0036861: Non-optimal verification of uploaded files

ID	Project	Category	View Status	Date Submitted	Last Update
0036861	mantisbt	other	public	2026-02-02 10:57	2026-02-04 04:47

Reporter	raspopov	Assigned To	community
Priority	normal	Severity	minor	Reproducibility	always
Status	confirmed	Resolution	open
Product Version	2.28.0

Summary	0036861: Non-optimal verification of uploaded files
Description	If you try to upload invalid files on the issue creation page (for example, those specified in the `disallowed_files` setting), the upload will fail, and the form will remain on the screen as if the issue had not been created. However, the issue will have been created without the uploaded files. Users cannot tell that the issue has already been created.
Additional Information	This occurs because the issue validation process in the `validate()` function performs fewer checks than the process of adding uploaded files in the `process()` function.
Tags	No tags attached.

raspopov 2026-02-02 11:08 reporter ~0070755	PR: https://github.com/mantisbt/mantisbt/pull/2176 Verification code is collected in one place inside the `file_ensure_uploaded()` function. Added checks to the `IssueFileAddCommand` and `IssueNoteAddCommand` commands. Extended checking for web server upload errors. Tests for the `file_ensure_uploaded()` function have been added.