View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0033248mantisbtcustom fieldspublic2023-11-13 06:092024-02-20 16:58
Reporterkeessonnema Assigned Todregad  
PrioritynormalSeverityblockReproducibilityalways
Status closedResolutionfixed 
Product Version2.26.0 
Target Version2.26.1Fixed in Version2.26.1 
Summary0033248: APPLICATION ERROR 2800 Invalid form security token when trying to delete custom field
Description

After upgrading to v2.26.0 I get the infamous 2800 error.

APPLICATION ERROR #2800

Invalid form security token. This could be caused by a session timeout, or accidentally submitting the form twice.

Full path: /var/www/websites/mantisbt-base/core/form_api.php
Line number: 157

Stack trace
#   Filename    Line    Class   Type    Function    Args
0   /var/www/websites/mantisbt-base/core/form_api.php   157 -   -   trigger_error   <string>'2800', <integer>256
1   /var/www/websites/mantisbt-base/manage_custom_field_delete.php  52  -   -   form_security_validate  <string>'manage_custom_field_delete'

I'm not sure if this is due to my PHP configuration, but I'd love to hear what to change to fix this.
If this is a bug then I'm happy to help fixing it.

Steps To Reproduce

Do the following:

  • Open "Manage"
  • Click on "Custom fields"
  • Click on a custom field
  • Try to delete the custom field
Additional Information

Running on Ubuntu 20.04 with PHP 7.4.3-4ubuntu2.19 (cli)

TagsNo tags attached.

Relationships

Relationship GraphDependency Graph
related to 0027274 closeddregad Move Delete buttons into main form 

Activities

dregad

dregad

2023-11-13 10:58

developer   ~0068317

Sorry I can't reproduce this.

keessonnema

keessonnema

2023-11-27 09:53

reporter   ~0068341

@dregad do you recognize this error? If so, how could I isolate this problem? I'm not sure where to look.
dregad

dregad

2023-11-27 11:13

developer   ~0068342

Well obviously I recognize error 2800... But I'm not sure I correctly understand what you expect from me when you ask that though...

As to how to isolate it, since I can't reproduce the problem and you did not provide much details or context, it's kind of hard for me to tell.

If it is indeed consistently reproducible (you said always) then you should be able to trace code execution.
Is the upgraded 2.26 the same environment as your previous version, or a different server ?
Try to identify if this is data- or code-related (Error occurring for all custom field deletions, or just a specific one ? Just for custom fields, or for other parts of the applications ?)
If you know Git, maybe you can try to run git bisect between your previous version and release-2.26.0 tag to identify the offending commit if it's code related.
keessonnema

keessonnema

2023-11-28 02:37

reporter   ~0068344

@dregad I'll try to do a git diff on the files that throw an error.

  • It happens to all custom fields, no one specific
  • It happened on normal bugnotes aswell at first, but that fixed itself.
  • It's the same installation, just with replaced files, so I'll have to see if I miss anything.
haxxemm

haxxemm

2023-11-29 10:53

reporter   ~0068352

Last edited: 2023-11-29 10:55

I'm having the same issue. Upgraded from 2.25.6 to 2.26, when I create a new custom field and then I try to delete it, I'm getting 2800 error message. I can't delete existing or new custom fields.

Running on Wamp Server 3.2.6 - 64bit / PHP 8.1.0 / Windows Server R2 Standard
atrol

atrol

2023-11-29 17:15

developer   ~0068354

Last edited: 2023-11-30 03:47

@dregad looks like a regression introduced when implementing 0027274
Reverting commit MantisBT master 8116b5e3 fixed the issue on my test system.
dregad

dregad

2023-12-01 18:34

developer   ~0068370

I get it now - I had form_security_validation disabled on my dev box for some tests, and forgot to turn it back on...

Fix should be quite simple, just need to declare the security token for deletion in the form.
dregad

dregad

2023-12-01 19:12

developer   ~0068371

PR https://github.com/mantisbt/mantisbt/pull/1948
keessonnema

keessonnema

2023-12-04 02:37

reporter   ~0068382

Thanks @haxxemm and @atrol for the help on finding the issue.
And thanks to @dregad for the PR.

Related Changesets

MantisBT: master 8116b5e3

2022-06-02 09:14

dregad


Details Diff		 Move Delete Custom Field button to form footer

Using the HTML5 button's `formaction` property we can get rid of the
separate form that caused the button to be displayed below the Edit box,
and put the Delete button in the main form's footer

Fixes 0027274		 Affected Issues
0027274, 0033248
mod - manage_custom_field_edit_page.php Diff File

MantisBT: master-2.26 fe404e16

2023-12-01 19:03

dregad


Details Diff		 Fix error 2800 when deleting custom field

This error is a regression introduced by fix for issue 0027274.

Changing security token name in manage_custom_field_delete.php from
manage_custom_field_delete to manage_custom_field_update resolves the
problem.

It makes more sense to reuse the existing token rather than generate a
new, specific one in manage_custom_field_edit_page.php since we're using
the same form data for update and delete operations.

Fixes 0033248		 Affected Issues
0027274, 0033248
mod - manage_custom_field_delete.php Diff File