View Issue Details

IDProjectCategoryView StatusLast Update
0021635mantisbtadministrationpublic2019-12-03 06:25
ReporterKenMcGinnis Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status feedbackResolutionopen 
PlatformWindows Server 2012 R2OSWindows Server 2012 R2 
Product Version1.3.0 
Summary0021635: Problems with corrupting database with use of $g_absolute_path_default_upload_folder = 'Files/';
Description

First I'll list my settings:

config_inc.php values:

$g_allow_file_upload    = ON;
$g_file_upload_method   = DISK;
$g_absolute_path_default_upload_folder = 'Files/';

Bug 1. See screenshot for Failed errors with
www.ourwebsite.com/mantis/admin/check/index.php
http://www.MillenniaCorp.com/Ken/MantisBugs/z-mantis-1.jpg
Why show errors when attaching a file to an issue actually works and saves the attached file in the mantis/Files folder correctly. I can attache the file. It is saved when I look in the Files folder and I can download the attached file from the mantis issue. So, the Files folder is setup correctly and is writable and is accessible. The admin/check/index.php tests are wrong. this needs to be fixed.

Bug 2. See screenshots for an error when updating a project.
Steps: Mangage -> Manage Projects -> click the Project to Edit -> Don't make any changes and the value of "Files/" is automatically filled in. It comes from the config_inc.php file -> now click the Update Project button ->

Notice from screenshot (z-mantis-2.jpg) that Upload File Path is automatically filled in with the value of "Files/" each time I edit a project.
http://www.MillenniaCorp.com/Ken/MantisBugs/z-mantis-2.jpg

Re-edit project after last save. Bug, \ character added to "Files/\"
http://www.MillenniaCorp.com/Ken/MantisBugs/z-mantis-3.jpg

Now database is corrupted with extra \ character added to "Files/\"
Bug 3. Project table is now corrupt with extra \ character added to "Files/\".
See screenshot of table 'mantis_project_table' and the 'file_path' field.
http://www.MillenniaCorp.com/Ken/MantisBugs/z-mantis-5.jpg

BUG 4. New attachments saved in the file table is corrupt for any attachments added after the Edit and Update of a Mantis project.
See screenshot of table 'mantis_bug_file_table' and the 'folder' field.
http://www.MillenniaCorp.com/Ken/MantisBugs/z-mantis-4.jpg

Notes: I have found that the only work around (so that the database is not corrupted) is to edit the mySQL database directly to blank out the "Upload File Path" for the project each time I edit a project. By blanking it out in the mantis_project_table the database correctly gets the value of "Files/" added to the 'mantis_bug_file_table' folder field. If I forget then the mantis_bug_file_table also becomes corrupted with the extra \ character added to the end of the Files/\ value. I then have to edit manually and remove all the extra \ character from all attachment records added after a project was edited so that the attachments can be view/downlaoded by users.

EDIT (dregad) fix markdown

TagsNo tags attached.

Relationships

related to 0020602 closeddregad absolute_path_default_upload_folder has a trailing directory separator: "Files/" 

Activities

KenMcGinnis

KenMcGinnis

2016-08-20 23:40

reporter   ~0053868

Related to Mantis Issue 20602 reported before. Hopefully this time I have documented it well enough for it to get fixed.

atrol

atrol

2016-08-21 04:58

developer   ~0053869

Last edited: 2016-08-21 05:00

View 2 revisions

The first question remains the same 0020602:0052521
Do you work on Windows?
[Edit] Just saw that you are on Windows Server 2012 R2

If so, does it work with 'Files\' ?

atrol

atrol

2016-08-21 09:03

developer   ~0053870

Last edited: 2019-12-03 06:25

View 2 revisions

@dregad,

function validate_project_file_path does not just validate the path but changes also the path in some cases as it calls terminate_directory_path( $p_file_path );
This is convenient for some use cases, but the root cause of mentioned bug 2.
I think that validation functions should never change any value.

Furthermore file_ensure_valid_upload_path is not called in function validate_project_file_path if path == config_get( 'absolute_path_default_upload_folder' )
I think it's better to check always any path as absolute_path_default_upload_folder might also be invalid.

So the function would look like:

function validate_project_file_path( $p_file_path ) {
    if( !is_blank( $p_file_path ) ) {

        file_ensure_valid_upload_path( $p_file_path );
        # If the provided path is the same as the default, make the path blank.
        # This means that if the default upload path is changed, you don't have
        # to update the upload path for every single project.
        if( !strcmp( $p_file_path, config_get( 'absolute_path_default_upload_folder' ) ) ) {
            $p_file_path = '';
        } 
    }

    return $p_file_path;
}

This might introduce regressions on some installations, but I don't like that much such kind of partial self healing stuff.

EDIT (dregad) fix markdown

KenMcGinnis

KenMcGinnis

2016-08-21 19:06

reporter   ~0053874

No. If I change:
$g_absolute_path_default_upload_folder = 'Files/';
to be
$g_absolute_path_default_upload_folder = 'Files\';
and save the file then hit refresh in chrome to refresh the page I get an error: "The zzzzz page isn't working. xxxxx is currently unable to handle this request. HTTP ERROR 500" with a "Reload" button.
If I change it back to 'Files/' the page loads just fine. I have my site default to View Issues. The view_all_bug_page.php is the page that will no longer load if I change the setting to 'Files\'.

KenMcGinnis

KenMcGinnis

2016-08-21 19:08

reporter   ~0053875

atrol, if you don't have a Windows server to test on I'd be happy to do a google hangout or skype call where I could share my screen and we could try anything you want.

atrol

atrol

2016-08-22 02:17

developer   ~0053876

I have no time at the moment to have a deeper look at it.
Just want to mention that $g_absolute_path_default_upload_folder is the
absolute path to the default upload folder, thus it should be set to something like 'c:\mantis\files\'

KenMcGinnis

KenMcGinnis

2016-08-22 03:23

reporter   ~0053877

All of the exact same problems.

With:
C:\inetpub\sites\mywebsite.com\mantis\Files\
And page gets same error and can't load.

With:
C:/inetpub/sites/LegacyTracking.com/Tracker/Files/
It works until I edit a project and then it adds the \ to the end of it.
C:/inetpub/sites/LegacyTracking.com/Tracker/Files/\

If it's the absolute path (full path) then the documentation needs to be changed to state that instead of the example they show of 'Files/'

KenMcGinnis

KenMcGinnis

2016-08-22 03:28

reporter   ~0053878

Using:
C:/inetpub/sites/LegacyTracking.com/Tracker/Files/
And not modifying a project to mess it up and now all of my 'mantis_bug_file_table' records for new attachments has a full path in the 'folder' field. All my other records only have 'Files/' in the 'folder' field.

atrol

atrol

2016-08-23 03:10

developer   ~0053881

Last edited: 2019-12-03 06:25

View 2 revisions

If it's the absolute path (full path) then the documentation needs to be changed

I don't see any documentation for this option in Admin Guide.
This is what we have in config_defaults_inc.php

/**
 * absolute path to the default upload folder.  Requires trailing / or \
 * @global string $g_absolute_path_default_upload_folder
 */
$g_absolute_path_default_upload_folder = '';

EDIT (dregad) fix markdown

Issue History

Date Modified Username Field Change
2016-08-20 23:36 KenMcGinnis New Issue
2016-08-20 23:40 KenMcGinnis Note Added: 0053868
2016-08-21 04:58 atrol Status new => feedback
2016-08-21 04:58 atrol Note Added: 0053869
2016-08-21 05:00 atrol Note Edited: 0053869 View Revisions
2016-08-21 05:02 atrol Relationship added related to 0020602
2016-08-21 09:03 atrol Note Added: 0053870
2016-08-21 19:06 KenMcGinnis Note Added: 0053874
2016-08-21 19:06 KenMcGinnis Status feedback => new
2016-08-21 19:08 KenMcGinnis Note Added: 0053875
2016-08-22 02:17 atrol Status new => feedback
2016-08-22 02:17 atrol Note Added: 0053876
2016-08-22 03:23 KenMcGinnis Note Added: 0053877
2016-08-22 03:23 KenMcGinnis Status feedback => new
2016-08-22 03:28 KenMcGinnis Note Added: 0053878
2016-08-23 03:10 atrol Status new => feedback
2016-08-23 03:10 atrol Note Added: 0053881
2019-12-03 06:21 dregad Description Updated View Revisions
2019-12-03 06:25 dregad Note Edited: 0053870 View Revisions
2019-12-03 06:25 dregad Note Edited: 0053881 View Revisions