Project

General

Profile

Actions
Copy link

Defect #9749

closed

Entering data into the 'Parent Task' field in new or updated issues causes redmine to log out the current user.

Added by James Kyle about 13 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jean-Philippe Lang
Category:
Issues
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

About your application's environment
Ruby version              1.8.7 (x86_64-linux)
RubyGems version          1.4.2
Rack version              1.1.2
Rails version             2.3.14
Active Record version     2.3.14
Active Resource version   2.3.14
Action Mailer version     2.3.14
Active Support version    2.3.14
Application root          /home/redmine/releases/20111207004106
Environment               production
Database adapter          postgresql
Database schema version   20111201201315

About your Redmine plugins
Redmine Backlogs              master branch (unstable)
Redmine Tags                  0.0.1
Redmine Workflow Viz plugin   0.0.1

The following log output occurs when the field is populated:

Processing AutoCompletesController#issues (for x.x.x.x at 2011-12-07 17:42:31) [POST]
  Parameters: {"project_id"=>"riak", "action"=>"issues", "amp"=>nil, "id"=>"6907", "q"=>"6898", "controller"=>"auto_completes"}
Filter chain halted as [:check_if_login_required] rendered_or_redirected.
Completed in 9ms (View: 1, DB: 2) | 401 Unauthorized [https://redmine.domain.com/issues/auto_complete?id=6907&project_id=riak]

As you can see, redmine performs a login check and returns "unauthorized". The user account that performed this action is a site wide administrator with full rights. The behavior did not arise until we recently updated to master (from a relatively old deployment).

I can take that request, /issues/auto_complete?id=6907&project_id=riak, log in and directly call the url and I get a 200 OK response.

The last thing of interest is the javascript console error output. I've attached a screen shot, but the only error is "ReferenceError: Can't find variable: WarnLeavingUnsaved" that comes from this call "

Event.observe(window, 'load', function(){ new WarnLeavingUnsaved('The current page contains unsaved text that will be lost if you leave this page.'); });

The rest are just 401 responses. I've also included a screen shot of the behavior when a user populates the parent task field.

Let me know if I can provide more information.

Files

Download all files
Screen Shot 2011-12-07 at 9.41.05 AM.png (71.5 KB) Screen Shot 2011-12-07 at 9.41.05 AM.png HTTP Auth Drop down on Parent Task Entry James Kyle, 2011-12-07 18:59
Screen Shot 2011-12-07 at 9.55.04 AM.png (34.9 KB) Screen Shot 2011-12-07 at 9.55.04 AM.png javascript error James Kyle, 2011-12-07 18:59

Related issues

Related to Redmine - Defect #9752: "Subtasks autocompletion" feature breaks "Add related issue" scenarioClosed

Actions
Actions
Copy link

Also available in: Atom PDF