View Issue Details

IDProjectCategoryView StatusLast Update
0026540mantisbtapi restpublic2020-03-15 15:23
Reportermnewnham Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.22.1 
Target Version2.24.0Fixed in Version2.24.0 
Summary0026540: Passing unsanitized data to type hinted function causes program crash
Description

The function mci_issue_set_custom_fields ( $p_issue_id, array &$p_custom_fields = null, $p_log_insert ) in api/soap/mci_issue_api.php uses a type hint (array) on the second argument, but the calling function mc_issue_update() at line 1104 does not check that the value passed to mc_issue_set_custom_fields is actually an array.

This causes an untrapped failure at that point.

Solution: either sanitize before the function is called or remove the type hint and test in mci_issue_set_custom_fields()

Steps To Reproduce

Create a rest api call with an invalid construction and push to mantis

example:
$c = new stdClass;
$c->id = 1234;
$c->custom_fields = "ABC"; //Should be an array

$jsonData = json_encode($c);

---> Push $jsonData to rest api

TagsNo tags attached.

Relationships

related to 0026542 closeddregad Passing out of range custom field id causes multiple PHP warnings / incorrect response 
related to 0026541 closeddregad Passing invalid id to rest api custom field update causes program crash 

Activities

Related Changesets

MantisBT: master 9f1925f8

2020-02-02 10:53

dregad


Details Diff
Make sure given custom field data is an array

Fixes 0026540
Affected Issues
0026540
mod - api/soap/mc_project_api.php Diff File