View Issue Details

IDProjectCategoryView StatusLast Update
0027826mantisbtbugtrackerpublic2021-03-05 19:43
Reportergthomas Assigned Todregad  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.24.4 
Target Version2.24.5Fixed in Version2.24.5 
Summary0027826: ERROR_CATEGORY_NOT_FOUND_FOR_PROJECT thrown for Category '0'
Description

With release-2.24.4 "Category '0' not available in project" error is thrown on New Issue.

I'm not using categories ($g_allow_no_category = ON).

Tagspatch

Relationships

related to 0027361 closeddregad Private category can be access/used by a non member of a private project (IDOR) 

Activities

gthomas

gthomas

2021-01-01 04:00

reporter   ~0064896

Last edited: 2021-01-01 04:51

For now, I've patched my instance with:

 git show
commit b953e96ee363d432b3539a5d3baeafbf2d920057 (HEAD -> master, web/master, origin/master, origin/HEAD)
Author: Tamás Gulácsi <tamas@gulacsi.eu>
Date:   Thu Dec 31 12:48:19 2020 +0100

    Treat 0 category_id as existing

diff --git a/core/category_api.php b/core/category_api.php
index 5f89c1d1d..2a7c17ef7 100644
--- a/core/category_api.php
+++ b/core/category_api.php
@@ -59,6 +59,9 @@ $g_category_cache = array();
  * @access public
  */
 function category_exists( $p_category_id ) {
+       if( $p_category_id == 0 ) {
+               return true;
+       }
        $t_category_row = category_get_row( $p_category_id, /* error_if_not_exists */ false );
        return $t_category_row !== false;
 }
@@ -85,6 +88,9 @@ function category_ensure_exists( $p_category_id ) {
  * @return bool True if the category exists, false otherwise.
  */
 function category_exists_in_project( $p_category_id, $p_project_id ) {
+       if( $p_category_id == 0 ) {
+               return true;
+       }
        $t_categories = array_column( category_get_all_rows( $p_project_id ), 'id' );
        return in_array( $p_category_id, $t_categories );
 }

to treat the 0 category as existing.

dregad

dregad

2021-01-01 06:06

developer   ~0064900

Thanks for the report, I'll have a look.

dregad

dregad

2021-01-01 06:14

developer   ~0064901

Bug confirmed, regression introduced in MantisBT master a4c4865b (see 0027361)

dregad

dregad

2021-01-01 06:51

developer   ~0064902

PR https://github.com/mantisbt/mantisbt/pull/1724

atrol

atrol

2021-01-01 07:55

developer   ~0064903

@dregad not sure you noticed that our build for 2.24.4 failed due to errors around 0 category
https://travis-ci.org/github/mantisbt/mantisbt/jobs/752116803

gthomas

gthomas

2021-01-01 08:36

reporter   ~0064904

Thanks for the quick resolve!

dregad

dregad

2021-01-01 09:38

developer   ~0064905

@atrol

not sure you noticed that our build for 2.24.4 failed due to errors around 0 category

I didn't thanks for the heads up, I'll check it now.

@gthomas

Thanks for the quick resolve!

You're welcome

dregad

dregad

2021-01-01 09:43

developer   ~0064906

Last edited: 2021-01-01 10:02

not sure you noticed that our build for 2.24.4 failed due to errors around 0 category

I'll check it now

It would appear that the PR I submitted fixes the issue.

Strange that I didn't get the notification e-mail from Travis. I usually get one when the build fails, but nothing when it is successful so I assumed it was OK and didn't notice that something was wrong. A shame, because I could have avoided this regression.

I'll check what's going on with my Travis setup.

Related Changesets

MantisBT: master a4c4865b

2020-11-22 12:54:01

dregad

Details Diff
Prevent setting category not belonging to project

When retrieving a category for a given project, make sure that it is
available in the project's hierarchy, taking inheritance into account.

Fixes 0027361
Affected Issues
0027361, 0027826
mod - api/soap/mc_api.php Diff File

MantisBT: master 889c8d24

2020-12-13 12:06:53

dregad

Details Diff
New API to check category existence within project

Added 2 new functions in Category API: category_exists_in_project() and
category_ensure_exists_in_project.

Improve PHPDoc for category_exists() and category_ensure_exists() to
clearly indicate that they check for a category's existence globally,
unlike the new functions.

Issue 0027361
Affected Issues
0027361, 0027826
mod - api/soap/mc_api.php Diff File
mod - core/category_api.php Diff File

MantisBT: master-2.24 074b3f5d

2021-01-01 11:19:12

dregad

Details Diff
Fix "Category 0 not found" when reporting new issue

By definition, category "0" (no category) does not exist in any project,
but when empty category is allowed ($g_allow_no_category = ON),
category_exists_in_project() should return true.

Regression introduced by a4c4865b2102c2c0bfc53692499514db0b744dc9 in
issue 0027361.

Fixes 0027826
Affected Issues
0027361, 0027826
mod - core/category_api.php Diff File