and change status. |
|
Another scenario that I included in the pull request is the following:
The fix is to only require the field if a user has access to set and hence it is rendered in the form. |
|
Regarding the scenario described in 0020002:0051300, I am not sure this is a good thing to do, as it essentially defeats the purpose of making the field mandatory when reporting, which may lead to data inconsistencies down the line. In other words, since C1 is mandatory, you expect to find some value in it, but issues reported by X will have C1 == null. In my opinion, preventing X from reporting issues in such case is the correct behavior; the appropriate fix is to revise the configuration (lower C1 write access level or increase X's) |
|
Follow up fix PR: https://github.com/mantisbt/mantisbt/pull/638 |
|
@vboctor, since you did the root cause analysis, maybe you could update product version from 'git trunk' to the appropriate value. |
|
Updated product version based on related issue 0019570 |
|
MantisBT: master 047f5aad 2015-08-27 18:53 Details Diff |
Fix ability to purge value of a custom field Fixes 0020002 |
Affected Issues 0020002 |
|
mod - bug_update.php | Diff File | ||
mod - core/custom_field_api.php | Diff File | ||
MantisBT: master ba13782f 2015-09-04 21:30 Details Diff |
Fix custom field access denied on bug update page The previous fix caused triggering of access_denied due to the addition of the BUG_UPDATE_TYPE_NORMAL. Issue 0020002 |
Affected Issues 0020002 |
|
mod - bug_update.php | Diff File |