[ZBX-22613] API method "script.execute" fails if authorized by token Created: 2023 Mar 29  Updated: 2024 Jun 19  Resolved: 2023 Aug 14

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: API (A)
Affects Version/s: 6.0.17, 6.2.8, 6.4.2
Fix Version/s: 6.0.21rc1, 6.4.6rc1, 7.0.0alpha4, 7.0 (plan)

Type: Problem report Priority: Major
Reporter: Konstantin Assignee: Elina Pulke (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Causes
Duplicate
Team: Team C
Sprint: Sprint 102 (Jul 2023), Sprint 103 (Aug 2023)
Story Points: 0.5

 Description   

Steps to reproduce:

  1. Create API token
  2. Create script
  3. Execute API method 'script.execute' on some host

Result:
**

Error in nginx logs on server:

2023/03/30 01:43:21 [error] 818#818: *588901 FastCGI sent in stderr: "PHP message: PHP Warning:  Undefined array key "sessionid" in /usr/share/zabbix/include/classes/api/services/CScript.php on line 941PHP message: PHP Fatal error:  Uncaught TypeError: CZabbixServer::executeScript(): Argument #2 ($sid) must be of type string, null given, called in /usr/share/zabbix/include/classes/api/services/CScript.php on line 943 and defined in /usr/share/zabbix/include/classes/server/CZabbixServer.php:153
Stack trace:
#0 /usr/share/zabbix/include/classes/api/services/CScript.php(943): CZabbixServer->executeScript()
#1 /usr/share/zabbix/include/classes/api/clients/CLocalApiClient.php(121): CScript->execute()
#2 /usr/share/zabbix/include/classes/core/CJsonRpc.php(75): CLocalApiClient->callMethod()
#3 /usr/share/zabbix/api_jsonrpc.php(63): CJsonRpc->execute()
#4 {main}

Expected:
Expected successful execution.

 Comments   
Comment by Konstantin [ 2023 Mar 29 ]

Patch:

diff --git a/ui/include/classes/api/services/CScript.php b/ui/include/classes/api/services/CScript.php
index e5d676e887..1490fa01e6 100644
--- a/ui/include/classes/api/services/CScript.php
+++ b/ui/include/classes/api/services/CScript.php
@@ -1047,7 +1047,7 @@ class CScript extends CApiService {
                        timeUnitToSeconds(CSettingsHelper::get(CSettingsHelper::CONNECT_TIMEOUT)),
                        timeUnitToSeconds(CSettingsHelper::get(CSettingsHelper::SCRIPT_TIMEOUT)), ZBX_SOCKET_BYTES_LIMIT
                );
-               $result = $zabbix_server->executeScript($data['scriptid'], self::$userData['sessionid'],
+               $result = $zabbix_server->executeScript($data['scriptid'], self::$userData['sessionid'] ?? self::$userData['token'],
                        $is_event ? null : $data['hostid'],
                        $is_event ? $data['eventid'] : null
                );
diff --git a/ui/include/classes/api/services/CUser.php b/ui/include/classes/api/services/CUser.php
index 4256db6a45..9ffc18ce18 100644
--- a/ui/include/classes/api/services/CUser.php
+++ b/ui/include/classes/api/services/CUser.php
@@ -1752,6 +1752,8 @@ class CUser extends CApiService {
                }
 
                if ($token !== null) {
+                       $db_user['token'] = $token;
+
                        // Check permissions.
                        if ($permissions['users_status'] == GROUP_STATUS_DISABLED || $db_user['deprovisioned']) {
                                self::exception(ZBX_API_ERROR_NO_AUTH, _('Not authorized.'));
Comment by Elina Pulke (Inactive) [ 2023 Jul 25 ]

Fixed in development branch feature/ZBX-22613-6.0 and feature/ZBX-22613-6.4.

Comment by Elina Pulke (Inactive) [ 2023 Aug 03 ]

Fixed in:

Generated at Tue Jul 01 07:24:42 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.