View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0026540 | mantisbt | api rest | public | 2019-12-30 12:16 | 2020-03-15 15:23 |
Reporter | mnewnham | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.22.1 | ||||
Target Version | 2.24.0 | Fixed in Version | 2.24.0 | ||
Summary | 0026540: Passing unsanitized data to type hinted function causes program crash | ||||
Description | The function mci_issue_set_custom_fields ( $p_issue_id, array &$p_custom_fields = null, $p_log_insert ) in api/soap/mci_issue_api.php uses a type hint (array) on the second argument, but the calling function mc_issue_update() at line 1104 does not check that the value passed to mc_issue_set_custom_fields is actually an array. This causes an untrapped failure at that point. Solution: either sanitize before the function is called or remove the type hint and test in mci_issue_set_custom_fields() | ||||
Steps To Reproduce | Create a rest api call with an invalid construction and push to mantis example: $jsonData = json_encode($c); ---> Push $jsonData to rest api | ||||
Tags | No tags attached. | ||||