From 4ef0e69b05b05eda92505b2fd38e79218b3cbe17 Mon Sep 17 00:00:00 2001 From: Murray Crane Date: Tue, 17 Jun 2014 16:56:24 +0100 Subject: [PATCH] Detect and block conflicting edits Fixes the (oh so old) issue on the MantisBT site #5466, whereby concurrent edits to a single issue can overwrite field data. These changes allow MantisBT to spot a conflicting edit, stopping it from overwriting the first edit with the second. It's very much a blunt tool (flat-out refusal to save), but it works. Signed-off-by: Damien Regad - Error message revised as discussed in the pull request - Squashed commits Fixes #5466, PR https://github.com/mantisbt/mantisbt/pull/212 --- bug_change_status_page.php | 1 + bug_update.php | 5 +++++ bug_update_page.php | 1 + core/constant_inc.php | 1 + lang/strings_english.txt | 1 + 5 files changed, 9 insertions(+) diff --git a/bug_change_status_page.php b/bug_change_status_page.php index bd2d3d6e8e..a91cd171d9 100644 --- a/bug_change_status_page.php +++ b/bug_change_status_page.php @@ -150,6 +150,7 @@ + diff --git a/bug_update.php b/bug_update.php index 3fa7b1f35c..81ee454131 100644 --- a/bug_update.php +++ b/bug_update.php @@ -100,6 +100,7 @@ $t_updated_bug->eta = gpc_get_int( 'eta', $t_existing_bug->eta ); $t_updated_bug->fixed_in_version = gpc_get_string( 'fixed_in_version', $t_existing_bug->fixed_in_version ); $t_updated_bug->handler_id = gpc_get_int( 'handler_id', $t_existing_bug->handler_id ); +$t_updated_bug->last_updated = gpc_get_string( 'last_updated' ); $t_updated_bug->os = gpc_get_string( 'os', $t_existing_bug->os ); $t_updated_bug->os_build = gpc_get_string( 'os_build', $t_existing_bug->os_build ); $t_updated_bug->platform = gpc_get_string( 'platform', $t_existing_bug->platform ); @@ -121,6 +122,10 @@ $t_bug_note->view_state = gpc_get_bool( 'private', config_get( 'default_bugnote_view_status' ) == VS_PRIVATE ) ? VS_PRIVATE : VS_PUBLIC; $t_bug_note->time_tracking = gpc_get_string( 'time_tracking', '0:00' ); +if( $t_existing_bug->last_updated !== $t_updated_bug->last_updated ) { + trigger_error( ERROR_BUG_CONFLICTING_EDIT, ERROR ); +} + # Determine whether the new status will reopen, resolve or close the issue. # Note that multiple resolved or closed states can exist and thus we need to # look at a range of statuses when performing this check. diff --git a/bug_update_page.php b/bug_update_page.php index 9a99b78c39..7cf7e2b90b 100644 --- a/bug_update_page.php +++ b/bug_update_page.php @@ -179,6 +179,7 @@ + diff --git a/core/constant_inc.php b/core/constant_inc.php index b5fbc15006..0956cc22d8 100644 --- a/core/constant_inc.php +++ b/core/constant_inc.php @@ -304,6 +304,7 @@ define( 'ERROR_BUG_DUPLICATE_SELF', 1101 ); define( 'ERROR_BUG_READ_ONLY_ACTION_DENIED', 1103 ); define( 'ERROR_BUG_RESOLVE_DEPENDANTS_BLOCKING', 1104 ); +define( 'ERROR_BUG_CONFLICTING_EDIT', 1105 ); define( 'ERROR_BUG_REVISION_NOT_FOUND', 1150 ); # ERROR_EMAIL_* diff --git a/lang/strings_english.txt b/lang/strings_english.txt index f327c8b76e..ca04111e71 100644 --- a/lang/strings_english.txt +++ b/lang/strings_english.txt @@ -1709,3 +1709,4 @@ $MANTIS_ERROR[ERROR_UPDATING_TIMEZONE] = 'Unable to update timezone.'; $MANTIS_ERROR[ERROR_DEPRECATED_SUPERSEDED] = 'Deprecated functionality: "%1$s", use "%2$s" instead.'; $MANTIS_ERROR[ERROR_DISPLAY_USER_ERROR_INLINE] = 'Warning: The system is configured to display MantisBT errors (E_USER_ERROR) inline. Program execution will continue; this may lead to system/data integrity issues.'; $MANTIS_ERROR[ERROR_TYPE_MISMATCH] = 'Data Type mismatch. Enable detailed error messages for further information.'; +$MANTIS_ERROR[ERROR_BUG_CONFLICTING_EDIT] = 'This issue has been updated by another user, please return to the issue and submit your changes again.';