0016208: Doesn`t ask for confirmation in POST request to create task

ID	Project	Category	View Status	Date Submitted	Last Update
0016208	mantisbt	bugtracker	public	2013-07-22 14:01	2013-08-06 15:48

Reporter	sergtop	Assigned To	dregad
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	no change required
Product Version	1.2.15

Summary	0016208: Doesn`t ask for confirmation in POST request to create task
Description	If I have saved POST request I can submit it without confirmation and new blank task is created seems some bug with form token regenerating Opera is better to understand the problem as there is no confirmation while resubmitting POST request
Steps To Reproduce	1) Create task in Opera 2) While you are on the page http://<bt>/bug_report.php (before relocated to View Issues page) with "Operation successful" message simply press F5 - and new task is created (with some strange field filling) 2) Opera has a feature to reopen closed pages, i.e. "basket". If right after submitting new task the page is closed (while on http://<bt>/bug_report.php), and the reopened - new task also created, as this feature opens the page with the same GET & POST data
Tags	No tags attached.

dregad 2013-07-23 02:10 developer ~0037510	With default settings, an action such as what you describe should normally trigger an APPLICATION ERROR 2800 (Invalid form security token). Please check the value defined for $g_form_security_validation in your config; for security reasons I strongly recommend that you leave it to its default value (ON).

sergtop 2013-07-23 02:30 reporter ~0037511	It is set to ON in config_defaults_inc.php, and is NOT redefined in config_inc.php

dregad 2013-07-23 11:29 developer ~0037515	Sorry but I am not able to reproduce the behavior you describe.

sergtop 2013-07-23 17:23 reporter ~0037520	the problem has been solved. trigger_error() is not working if there is "error_reporting = 0" set in php.ini as global variable. Maybe it should be some ini_set in MantisBT for such a configuration of PHP

dregad 2013-07-23 17:50 developer ~0037521	Thanks for reporting back, and glad to hear you found the root cause. FYI, the 'error_reporting = 0' behavior is a known issue, which is planned to be fixed in the next version of Mantis (see 0010966 for details).