Permalink
Browse files

Detect and block conflicting edits

Fixes the (oh so old) issue on the MantisBT site #5466, whereby
concurrent edits to a single issue can overwrite field data.

These changes allow MantisBT to spot a conflicting edit, stopping
it from overwriting the first edit with the second. It's very much
a blunt tool (flat-out refusal to save), but it works.

Signed-off-by: Damien Regad <dregad@mantisbt.org>

- Error message revised as discussed in the pull request
- Squashed commits

Fixes #5466, PR #212
  • Loading branch information...
pantsmanuk authored and dregad committed Jun 17, 2014
1 parent c593f90 commit 4ef0e69b05b05eda92505b2fd38e79218b3cbe17
Showing with 9 additions and 0 deletions.
  1. +1 −0 bug_change_status_page.php
  2. +5 −0 bug_update.php
  3. +1 −0 bug_update_page.php
  4. +1 −0 core/constant_inc.php
  5. +1 −0 lang/strings_english.txt
@@ -150,6 +150,7 @@
<td class="form-title" colspan="2">
<input type="hidden" name="bug_id" value="<?php echo $f_bug_id ?>" />
<input type="hidden" name="status" value="<?php echo $f_new_status ?>" />
+ <input type="hidden" name="last_updated" value="<?php echo $t_bug->last_updated ?>" />
<?php echo lang_get( $t_status_label . '_bug_title' ) ?>
</td>
</tr>
View
@@ -100,6 +100,7 @@
$t_updated_bug->eta = gpc_get_int( 'eta', $t_existing_bug->eta );
$t_updated_bug->fixed_in_version = gpc_get_string( 'fixed_in_version', $t_existing_bug->fixed_in_version );
$t_updated_bug->handler_id = gpc_get_int( 'handler_id', $t_existing_bug->handler_id );
+$t_updated_bug->last_updated = gpc_get_string( 'last_updated' );
$t_updated_bug->os = gpc_get_string( 'os', $t_existing_bug->os );
$t_updated_bug->os_build = gpc_get_string( 'os_build', $t_existing_bug->os_build );
$t_updated_bug->platform = gpc_get_string( 'platform', $t_existing_bug->platform );
@@ -121,6 +122,10 @@
$t_bug_note->view_state = gpc_get_bool( 'private', config_get( 'default_bugnote_view_status' ) == VS_PRIVATE ) ? VS_PRIVATE : VS_PUBLIC;
$t_bug_note->time_tracking = gpc_get_string( 'time_tracking', '0:00' );
+if( $t_existing_bug->last_updated !== $t_updated_bug->last_updated ) {
+ trigger_error( ERROR_BUG_CONFLICTING_EDIT, ERROR );
+}
+
# Determine whether the new status will reopen, resolve or close the issue.
# Note that multiple resolved or closed states can exist and thus we need to
# look at a range of statuses when performing this check.
View
@@ -179,6 +179,7 @@
<tr>
<td class="form-title" colspan="3">
<input type="hidden" name="bug_id" value="<?php echo $t_bug_id ?>" />
+ <input type="hidden" name="last_updated" value="<?php echo $t_bug->last_updated ?>" />
<?php echo lang_get( 'updating_bug_advanced_title' ); ?>
</td>
<td class="right" colspan="3">
View
@@ -304,6 +304,7 @@
define( 'ERROR_BUG_DUPLICATE_SELF', 1101 );
define( 'ERROR_BUG_READ_ONLY_ACTION_DENIED', 1103 );
define( 'ERROR_BUG_RESOLVE_DEPENDANTS_BLOCKING', 1104 );
+define( 'ERROR_BUG_CONFLICTING_EDIT', 1105 );
define( 'ERROR_BUG_REVISION_NOT_FOUND', 1150 );
# ERROR_EMAIL_*
View
@@ -1709,3 +1709,4 @@ $MANTIS_ERROR[ERROR_UPDATING_TIMEZONE] = 'Unable to update timezone.';
$MANTIS_ERROR[ERROR_DEPRECATED_SUPERSEDED] = 'Deprecated functionality: "%1$s", use "%2$s" instead.';
$MANTIS_ERROR[ERROR_DISPLAY_USER_ERROR_INLINE] = 'Warning: The system is configured to display MantisBT errors (E_USER_ERROR) inline. Program execution will continue; this may lead to system/data integrity issues.';
$MANTIS_ERROR[ERROR_TYPE_MISMATCH] = 'Data Type mismatch. Enable detailed error messages for further information.';
+$MANTIS_ERROR[ERROR_BUG_CONFLICTING_EDIT] = 'This issue has been updated by another user, please return to the issue and submit your changes again.';

0 comments on commit 4ef0e69

Please sign in to comment.