View Issue Details

IDProjectCategoryView StatusLast Update
0025429mantisbtapi restpublic2019-03-16 20:20
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.11.0 
Target Version2.20.0Fixed in Version2.20.0 
Summary0025429: Undefined variable t_show_detailed_errors in API REST
Description

When a called API endpoint triggers an unhandled exception, it is caught by the REST API's default handler in api/rest/index.php, but the error handling code in the closure refers to a $t_show_detailed_errors variable that is defined outside of the function's scope.

Steps To Reproduce

Trigger an exception in an API route callback function.

Additional Information
Notice: Undefined variable: t_show_detailed_errors in /home/ubuntu/workspace/mantisbt/api/rest/index.php on line 79

Call Stack:
    0.0004     242944   1. {main}() /home/ubuntu/workspace/mantisbt/api/rest/index.php:0
    0.0761    4500976   2. Slim\App->run() /home/ubuntu/workspace/mantisbt/api/rest/index.php:106
    0.0785    4762248   3. Slim\App->process() /home/ubuntu/workspace/mantisbt/vendor/slim/slim/Slim/App.php:315
    0.4508    5209504   4. Slim\App->handleException() /home/ubuntu/workspace/mantisbt/vendor/slim/slim/Slim/App.php:409
    0.4508    5210952   5. call_user_func_array() /home/ubuntu/workspace/mantisbt/vendor/slim/slim/Slim/App.php:686
    0.4508    5211792   6. {closure:/home/ubuntu/workspace/mantisbt/api/rest/index.php:56-84}() /home/ubuntu/workspace/mantisbt/vendor/slim/slim/Slim/App.php:686
TagsNo tags attached.

Relationships

related to 0023925 closedvboctor Site path leakage in error handler 

Activities

dregad

dregad

2019-02-01 11:13

developer   ~0061361

Last edited: 2019-02-01 11:14

This is a regression introduced when fixing issue 0023925 (see PR https://github.com/mantisbt/mantisbt/pull/1280, MantisBT master b2119ce0 )

Proposed fix https://github.com/mantisbt/mantisbt/pull/1455

Related Changesets

MantisBT: master b2119ce0

2018-02-05 20:24

vboctor


Details Diff
Show PHP exception in REST only if detailed errors is ON Affected Issues
0023925, 0025429
mod - api/rest/index.php Diff File

MantisBT: master af72555a

2019-02-01 06:03

dregad


Details Diff
Fix 'Undefined variable' PHP notice in API REST

Since the Slim Container's 'displayErrorDetails' setting is set to true
according to $t_show_detailed_errors's value, instead of referencing the
variable directly within the closure via a 'use' statement, we retrieve
the Container's settings to determine whether PHP exception details
should be shown or not.

Remove $t_show_detailed_errors variable as it is no longer needed.

Regression introduced by b2119ce0dc944f1db13813e863471e2bc3ae64f0.

Fixes 0025429
Affected Issues
0025429
mod - api/rest/index.php Diff File