Protect $g_default_category_for_moves from deletion

When a category defined as default_category_for_moves is deleted and an issue is subsequently moved to another project where its current category does not exist, it gets assigned a non-existing category. This causes application error 1502 to be triggered whenever MantisBT tries to display the issue's Category, which can cause a system lock up. This commit reduces the risk of this situation from happening, by preventing users from deleting categories which are used as default (either defined in config_inc.php or in the config table). Fixes #14478
mantisbt · Aug 21, 2012 · f50762c · f50762c
1 parent 6641edc
commit f50762c
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 0 deletions.
diff --git a/core/constant_inc.php b/core/constant_inc.php
@@ -317,6 +317,7 @@
 define( 'ERROR_CATEGORY_NO_ACTION', 1501 );
 define( 'ERROR_CATEGORY_NOT_FOUND', 1502 );
 define( 'ERROR_CATEGORY_NOT_FOUND_FOR_PROJECT', 1503 );
+define( 'ERROR_CATEGORY_CANNOT_DELETE_DEFAULT', 1504 );
 
 # ERROR_VERSION_*
 define( 'ERROR_VERSION_DUPLICATE', 1600 );

diff --git a/lang/strings_english.txt b/lang/strings_english.txt
@@ -249,6 +249,7 @@ $MANTIS_ERROR[ERROR_CATEGORY_DUPLICATE] = 'A category with that name already exi
 $MANTIS_ERROR[ERROR_CATEGORY_NO_ACTION] = 'No copy action was specified.';
 $MANTIS_ERROR[ERROR_CATEGORY_NOT_FOUND] = 'Category not found.';
 $MANTIS_ERROR[ERROR_CATEGORY_NOT_FOUND_FOR_PROJECT] = 'Category "%1$s" not found for project "%2$s".';
+$MANTIS_ERROR[ERROR_CATEGORY_CANNOT_DELETE_DEFAULT] = 'This Category cannot be deleted, because it is defined as "Default Category For Moves".';
 $MANTIS_ERROR[ERROR_VERSION_DUPLICATE] = 'A version with that name already exists.';
 $MANTIS_ERROR[ERROR_VERSION_NOT_FOUND] = 'Version "%1$s" not found.';
 $MANTIS_ERROR[ERROR_USER_NAME_INVALID] = 'The username is invalid. Usernames may only contain Latin letters, numbers, spaces, hyphens, dots, plus signs and underscores.';

diff --git a/manage_proj_cat_delete.php b/manage_proj_cat_delete.php
@@ -40,6 +40,16 @@
 
 	access_ensure_project_level( config_get( 'manage_project_threshold' ), $t_project_id );
 
+	# Protect the 'default category for moves' from deletion
+	$t_default_cat = 'default_category_for_moves';
+	$t_config_table = db_get_table( 'mantis_config_table' );
+	$t_query = "SELECT count(config_id) FROM $t_config_table "
+		. "WHERE config_id = " . db_param() . " AND value = " . db_param();
+	$t_default_cat_count = db_result( db_query_bound( $t_query, array( $t_default_cat, $f_category_id ) ) );
+	if( $t_default_cat_count > 0 || $f_category_id == config_get_global( $t_default_cat ) ) {
+		trigger_error( ERROR_CATEGORY_CANNOT_DELETE_DEFAULT, ERROR );
+	}
+
 	# Get a bug count
 	$t_bug_table = db_get_table( 'mantis_bug_table' );
 	$t_query = "SELECT COUNT(id) FROM $t_bug_table WHERE category_id=" . db_param();