Check project permissions with wrong id

Talk about developing The Bug Genie, or modules and extensions for The Bug Genie
Post Reply
J0rge
Posts: 2
Joined: Fri Jun 03, 2016 8:59 pm

Check project permissions with wrong id

Post by J0rge » Mon Jun 06, 2016 4:22 pm

Hi guys.
I have found a problem recently. I describe it in the following paragraph.
I do not know if this is the place to report it. Please excuse me if not.

I testing TBG v4.1.8.
Line 2135 of core\entities\User.php:

Code: Select all

if ($target_id != 0 && Project::getB2DBTable()->selectById($target_id) instanceof \thebuggenie\core\entities\Project)
Produces the following query database:

Code: Select all

SELECT projects20.name AS projects20_name, projects20.prefix AS projects20_prefix, ...
FROM `projects` `projects20` 
LEFT JOIN `files` `files94` ON (`files94`.`id`=`projects20`.`small_icon`) 
LEFT JOIN `files` `files95` ON (`files95`.`id`=`projects20`.`large_icon`) 
LEFT JOIN `workflow_schemes` `workflow_schemes97` ON (`workflow_schemes97`.`id`=`projects20`.`workflow_scheme_id`) 
LEFT JOIN `issuetype_schemes` `issuetype_schemes99` ON (`issuetype_schemes99`.`id`=`projects20`.`issuetype_scheme_id`) 
LEFT JOIN `clients` `clients101` ON (`clients101`.`id`=`projects20`.`client`) 
LEFT JOIN `projects` `projects102` ON (`projects102`.`id`=`projects20`.`parent`)
LEFT JOIN `teams` `teams103` ON (`teams103`.`id`=`projects20`.`leader_team`) 
LEFT JOIN `users` `users104` ON (`users104`.`id`=`projects20`.`leader_user`) 
LEFT JOIN `teams` `teams105` ON (`teams105`.`id`=`projects20`.`qa_responsible_team`) 
LEFT JOIN `users` `users106` ON (`users106`.`id`=`projects20`.`qa_responsible_user`) 
LEFT JOIN `teams` `teams107` ON (`teams107`.`id`=`projects20`.`owner_team`) 
LEFT JOIN `users` `users108` ON (`users108`.`id`=`projects20`.`owner_user`) 
LEFT JOIN `scopes` `scopes109` ON (`scopes109`.`id`=`projects20`.`scope`) 
WHERE (`projects20`.`id` = 26) LIMIT 1
Where 26 is not the project id. Maybe is a customfield or a listtype. I am working with an issue of the project id 12. This happens in workflow state transition of issue.

Thanks for the great work you do.
Regards.

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 1 guest