View Issue Details

IDProjectCategoryView StatusLast Update
0026542mantisbtapi restpublic2020-03-15 15:23
Reportermnewnham Assigned Todregad  
Status closedResolutionfixed 
Product Version2.22.1 
Target Version2.24.0Fixed in Version2.24.0 
Summary0026542: Passing out of range custom field id causes multiple PHP warnings / incorrect response

Passing an out of range custom field id through the API causes multiple PHP warnings and an incorrect error response:

Rest Error

Custom field '' not found

Apache Log

[Mon Dec 30 10:57:00 2019] [error] [client] PHP Notice: Undefined index: name in /home/mantisbt/mantisbt-2.22.1/api/soap/mc_custom_field_api.php on line 41
[Mon Dec 30 10:57:00 2019] [error] [client] PHP Notice: Undefined index: name in /home/mantisbt/mantisbt-2.22.1/api/soap/mc_issue_api.php on line 419

Steps To Reproduce

$c = new stdClass;
$c->id = $id;
$c->custom_fields = array(
'field'=>array('id'=>999999999999999999999999999999999999), //At least 36 9s

$jsonData = json_encode($c);

---------------------------> PUSH TO API

TagsNo tags attached.


related to 0026541 closeddregad Passing invalid id to rest api custom field update causes program crash 
related to 0026540 closeddregad Passing unsanitized data to type hinted function causes program crash 


Related Changesets

MantisBT: master 94c96ac8

2020-02-02 16:31:27


Details Diff
Fix undefined index PHP notice

If 'name' key is not defined, mci_get_custom_field_id_from_objectref()
throws a PHP notice, causing Slim to segfault.

Fixes 0026542
Affected Issues
mod - api/soap/mc_custom_field_api.php Diff File