View Issue Details

IDProjectCategoryView StatusLast Update
0026275mantisbtauthorizationpublic2019-10-18 03:27
Reportertraynaud Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
OSwindows 
Product Version2.1.0 
Summary0026275: ERROR 403 Forbidden on Chrome and Firefox cause of cookies
Description

Many times a day we have this error.
We try to analyse but the problem seems to be link to cookies.
Working in same times with Mantis and a Prima solution web app reproduce systematically this error.
We suppose that there is a conflict between their owns cookies

TagsNo tags attached.

Activities

traynaud

traynaud

2019-10-16 08:52

reporter  

capture.jpg (1,066,506 bytes)
dregad

dregad

2019-10-16 12:28

developer   ~0062985

The provided information is not sufficient to provide any help in resolving the issue. A complete and detailed description is required for the support team to get a clear understanding of the problem, starting with the URL being accessed that is throwing the 403 error. Your screenshot does not help at all.

Note that Mantis 2.1.0 is nearly 3 years old. I strongly recommend that you upgrade to the latest release. At least you need to confirm that the problem can be reproduced in 2.22.1.

Please explain what you do, what are the results you expect to get and what you actually get.

Also provide detailed, step-by-step instructions to reproduce the issue; the additional information listed below may also be useful:

  • Exact version of MantisBT, PHP, Database, Web server, Browser and Operating System
  • Relevant customizations (e.g. changes in config_inc.php, etc)
  • Installed plugins or custom functions ?
  • Was the MantisBT source code modified in any way ?
traynaud

traynaud

2019-10-17 08:52

reporter   ~0062989

Sorry for missing informations :

Infos Server OS:
cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

uname -r
3.10.0-862.14.4.el7.x86_64

Infos Mantis:

Version de MantisBT 2.1.0
Version du schéma 209
Chemin du site /var/www/html/mantisbt-2.1.0/
Chemin du répertoire principal /var/www/html/mantisbt-2.1.0/core/
Chemin des plugins /var/www/html/mantisbt-2.1.0/plugins/

Greffon Description Dépendances Priorité Protégé Actions
Avatars via Gravatar 2.1.0 Description
Auteur : Victor Boctor
Site web : http://www.mantisbt.org MantisBT Core 2.0.0

Email Reporting 0.10.0 Offers the functionality to add issues and notes by email.
Auteur : Indy and various people after him.
Site web : http://www.mantisbt.org/wiki/doku.php/mantisbt:emailreporting MantisBT Core 1.3.0, <2.99.99

Formatage de MantisBT 2.1.0 Plugin officiel de traitement et de formatage du texte.
Auteur : MantisBT Team
Site web : http://www.mantisbt.org MantisBT Core 2.1.0

Graphiques Mantis 2.1.0 Plugin de graphiques officiel.
Auteur : MantisBT Team
Site web : http://www.mantisbt.org MantisBT Core 2.0.0

MantisBT Core 2.1.0 Core Plugin API for the Mantis Bug Tracker.
Auteur : MantisBT Team
Site web : http://www.mantisbt.org Aucune dépendance
MantisStats 2.4.0 Plugin de la statistique pour MantisBT
Auteur : Avetis Avagyan
Site web : https://www.mantisstats.org MantisBT Core 2.0.0

Greffon Description Dépendances Actions
Importer / Exporter des bugs 2.1.0 Permet d'importer et exporter des fichiers au format XML compatible avec MantisBT.
Auteur : MantisBT Team
Site web : http://www.mantisbt.org MantisBT Core 2.0.0
MantisBT Markdown 1.1.2 Markdown processing plugin.
Auteur : Frank Bültge
Site web : http://bueltge.de MantisBT Core 1.2.0
Formatage de MantisBT 1.0a

Infos php :

php --version
PHP 5.4.16 (cli) (built: Oct 30 2018 19:30:51)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies

Browsers version :
Google chrome 72.0.3626.109
Firefox ESR 68.1.0

In google chrome there this message in console "Active resource loading counts reached a per-frame limit while the tab was in background. Network requests will be delayed until a previous loading finishes, or the tab is brought to the foreground. See https://www.chromestatus.com/feature/5527160148197376 for more details"

Mantis Forbidden.png (31,582 bytes)   
Mantis Forbidden.png (31,582 bytes)   
traynaud

traynaud

2019-10-17 09:10

reporter   ~0062991

I find two config files

config_inc.php (47 bytes)   
<?php
require_once('custom_config_inc.php');
?>
config_inc.php (47 bytes)   
dregad

dregad

2019-10-17 09:32

developer   ~0062992

@traynaud I deleted your custom config file, as it contained a lot of sensitive information (passwords, crypto salt, etc). I strongly suggest you immediately change these passwords since they have potentially been compromised. Feel free to upload the file again, after removing anything that should not be available on a public web site.

dregad

dregad

2019-10-17 09:32

developer   ~0062993

Last edited: 2019-10-17 09:34

View 2 revisions

confirm that the problem can be reproduced in 2.22.1.

You have not responded on that

Please check also, if problem persists without any 3rd party plugins (i.e. uninstall Email Reporting , MantisStats, MantisBT Markdown)

PHP 5.4.16

Please note that we require PHP 5.5 or later (although this is unlikely to be causing the problem you're facing)

You may also want to check if there is anything in the webserver / PHP logs.

traynaud

traynaud

2019-10-17 10:38

reporter   ~0062995

We can't upgrade because we are using squash test and the compatibility is compromise for us after this version of mantis

traynaud

traynaud

2019-10-17 10:41

reporter   ~0062996

I'm asking for PHP updating

dregad

dregad

2019-10-17 10:57

developer   ~0062997

Last edited: 2019-10-17 10:58

View 2 revisions

We can't upgrade

It's your decision. Just consider 47 security issues fixed since 2.1.0...

Also you need to demonstrate that the problem is reproducible in the latest release, because we don't support 2.1.0 anymore.

traynaud

traynaud

2019-10-17 11:24

reporter   ~0063000

Can you change the visibility of the ticket to private ?

dregad

dregad

2019-10-17 11:32

developer   ~0063002

Can you change the visibility of the ticket to private ?

I could, but don't see the point - I already removed the file.

traynaud

traynaud

2019-10-17 11:41

reporter   ~0063003

Thank's you a lot for this fast removing
But it's a request of my hierarchy

dregad

dregad

2019-10-17 11:55

developer   ~0063004

Well I'm sorry but this is a public support channel for open-source software, and our policy is to leave everything visible for the benefits of the community. I'm willing to selectively edit out or remove other sensitive data as necessary if you tell me what it is, but not to hide the whole issue.

mtulodzi

mtulodzi

2019-10-18 01:41

reporter   ~0063006

Hi,
we have the same issue in some specific conditions. We are on 2.22.1 version.
Steps to reproduce it:

  1. Report Issue
  2. Set Summary: Why mantis throw 403 https://www.mantisbt.org/bugs/view.php?id=26275 ?
  3. Set Description: Why mantis throw 403 https://www.mantisbt.org/bugs/view.php?id=26275 ?
  4. Submit Issue
  5. Edit
  6. Set Status: Resolved
  7. Set Resolution: No change required
  8. Update information
  9. Receive 403 [Forbidden] to bug_update.php
traynaud

traynaud

2019-10-18 03:27

reporter   ~0063007

Hi dregad,
I understood and agree with your policy
I'll send more carefully informations from now on

Thank's you mtulodzi for your example

Issue History

Date Modified Username Field Change
2019-10-16 08:52 traynaud New Issue
2019-10-16 08:52 traynaud File Added: capture.jpg
2019-10-16 12:28 dregad Status new => feedback
2019-10-16 12:28 dregad Note Added: 0062985
2019-10-17 08:52 traynaud Note Added: 0062989
2019-10-17 08:52 traynaud File Added: Mantis Forbidden.png
2019-10-17 08:52 traynaud Status feedback => new
2019-10-17 09:10 traynaud Note Added: 0062991
2019-10-17 09:10 traynaud File Added: config_inc.php
2019-10-17 09:10 traynaud File Added: custom_config_inc.php
2019-10-17 09:25 dregad File Deleted: custom_config_inc.php
2019-10-17 09:32 dregad Note Added: 0062992
2019-10-17 09:32 dregad Note Added: 0062993
2019-10-17 09:34 dregad Note Edited: 0062993 View Revisions
2019-10-17 09:35 dregad Status new => feedback
2019-10-17 09:35 dregad Note View State: 0062992: public
2019-10-17 10:38 traynaud Note Added: 0062995
2019-10-17 10:38 traynaud Status feedback => new
2019-10-17 10:41 traynaud Note Added: 0062996
2019-10-17 10:57 dregad Note Added: 0062997
2019-10-17 10:58 dregad Note Edited: 0062997 View Revisions
2019-10-17 11:24 traynaud Note Added: 0063000
2019-10-17 11:32 dregad Note Added: 0063002
2019-10-17 11:41 traynaud Note Added: 0063003
2019-10-17 11:55 dregad Note Added: 0063004
2019-10-18 01:41 mtulodzi Note Added: 0063006
2019-10-18 03:27 traynaud Note Added: 0063007