Protect $g_default_category_for_moves from deletion

dregad · dregad · commit 6f76cf63ecd2 · 2012-08-21T18:32:20.000+02:00
When a category defined as default_category_for_moves is deleted and an
issue is subsequently moved to another project where its current
category does not exist, it gets assigned a non-existing category. This
causes application error 1502 to be triggered whenever MantisBT tries to
display the issue's Category, which can cause a system lock up.

This commit reduces the risk of this situation from happening, by
preventing users from deleting categories which are used as default
(either defined in config_inc.php or in the config table).

Fixes #14478
diff --git a/core/constant_inc.php b/core/constant_inc.php
@@ -317,6 +317,7 @@
 define( 'ERROR_CATEGORY_NO_ACTION', 1501 );
 define( 'ERROR_CATEGORY_NOT_FOUND', 1502 );
 define( 'ERROR_CATEGORY_NOT_FOUND_FOR_PROJECT', 1503 );
+define( 'ERROR_CATEGORY_CANNOT_DELETE_DEFAULT', 1504 );
 
 # ERROR_VERSION_*
 define( 'ERROR_VERSION_DUPLICATE', 1600 );
diff --git a/lang/strings_english.txt b/lang/strings_english.txt
@@ -1568,6 +1568,7 @@ If you requested this verification, visit the following URL to change your passw
 	ERROR_CATEGORY_NO_ACTION => 'No copy action was specified.',
 	ERROR_CATEGORY_NOT_FOUND => 'Category not found.',
 	ERROR_CATEGORY_NOT_FOUND_FOR_PROJECT => 'Category "%1$s" not found for project "%2$s".',
+	ERROR_CATEGORY_CANNOT_DELETE_DEFAULT => 'This Category cannot be deleted, because it is defined as "Default Category For Moves".',
 	ERROR_VERSION_DUPLICATE => 'A version with that name already exists.',
 	ERROR_VERSION_NOT_FOUND => 'Version "%1$s" not found.',
 	ERROR_USER_NAME_INVALID => 'The username is invalid. Usernames may only contain Latin letters, numbers, spaces, hyphens, dots, plus signs and underscores.',
diff --git a/manage_proj_cat_delete.php b/manage_proj_cat_delete.php
@@ -66,6 +66,16 @@
 
 access_ensure_project_level( config_get( 'manage_project_threshold' ), $t_project_id );
 
+# Protect the 'default category for moves' from deletion
+$t_default_cat = 'default_category_for_moves';
+$t_config_table = db_get_table( 'config' );
+$t_query = "SELECT count(config_id) FROM $t_config_table "
+	. "WHERE config_id = " . db_param() . " AND value = " . db_param();
+$t_default_cat_count = db_result( db_query_bound( $t_query, array( $t_default_cat, $f_category_id ) ) );
+if( $t_default_cat_count > 0 || $f_category_id == config_get_global( $t_default_cat ) ) {
+	trigger_error( ERROR_CATEGORY_CANNOT_DELETE_DEFAULT, ERROR );
+}
+
 # Get a bug count
 $t_bug_table = db_get_table( 'bug' );
 $t_query = "SELECT COUNT(id) FROM $t_bug_table WHERE category_id=" . db_param();
