Relationship Graph

View IssueDependency GraphShow Summary
Relationship Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0036861mantisbtotherpublic2026-02-02 10:572026-05-14 14:07
Reporterraspopov Assigned Tocommunity  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.28.0 
Target Version2.29.0Fixed in Version2.29.0 
Summary0036861: Non-optimal verification of uploaded files
Description

If you try to upload invalid files on the issue creation page (for example, those specified in the disallowed_files setting), the upload will fail, and the form will remain on the screen as if the issue had not been created. However, the issue will have been created without the uploaded files. Users cannot tell that the issue has already been created.

Additional Information

This occurs because the issue validation process in the validate() function performs fewer checks than the process of adding uploaded files in the process() function.

TagsNo tags attached.

Relationships

Relationship GraphDependency Graph
related to 0036857 closedatrol Improving Workflow Graph display 

Activities

raspopov

raspopov

2026-02-02 11:08

reporter   ~0070755

PR: https://github.com/mantisbt/mantisbt/pull/2176

  • Verification code is collected in one place inside the file_ensure_uploaded() function.
  • Added checks to the IssueFileAddCommand and IssueNoteAddCommand commands.
  • Extended checking for web server upload errors.
  • Tests for the file_ensure_uploaded() function have been added.

Related Changesets

MantisBT: master b7741aa5

2026-02-03 10:11

raspopov

Committer: dregad


Details Diff		 Optimize the verification of uploaded files

- Verification code is collected in one place inside
the file_ensure_uploaded() function.
- Added checks to the IssueFileAddCommand and
IssueNoteAddCommand commands.
- Extended checking for web server upload errors.
- Tests for the file_ensure_uploaded() function have been added.
- Add file name to exception messages.

Fixes 0036861, PR https://github.com/mantisbt/mantisbt/pull/2176		 Affected Issues
0036861
mod - core/commands/IssueAddCommand.php Diff File
mod - core/commands/IssueFileAddCommand.php Diff File
mod - core/commands/IssueNoteAddCommand.php Diff File
mod - core/file_api.php Diff File
mod - proj_doc_update.php Diff File
add - tests/Mantis/AntispamApiTest.php Diff File
add - tests/Mantis/FileApiTest.php Diff File