Skip to content

Commit

Permalink
Custom Field names with commas (,) are forbidden
Browse files Browse the repository at this point in the history 
Until now, the custom fields management page allowed saving a Custom
Field with commas; attempting to use such a field in the Manage Columns
pages results in APPLICATION ERROR 2601 when trying to save the
configuration.

This commit prevents saving or updating a custom field if its name
contains a comma.

Fixes #26665
  • Loading branch information
@dregad
dregad committed Feb 21, 2021
1 parent 55a3767 commit 4d97763
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 0 deletions.
1 change: 1 addition & 0 deletions core/constant_inc.php
View file
Expand Up @@ -350,6 +350,7 @@
define( 'ERROR_CUSTOM_FIELD_INVALID_DEFINITION', 1304 );
define( 'ERROR_CUSTOM_FIELD_NOT_LINKED_TO_PROJECT', 1305 );
define( 'ERROR_CUSTOM_FIELD_INVALID_PROPERTY', 1306 );
define( 'ERROR_CUSTOM_FIELD_NAME_INVALID', 1307 );

# ERROR_LDAP_*
define( 'ERROR_LDAP_AUTH_FAILED', 1400 );
Expand Down
10 changes: 10 additions & 0 deletions core/custom_field_api.php
View file
Expand Up @@ -561,6 +561,16 @@ function custom_field_update( $p_field_id, array $p_def_array ) {
*/
extract( $p_def_array, EXTR_PREFIX_ALL, 'v');

if( is_blank( $v_name ) ) {
error_parameters( 'name' );
trigger_error( ERROR_EMPTY_FIELD, ERROR );
} elseif( mb_strpos( $v_name, ',' ) ) {
# Commas are not allowed in CF name, it causes issues with columns
# selection (see #26665)
error_parameters( $v_name );
trigger_error( ERROR_CUSTOM_FIELD_NAME_INVALID, ERROR );
}

if( is_blank( $v_name ) ) {
error_parameters( 'name' );
trigger_error( ERROR_EMPTY_FIELD, ERROR );
Expand Down
1 change: 1 addition & 0 deletions lang/strings_english.txt
View file
Expand Up @@ -1660,6 +1660,7 @@ $MANTIS_ERROR[ERROR_BUG_DUPLICATE_SELF] = 'You cannot set an issue as a duplicat
$MANTIS_ERROR[ERROR_BUG_REVISION_NOT_FOUND] = 'Issue revision not found.';
$MANTIS_ERROR[ERROR_CUSTOM_FIELD_NOT_FOUND] = 'Custom field not found.';
$MANTIS_ERROR[ERROR_CUSTOM_FIELD_NAME_NOT_UNIQUE] = 'This is a duplicate name.';
$MANTIS_ERROR[ERROR_CUSTOM_FIELD_NAME_INVALID] = 'Invalid custom field name "%1$s": commas are not allowed. See "Localizing Custom Field Names" section in the Admin Guide as a workaround.';
$MANTIS_ERROR[ERROR_CUSTOM_FIELD_IN_USE] = 'At least one project still uses this field.';
$MANTIS_ERROR[ERROR_CUSTOM_FIELD_INVALID_VALUE] = 'Invalid value for field "%1$s".';
$MANTIS_ERROR[ERROR_CUSTOM_FIELD_INVALID_DEFINITION] = 'Invalid custom field definition.';
Expand Down

0 comments on commit 4d97763

Please sign in to comment.