0035064: Constant error 500 after deleting user option on adm_config_report.php page. - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update
0035064	mantisbt	administration	public	2024-12-02 10:25	2025-03-01 18:40

Reporter	raspopov	Assigned To	dregad
Priority	normal	Severity	minor	Reproducibility	sometimes
Status	closed	Resolution	fixed
Product Version	2.27.0
Target Version	2.27.1	Fixed in Version	2.27.1

Summary	0035064: Constant error 500 after deleting user option on adm_config_report.php page.
Description	On the adm_config_report.php page, a filter by user has been selected to display the options for that user. Then the option was deleted by clicking on the corresponding button. After that, an error 500 is constantly displayed for this page. Deleting the cookies helps. The following error appears in the PHP report: `user_get_name_from_row(): Argument #1 ($p_user_row) must be of type array, false given, called in C:\wwwroot\mantisbt\adm_config_report.php on line 163 C:\wwwroot\mantisbt\adm_config_report.php: 163: - - - - user_get_name_from_row()`
Steps To Reproduce	It is quite difficult to repeat the error, perhaps you need to edit the options in parallel, for example in several browser tabs.
Additional Information	Investigation shows that the error occurs in the following code of adm_config_report.php. It is possible to get a wrong user id number from the cookie and get a 500 error for this page until the cookie is clean: `119: $t_filter_user_value = $t_cookie_contents[0]; <-- gets wrong id here ... 159: if( $t_filter_user_value != META_FILTER_NONE && $t_filter_user_value != ALL_USERS ) { 160: # Make sure the filter value exists in the list 161: $t_row = user_get_row( $t_filter_user_value ); <-- returns false, since no user 162: $t_users_ids[] = $t_filter_user_value; 163: $t_users_list[] = user_get_name_from_row( $t_row ); <-- exception here 164: $t_sort[] = user_get_name_for_sorting_from_row( $t_row ); 165: }`
Tags	No tags attached.

raspopov 2024-12-02 10:27 reporter ~0069519 Last edited: 2024-12-03 22:32	I suggest we fix it something like this: `if( $t_filter_user_value != META_FILTER_NONE && $t_filter_user_value != ALL_USERS ) { # Make sure the filter value exists in the list $t_row = user_get_row( $t_filter_user_value ); if( $t_row ) { $t_users_ids[] = $t_filter_user_value; $t_users_list[] = user_get_name_from_row( $t_row ); $t_sort[] = user_get_name_for_sorting_from_row( $t_row ); } }`

dregad 2024-12-03 12:37 developer ~0069526	The problem can be reproduced by manually altering the MANAGE_CONFIG_COOKIE's value to specify a non-existing user id. In real life, given that a filter in the admin page for a specific user has been applied (saved in the cookie), returning to the page after said user has been deleted should trigger the error also. I think a more appropriate fix than what you suggested in 0035064:0069519 would be to check for the user id's existence after retrieving it from the cookie; if not found, we could default to ALL_USERS, following the same logic that is already implemented for projects. I'll submit a PR later.

raspopov 2024-12-03 22:35 reporter ~0069532	if not found, we could default to ALL_USERS I think this code creates a filter list, so ALL_USERS is added to that list anyway.

dregad 2024-12-04 06:22 developer ~0069533	if not found, we could default to ALL_USERS I think this code creates a filter list, so ALL_USERS is added to that list anyway. Indeed. So the logic should be: retrieve current user id from cookie if not an existing user, use ALL_USERS as default (NEW) build the list for the select (including any and ALL_USERS) if current user id is not in the list, add it render the list with current user selected

dregad 2024-12-27 09:40 developer ~0069614	I'll submit a PR later. I fixed the code, and then forgot to push the branch and create the PR... Done now https://github.com/mantisbt/mantisbt/pull/2065

MantisBT: master-2.27 437eb123 2024-12-03 13:29 dregad Details Diff	Ensure user in manage_config_cookie exists If a non-existing user id is specified in the cookie, user_get_row() returns false, resulting in the subsequent user_get_name_from_row() call triggering a PHP error as the function expects an array but receives a bool. Adding a check for the user id's existence after reading the cookie and defaulting to ALL_USERS if not found fixes the problem. Fixes 0035064		Affected Issues 0035064
	mod - adm_config_report.php		Diff File