View Issue Details

IDProjectCategoryView StatusLast Update
0022844mantisbtsecuritypublic2017-06-28 14:48
ReporterTicketSolver Assigned Todregad  
PriorityurgentSeverityblockReproducibilityalways
Status closedResolutionno change required 
Product Version2.4.0 
Summary0022844: Application Error #2800 after PHP upgrade from 7.1.3 to 7.1.4
Description

After upgrading the PHP version from 7.1.3 to the latest 7.1.4 I'll get for every form action the application error #2800.
The PHP.ini file as well as the Mantis config was not changed.
With PHP version 7.1.3 everything was fine.

Steps To Reproduce

On all form actions I'll get this error.
Examples:

  • Submit a bug
  • Install/upgrade a plugin
  • Update user profile settings
  • ..
  • ...
TagsNo tags attached.

Relationships

related to 0022831 closedatrol Systematic "APPLICATION ERROR #2800" 

Activities

TicketSolver

TicketSolver

2017-05-08 08:45

reporter  

error2800.PNG (20,158 bytes)   
error2800.PNG (20,158 bytes)   
atrol

atrol

2017-05-08 10:00

developer   ~0056804

Might help https://www.mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.troubleshooting.errors.2800

TicketSolver

TicketSolver

2017-05-08 10:16

reporter   ~0056805

I already had a look on this but all these points do note result in a solution. I also installed a complete new Mantis instance on the same machine and logged in for the first time.
Then there should be no problem with a session timeout, because the session will be created new. But I get the same error...

dregad

dregad

2017-05-08 11:24

developer   ~0056806

Mantis runs just fine on 7.1.4 for me (tested on WampServer 3.0.8).

I suggest you enable debugging information to help understanding the problem. Please follow these steps:

  1. temporarily configure your system as follows:
    $g_display_errors = array(
    E_WARNING => 'halt',
    E_NOTICE => 'halt',
    E_USER_ERROR => 'halt',
    E_USER_WARNING => 'halt',
    E_USER_NOTICE => 'halt'
    );
    $g_show_detailed_errors = ON;

WARNING - SECURITY RISK: the 'show_detailed_errors' config can cause MantisBT to display sensitive information about your system. We recommend to restrict its activation to a Test environment, only for as long as necessary. If possible, do not turn it ON globally, instead limit it for specific user(s) using the Manage Configuration page.

  1. Reproduce the error

If the output does not help you resolving the issue and you need further assistance,

  1. save the output of the error screen, preferably as an HTML page (not a screenshot !)
  2. be careful to remove/mask any confidential information if needed
  3. upload the results here
Kyle_Katarn

Kyle_Katarn

2017-05-08 11:31

reporter   ~0056807

I had the same issue after deleting a file in a comment.... killing all my cookies fixed the problem

TicketSolver

TicketSolver

2017-05-09 04:08

reporter   ~0056812

I changed the debug level but this does not help to solve the problem. I used a complete new installation of mantis and tried to update the password during logging in the first time as administrator. Attached you'll find the complete html page with the detailed error.

The problem occurs in Firefox as well as in the Internet Explorer. I also deleted all cookies and tried again. But this does also not help.

mantis_error_page.zip (261,022 bytes)
TicketSolver

TicketSolver

2017-05-09 04:42

reporter   ~0056813

Attached you'll find the php.ini session part.

php_session_config.PNG (38,458 bytes)   
php_session_config.PNG (38,458 bytes)   
dregad

dregad

2017-05-09 06:21

developer   ~0056814

@TicketSolver I looked at the attached error page; indeed it does not help much, just showing you're trying to open account_update.php and that no tokens were retrieved from the user's session. Note that accessing this page is only valid when coming from account_page.php (just mentioning that since you did not provide any context / detailed steps you followed to produce the error).

If you indeed went through the Update button on account_page.php, then maybe there is something broken with sessions handling. Since I can't reproduce the problem here, there is not much more I can do to help. I suggest you try to trace what is happening in form_security_token() function, when it is called (via form_security_field() [1]), to initialize the token and store it in the session. Is the token properly generated ? Is it stored in the user's session ?

Can you confirm that the change from PHP 7.1.3 to 7.1.4 is the only change between the working and broken installs ?

TicketSolver

TicketSolver

2017-05-09 07:28

reporter   ~0056815

I found the solution. The problem was not related to Mantis but more to the upgrade of PHP. We're using a custom apache user. During our PHP upgrade the default apache user is used to create the folder /var/lib/php7. Because of this our custom apache user was not able to set Session variables due to access to this folder. Sorry for your effort you did on solving this problem. This ticket can be closed now. Thank you very much.

Issue History

Date Modified Username Field Change
2017-05-08 08:45 TicketSolver New Issue
2017-05-08 08:45 TicketSolver File Added: error2800.PNG
2017-05-08 10:00 atrol Note Added: 0056804
2017-05-08 10:16 TicketSolver Note Added: 0056805
2017-05-08 11:24 dregad Note Added: 0056806
2017-05-08 11:31 Kyle_Katarn Note Added: 0056807
2017-05-09 04:08 TicketSolver File Added: mantis_error_page.zip
2017-05-09 04:08 TicketSolver Note Added: 0056812
2017-05-09 04:42 TicketSolver File Added: php_session_config.PNG
2017-05-09 04:42 TicketSolver Note Added: 0056813
2017-05-09 06:21 dregad Status new => feedback
2017-05-09 06:21 dregad Note Added: 0056814
2017-05-09 07:28 TicketSolver Note Added: 0056815
2017-05-09 07:28 TicketSolver Status feedback => new
2017-05-09 07:31 atrol Assigned To => dregad
2017-05-09 07:31 atrol Status new => resolved
2017-05-09 07:31 atrol Resolution open => no change required
2017-05-21 03:41 atrol Status resolved => closed
2017-06-28 14:48 atrol Relationship added related to 0022831