Permalink
Browse files

Fix crash when report_bug_threshold=array in access_has_bug_level

When displaying a bug for which the user is not the reporter,
$g_limit_reporters=ON and the workflow is set so report_bug_threshold is
an array, MantisBT crashes with "PHP Fatal error: Unsupported operand
types".

This is due to use of '+ 1' to indicate that user should have the next
higher access level to view the issue. We now use the same logic but
within a foreach loop to check against each array element.

Fixes #15538
  • Loading branch information...
1 parent 73317ba commit b3276bbf50abdf53eaa9ef3b20ddb9461aaf1808 @dregad dregad committed Feb 25, 2013
Showing with 14 additions and 2 deletions.
  1. +14 −2 core/access_api.php
View
16 core/access_api.php
@@ -422,8 +422,20 @@ function access_has_bug_level( $p_access_level, $p_bug_id, $p_user_id = null ) {
# reporters can view just issues they reported
$t_limit_reporters = config_get( 'limit_reporters', null, $p_user_id, $t_project_id );
$t_report_bug_threshold = config_get( 'report_bug_threshold', null, $p_user_id, $t_project_id );
- if ( $t_limit_reporters && !bug_is_user_reporter( $p_bug_id, $p_user_id ) && !access_has_project_level( $t_report_bug_threshold + 1, $t_project_id, $p_user_id ) ) {
- return false;
+ if( !is_array( $t_report_bug_threshold ) ) {
+ $t_report_bug_threshold = array( $t_report_bug_threshold );
+ }
+ if( $t_limit_reporters && !bug_is_user_reporter( $p_bug_id, $p_user_id ) ) {
+ $t_has_access = false;
+ foreach( $t_report_bug_threshold as $t_threshold ) {
+ if( access_has_project_level( $t_threshold + 1, $t_project_id, $p_user_id ) ) {
+ $t_has_access = true;
+ break;
+ }
+ }
+ if( !$t_has_access ) {
+ return false;
+ }
}
# If the bug is private and the user is not the reporter, then

0 comments on commit b3276bb

Please sign in to comment.