Detect and block conflicting edits

Fixes the (oh so old) issue on the MantisBT site #5466, whereby concurrent edits to a single issue can overwrite field data. These changes allow MantisBT to spot a conflicting edit, stopping it from overwriting the first edit with the second. It's very much a blunt tool (flat-out refusal to save), but it works. Signed-off-by: Damien Regad <dregad@mantisbt.org> - Error message revised as discussed in the pull request - Squashed commits Fixes #5466, PR #212
mantisbt · Jul 7, 2014 · 4ef0e69 · 4ef0e69
1 parent c593f90
commit 4ef0e69
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 0 deletions.
diff --git a/bug_change_status_page.php b/bug_change_status_page.php
@@ -150,6 +150,7 @@
 				<td class="form-title" colspan="2">
 					<input type="hidden" name="bug_id" value="<?php echo $f_bug_id ?>" />
 					<input type="hidden" name="status" value="<?php echo $f_new_status ?>" />
+					<input type="hidden" name="last_updated" value="<?php echo $t_bug->last_updated ?>" />
 					<?php echo lang_get( $t_status_label . '_bug_title' ) ?>
 				</td>
 			</tr>

diff --git a/bug_update.php b/bug_update.php
@@ -100,6 +100,7 @@
 $t_updated_bug->eta = gpc_get_int( 'eta', $t_existing_bug->eta );
 $t_updated_bug->fixed_in_version = gpc_get_string( 'fixed_in_version', $t_existing_bug->fixed_in_version );
 $t_updated_bug->handler_id = gpc_get_int( 'handler_id', $t_existing_bug->handler_id );
+$t_updated_bug->last_updated = gpc_get_string( 'last_updated' );
 $t_updated_bug->os = gpc_get_string( 'os', $t_existing_bug->os );
 $t_updated_bug->os_build = gpc_get_string( 'os_build', $t_existing_bug->os_build );
 $t_updated_bug->platform = gpc_get_string( 'platform', $t_existing_bug->platform );
@@ -121,6 +122,10 @@
 $t_bug_note->view_state = gpc_get_bool( 'private', config_get( 'default_bugnote_view_status' ) == VS_PRIVATE ) ? VS_PRIVATE : VS_PUBLIC;
 $t_bug_note->time_tracking = gpc_get_string( 'time_tracking', '0:00' );
 
+if( $t_existing_bug->last_updated !== $t_updated_bug->last_updated ) {
+    trigger_error( ERROR_BUG_CONFLICTING_EDIT, ERROR );
+}
+
 # Determine whether the new status will reopen, resolve or close the issue.
 # Note that multiple resolved or closed states can exist and thus we need to
 # look at a range of statuses when performing this check.

diff --git a/bug_update_page.php b/bug_update_page.php
@@ -179,6 +179,7 @@
 				<tr>
 					<td class="form-title" colspan="3">
 						<input type="hidden" name="bug_id" value="<?php echo $t_bug_id ?>" />
+						<input type="hidden" name="last_updated" value="<?php echo $t_bug->last_updated ?>" />
 						<?php echo lang_get( 'updating_bug_advanced_title' ); ?>
 					</td>
 					<td class="right" colspan="3">

diff --git a/core/constant_inc.php b/core/constant_inc.php
@@ -304,6 +304,7 @@
 define( 'ERROR_BUG_DUPLICATE_SELF', 1101 );
 define( 'ERROR_BUG_READ_ONLY_ACTION_DENIED', 1103 );
 define( 'ERROR_BUG_RESOLVE_DEPENDANTS_BLOCKING', 1104 );
+define( 'ERROR_BUG_CONFLICTING_EDIT', 1105 );
 define( 'ERROR_BUG_REVISION_NOT_FOUND', 1150 );
 
 # ERROR_EMAIL_*

diff --git a/lang/strings_english.txt b/lang/strings_english.txt
@@ -1709,3 +1709,4 @@ $MANTIS_ERROR[ERROR_UPDATING_TIMEZONE] = 'Unable to update timezone.';
 $MANTIS_ERROR[ERROR_DEPRECATED_SUPERSEDED] = 'Deprecated functionality: "%1$s", use "%2$s" instead.';
 $MANTIS_ERROR[ERROR_DISPLAY_USER_ERROR_INLINE] = 'Warning: The system is configured to display MantisBT errors (E_USER_ERROR) inline. Program execution will continue; this may lead to system/data integrity issues.';
 $MANTIS_ERROR[ERROR_TYPE_MISMATCH] = 'Data Type mismatch. Enable detailed error messages for further information.';
+$MANTIS_ERROR[ERROR_BUG_CONFLICTING_EDIT] = 'This issue has been updated by another user, please return to the issue and submit your changes again.';