View Issue Details

IDProjectCategoryView StatusLast Update
0025442mantisbtdb mssqlpublic2019-03-16 20:20
Reporterjuliexn Assigned Tocproensa  
PrioritynormalSeveritymajorReproducibilityrandom
Status closedResolutionfixed 
PlatformIEOSWindowsOS Version7
Product Version2.11.1 
Target Version2.20.0Fixed in Version2.20.0 
Summary0025442: Wrong/duplicate bugnote_text_id in mantis_bugnote_table
Description

After we upgraded to MantisBT 2.11.1 in December 2018, users have noticed phantom notes added to their ticket/issue with their names on it. A query of the database shows that we have multiple bug_id pointing to the same bugnot_text_id. Attached is a screenshot showing the result of the select statement below. It show three bugnote pointing to the same bugnote_text. Those 3 notes were submitted within 15 seconds by different users in different issue#. Can you please advise what the issue/cause may be?

select id, bug_id, reporter_id, bugnote_text_id, view_state,
dateadd(ss,date_submitted,'1/1/1970') as date_submitted, dateadd(ss,last_modified,'1/1/1970') as last_modified
from [dbo].[mantis_bugnote_table]
where bugnote_text_id=2023681

Steps To Reproduce

Different users adding notes to different issue # withing seconds of each other. This issue appears to be random. However, we've had 83 instance of this occurring (83 bugnot_text_id, 181 issue#) since Dec 10, 2018.

TagsNo tags attached.
Attached Files
duplicate bugnote_text_id.JPG (29,903 bytes)   
duplicate bugnote_text_id.JPG (29,903 bytes)   
duplicate bugnote_text_id-2.JPG (36,415 bytes)   
duplicate bugnote_text_id-2.JPG (36,415 bytes)   

Activities

cproensa

cproensa

2019-02-04 17:55

developer   ~0061398

are you using sql-server?

with mssql it uses SELECT IDENT_CURRENT to get the id of the inserted note, which:

Returns the last identity value generated for a specified table or view. The last identity value generated can be for any session and any scope.

atrol

atrol

2019-02-04 18:01

developer   ~0061399

juliexn,

This is the first time I see such an issue.

The provided information is not sufficient to provide help in resolving the issue.
The additional information listed below may be useful:

  • Exact version of PHP, Database, Web server, Browser and Operating System
  • Relevant customizations (e.g. changes in config_inc.php, etc)
  • Installed plugins or custom functions ?
  • Was the MantisBT source code modified in any way ?

After we upgraded to MantisBT 2.11.1 in December 2018

Why did you use this outdated version?
I would have expected 2.18.0 in December 2018

I recommend to upgrade to latest stable version (2.19.0 at the moment).
This might fix the issue, or at least it's a better point to start further investigation.

cproensa

cproensa

2019-02-04 18:36

developer   ~0061400

@atrol
confirmed: reproduced with current version and mssql

juliexn

juliexn

2019-02-04 18:40

reporter   ~0061401

We are using SQL server. The reason we are using an outdated version of MantisBT has to do we the business requirement for using IE 11 in compatibility mode and to display realname instead of username. We've tried newer version of MantisBT but the primary problem is that it doesn't render correctly in IE compatibility mode. Below are answers to your questions about our build:
•PHP version: 7.1.15.0
•Database Version: SQL Server 2014
•Web Server Version: Windows 2008
•Browser: IE 11 in compatibility mode
•Operating System: Windows 7
•Relevant customizations (e.g. changes in config_inc.php, etc) : no relevant customization
•Installed plugins or custom functions ? no
•Was the MantisBT source code modified in any way ? yes
\core\print_api.php to open attachment in a new browser tab instead of using the same tab
\core\custom_field_api.php to allow custom date fields to be left blank when the field is not required
\core\date_api.php to use datepicker for custom date fields
\core\gpc_api.php to use datepicker for custom date fields
Please let me know if you have other questions and/or suggestions to troubleshoot.

cproensa

cproensa

2019-02-04 19:07

developer   ~0061402

PR
https://github.com/mantisbt/mantisbt/pull/1457

cproensa

cproensa

2019-02-04 19:13

developer   ~0061403

@juliexn
It would be good if you could try the changes and provide feedback from testing it, as none of the current core developers is running such an environment in production.

juliexn

juliexn

2019-02-04 20:21

reporter   ~0061404

@cproensa
Thank you for looking into this. Were you able reproduce the issue? I'm trying to test, but I'm having issues with reproducing it.

cproensa

cproensa

2019-02-04 20:32

developer   ~0061405

Were you able reproduce the issue?

yes, with a debug session that is forced to wait between both inserts.

atrol

atrol

2019-02-07 13:29

developer   ~0061445

Some general remarks

The reason we are using an outdated version of MantisBT has to do we the business requirement for using IE 11 in compatibility mode

I assume you are talking about this effect https://mantisbt.org/forums/viewtopic.php?f=3&t=25649
AFAIK the compatibility mode is not just a global setting, but can also be set in a site specific way

and to display realname instead of username

Is there still an issue after all those changes in 2.15.0 ?
Look at 0024432 and related issues.

Web Server Version: Windows 2008
Operating System: Windows 7

I hope you are aware that

  • we fixed quite a lot of issues (especially security related ones) since 2.11.0
  • Standard security support for Windows 7 and Windows Server 2008 will end in January 2020

Your countdown for upgrades is running :-)

juliexn

juliexn

2019-02-07 13:42

reporter   ~0061446

@atrol
I realized that later versions would take care of our realname issue, but we are stuck with using compatibility mode. I will take a look to see if we can somehow set it for a specific site in our intranet. We are trying to upgrade the one application that requires the compatibility mode so we could get out of that dependencies.

@cproensa
Our business users are testing the fix in lower environments. It could take them a week to test in IT and UAT and another week before we could get the fix into Prod. I'll provide feedback as I get them.

Related Changesets

MantisBT: master c0c7eb1c

2019-02-04 13:49

cproensa

Committer: atrol


Details Diff
Fix mssql concurrent insert id

The implementation of db_insert_id() in mssql relied on IDENT_CURRENT
making it not thread safe.
Modify it to use ADOdb native implementation, based on SCOPE_IDENTITY()
which is session independent.

Fixes: 0025442
Affected Issues
0025442
mod - core/database_api.php Diff File