0034348: Adding issue note with REST API returns HTTP 500 when given view_state is invalid - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0034348	mantisbt	api rest	public	2024-03-22 16:04	2024-05-12 12:34

Reporter	acoder2020	Assigned To	dregad
Priority	normal	Severity	block	Reproducibility	always
Status	closed	Resolution	fixed
Platform	MantisBT 2.26.0	OS	RHEL	OS Version	8
Target Version	2.26.2	Fixed in Version	2.26.2

Summary	0034348: Adding issue note with REST API returns HTTP 500 when given view_state is invalid
Description	Failed to add comments to MantisBT under Mantis BugID 188. HTTP Code: 500 at line 63 Response: Slim Application Error The application could not run because of the following error: Details Type: TypeError Message: Argument 1 passed to helper_parse_view_state() must be of the type array, string given, called in /data/www/mantis/mantisbt-2.26.0/core/commands/IssueNoteAddCommand.php on line 295 File: /data/www/mantis/mantisbt-2.26.0/core/helper_api.php Line: 775 Trace #0 /data/www/mantis/mantisbt-2.26.0/core/commands/IssueNoteAddCommand.php(295): helper_parse_view_state() #1 /data/www/mantis/mantisbt-2.26.0/core/commands/IssueNoteAddCommand.php(148): IssueNoteAddCommand->parseViewState() #2 /data/www/mantis/mantisbt-2.26.0/core/commands/Command.php(139): IssueNoteAddCommand->validate() #3 /data/www/mantis/mantisbt-2.26.0/api/rest/restcore/issues_rest.php(278): Command->execute() #4 [internal function]: rest_issue_note_add() #5 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/Handlers/Strategies/RequestResponse.php(40): call_user_func() #6 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/Route.php(281): Slim\Handlers\Strategies\RequestResponse->__invoke() #7 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/MiddlewareAwareTrait.php(117): Slim\Route->__invoke() #8 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/Route.php(268): Slim\Route->callMiddlewareStack() #9 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/App.php(503): Slim\Route->run() #10 /data/www/mantis/mantisbt-2.26.0/api/rest/restcore/ApiEnabledMiddleware.php(40): Slim\App->__invoke() #11 [internal function]: ApiEnabledMiddleware->__invoke() #12 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/DeferredCallable.php(57): call_user_func_array() #13 [internal function]: Slim\DeferredCallable->__invoke() #14 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/MiddlewareAwareTrait.php(70): call_user_func() #15 /data/www/mantis/mantisbt-2.26.0/api/rest/restcore/AuthMiddleware.php(120): Slim\App->Slim\{closure}() #16 [internal function]: AuthMiddleware->__invoke() #17 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/DeferredCallable.php(57): call_user_func_array() #18 [internal function]: Slim\DeferredCallable->__invoke() #19 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/MiddlewareAwareTrait.php(70): call_user_func() #20 /data/www/mantis/mantisbt-2.26.0/api/rest/restcore/VersionMiddleware.php(31): Slim\App->Slim\{closure}() #21 [internal function]: VersionMiddleware->__invoke() #22 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/DeferredCallable.php(57): call_user_func_array() #23 [internal function]: Slim\DeferredCallable->__invoke() #24 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/MiddlewareAwareTrait.php(70): call_user_func() #25 /data/www/mantis/mantisbt-2.26.0/api/rest/restcore/OfflineMiddleware.php(35): Slim\App->Slim\{closure}() #26 [internal function]: OfflineMiddleware->__invoke() #27 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/DeferredCallable.php(57): call_user_func_array() #28 [internal function]: Slim\DeferredCallable->__invoke() #29 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/MiddlewareAwareTrait.php(70): call_user_func() #30 /data/www/mantis/mantisbt-2.26.0/api/rest/restcore/CacheMiddleware.php(30): Slim\App->Slim\{closure}() #31 [internal function]: CacheMiddleware->__invoke() #32 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/DeferredCallable.php(57): call_user_func_array() #33 [internal function]: Slim\DeferredCallable->__invoke() #34 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/MiddlewareAwareTrait.php(70): call_user_func() #35 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/MiddlewareAwareTrait.php(117): Slim\App->Slim\{closure}() #36 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/App.php(392): Slim\App->callMiddlewareStack() #37 /data/www/mantis/mantisbt-2.26.0/vendor/slim/slim/Slim/App.php(297): Slim\App->process() #38 /data/www/mantis/mantisbt-2.26.0/api/rest/index.php(181): Slim\App->run() #39 {main}
Steps To Reproduce	Ran the following code: <?php // curl URL $url_issue_notes = "https://mantis.example.com/api/rest/issues/188/notes"; // Data to be sent via POST $fields = [ 'bug_id' => 188, 'text' => 'This is a test', 'view_state' => '10', 'created_at' => '2024-03-22 12:13:14', 'reporter' => [ 'name' => 'acoder2020' ] ]; // URL-encode the data for the POST $fields_string = http_build_query($fields); $headers = [ 'Authorization: '.$api_token, 'Content-Type: application/json', ]; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url_issue_notes); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($fields)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $response = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); $arr_response = json_decode($response,true); if ($httpCode == 200 \|\| $httpCode == 201) { if ($debug_output) { echo "<p>Comments added successfully to MantisBT under Mantis BugID $mantis_issue_id!</p>"; } } else { echo "<p>Failed to add comments to MantisBT under Mantis BugID $mantis_issue_id. HTTP Code: $httpCode at line " . __LINE__; echo "<p>Response: " . $response; exit; } curl_close($ch); ?>
Additional Information	I haven't been able to successfully post a comment yet. I can post issues with attachments and custom fields with REST API just not comments.
Tags	No tags attached.

dregad 2024-03-24 10:50 developer ~0068695	The problem is that you're passing view_state as an integer, it should be an array `"view_state": { "name": "public" }` or if you want to work by value `"view_state": { "id": 10 }`. That being said, the API should not be throwing a 500 error in this case, but 400 BAD REQUEST.

dregad 2024-03-24 11:39 developer ~0068696	PR https://github.com/mantisbt/mantisbt/pull/1981

acoder2020 2024-03-25 11:24 reporter ~0068703	Very separately could the formatting be fixed in this particular bug comments section? I'd submit a report if I knew how to do that with the bug interface specifically.

acoder2020 2024-03-25 11:27 reporter ~0068704	Changing `'view_state' => $mantis_view_state,` to `'view_state' => [ 'id' => $mantis_view_state ],` Fixed this issue for me.

dregad 2024-03-25 11:59 developer ~0068705	Fixed this issue for me. Thanks for confirming. Once the pull request gets merged, the API will fail more gracefully (i.e. you'll get a 400 error with a meaningful error message, i.e. Invalid view state). could the formatting be fixed in this particular bug comments section? I'd submit a report if I knew how to do that with the bug interface specifically. I'm sorry I do not understand what you mean. Can you please clarify ?

acoder2020 2024-03-25 15:12 reporter ~0068706	The formatting is off in your initial reply above: "The problem is that you're passing view_state as an integer, it should be an array "view_state": { "name": "public" } or if you want to work by value "view_state": { "id": 10 }."

acoder2020 2024-03-25 15:13 reporter ~0068707	Is it possible to send an array of multiple comments at once, rather than posting each individual note one at a time?

acoder2020 2024-03-25 15:14 reporter ~0068708	It would be great to have the same editor formatting tools here in this bug section as we do in MantisBT proper. More so here, so we can better format and highlight text to help explain.

dregad 2024-03-26 04:28 developer ~0068713 Last edited: 2024-03-26 04:28	The formatting is off in your initial reply above: I suppose you mean the display of JSON as `"view_state": { "name": "public" }` instead of "view_state": { "name": "public" } If so, this is a known, long-standing bug with our Markdown formatting, which converts < to `<` and " to `"` - see 0024810. This is currently being worked on. Is it possible to send an array of multiple comments at once, rather than posting each individual note one at a time? The REST API currently does not allow this, but you're welcome to file a new Issue to track this feature request, and even better submit a pull request with a proposed implementation. It would be great to have the same editor formatting tools here in this bug section as we do in MantisBT proper Sorry but I still don't get it. What do you mean by "MantisBT proper" ? There are no formatting tools or WYSIWIG editor in MantisBT, we just use plain HTML textarea elements, in which you can type Markdown text to have it formatted.

acoder2020 2024-03-26 09:01 reporter ~0068715	like this: Screenshot from 2024-03-26 09-00-50.png (30,304 bytes) Screenshot from 2024-03-26 09-00-50.png (30,304 bytes)

MantisBT: master-2.26 9e7617de 2024-03-24 11:29 dregad Details Diff	Fix invalid view_state handling when adding bugnote Remove array type on $p_view_state parameter which was causing a PHP TypeError when REST API client was providing an unexpected value. Throw a ClientException if $p_view_state is not an array. Fixes 0034348		Affected Issues 0034348
	mod - core/helper_api.php		Diff File

View Issue Details

Relationships

Activities

Related Changesets