[Mantisbt-dev] Another patch for 1.0.0rc3

[Pieter v. B. <pi...@dj...>]

in file core/filter_api.php:

@@ -164,15 +164,16 @@
            $t_public = VS_PUBLIC;
            $t_private = VS_PRIVATE;
            switch ( $t_filter['view_state'] ) {
-               case META_FILTER_ANY:
-                   array_push( $t_where_clauses, "($t_bug_table.view_state='$t_public' OR $t_bug_table.reporter_id='$t_user_id')" );
-                   break;
                case VS_PUBLIC:
                    array_push( $t_where_clauses, "($t_bug_table.view_state='$t_public')" );
                    break;
                case VS_PRIVATE:
                    array_push( $t_where_clauses, "($t_bug_table.view_state='$t_private' AND $t_bug_table.reporter_id='$t_user_id')" );
                    break;
+               case META_FILTER_ANY:
+               default:
+                   array_push( $t_where_clauses, "($t_bug_table.view_state='$t_public' OR $t_bug_table.reporter_id='$t_user_id')" );
+                   break;
            }
        } else {
            $t_view_state = db_prepare_int( $t_filter['view_state'] );



This is an UGLY fix: if fixes the symptoms, but not the underlying
problem, which I couldn't find.
The problem was that in bug-overviews, like view_all_bugs, private bugs
were listed for which the current user had no permissions.
I made "META_FILTER_ANY" the default in the switch statement, which
solved the bug, but I guess $t_filter['view_state'] should not be empty
in the first place, which is often is...

Greetings,
Pieter