View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0034099mantisbtadministrationpublic2024-03-15 05:482024-03-27 20:14
Reporteralve89 Assigned Todregad  
PriorityhighSeverityblockReproducibilityalways
Status closedResolutionno change required 
Product Version2.26.1 
Summary0034099: No changes possible (APPLICATION ERROR 2800)
Description

Hi guys!

I just installed the latest version of Mantis. By searching on Google I found this ticket: 0023052 (https://www.mantisbt.org/bugs/view.php?id=23052). I have the exact same issue, I can't make any changes: No new user, no new project, nothing.

Steps To Reproduce

Login as administrator:root, click on Administration, try to add project. After clicking on "Adding project" (I guess, I have the German installation), the following error occurs:

APPLICATION ERROR #2800

Ungültiges Sicherheitstoken zum Formular. Dies kann durch einen Sitzungsablauf oder durch versehentliches doppeltes Speichern des Formulars verursacht worden sein.

Bitte benutzen Sie die „Zurück“-Taste Ihres Browsers, um auf die vorhergehende Seite zurückzukehren. Dort können Sie den hier angezeigten Eintrag korrigieren oder eine andere Aktion ausführen. Über das Menü können Sie auch direkt zu einer anderen Aktion wechseln.

The same error occurs when trying to add a new user or trying to change admins profile data.

Additional Information

MantisBT-Version 2.26.1
Datenbankschema-Version 211
PHP-Version 8.1.27
Datenbanktreiber mysqli
Datenbankversion, Beschreibung 10.5.23, 10.5.23-MariaDB-1:10.5.23+maria~ubu2004-log
Pfad der Website /www/htdocs/xxxxx/bugreport/mantis/
Core-Pfad /www/htdocs/xxxxx/bugreport/mantis/core/
Plugin-Pfad /www/htdocs/xxxxx/bugreport/mantis/plugins/

TagsNo tags attached.

Relationships

Relationship GraphDependency Graph
related to 0022844 closeddregad Application Error #2800 after PHP upgrade from 7.1.3 to 7.1.4 
related to 0023052 closedatrol APPLICATION ERROR #2800 occurs in every action 

Activities

dregad

dregad

2024-03-15 07:03

developer   ~0068663

Did you read 0022844, and the FAQ in the admin guide about this error ?
alve89

alve89

2024-03-15 09:28

reporter   ~0068664

Last edited: 2024-03-15 10:10

I did. This is my current configuration:

./.htaccess (in Mantis root):

./config/config_inc.php:

<?php
$g_hostname               = 'localhost';
$g_db_type                   = 'mysqli';
$g_database_name          = 'xxxxxxx';
$g_db_username            = 'xxxxxxx';
$g_db_password            = 'xxxxxxx';

$g_default_timezone       = 'Europe/Berlin';

$g_crypto_master_salt     = 'xxxxxxx=';

$g_path                   = 'http://xxxx.com/mantis/';
$g_form_security_validation = ON;
$g_display_errors = array(
    E_WARNING => 'halt',
    E_NOTICE => 'halt',
    E_USER_ERROR => 'halt',
    E_USER_WARNING => 'halt',
    E_USER_NOTICE => 'halt'
);
$g_show_detailed_errors = ON;

=> Changing $g_form_security_validation = ON; to $g_form_security_validation = OFF; worked but is a serious security issue, so no proper solution.

The debugging shows:

APPLICATION ERROR 2800

Ungültiges Sicherheitstoken zum Formular. Dies kann durch einen Sitzungsablauf oder durch versehentliches doppeltes Speichern des Formulars verursacht worden sein.

Bitte benutzen Sie die „Zurück“-Taste Ihres Browsers, um auf die vorhergehende Seite zurückzukehren. Dort können Sie den hier angezeigten Eintrag korrigieren oder eine andere Aktion ausführen. Über das Menü können Sie auch direkt zu einer anderen Aktion wechseln.
Detailed error information

Full path: /www/htdocs/xxxxx/mantis/core/form_api.php
Line number: 157
Stack trace
#   Filename    Line    Class   Type    Function    Args
0   /www/htdocs/xxxxx/mantis/core/form_api.php  157 -   -   trigger_error   <string>'2800', <integer>256
1   /www/htdocs/xxxxx/mantis/manage_proj_create.php 54  -   -   form_security_validate  <string>'manage_proj_create'

It seems that it works with an HTTPS connection though, even when $g_form_security_validation = ON; is set. Can you confirm this as proper solution?
dregad

dregad

2024-03-15 10:18

developer   ~0068665

Changing [...] to $g_form_security_validation = OFF; worked but is a serious security issue, so no proper solution.

Indeed, not recommended to switch this off.

It seems that it works with an HTTPS connection though, even when $g_form_security_validation = ON; is set.

That would rule out a problem with MantisBT code, and indicate the issue is with your server's configuration.

Can you confirm this as proper solution?

It is best practice to operate on a secure connection, so if it works like that then I think you're all set.