Changesets: MantisBT
|
master-1.2.x 599364b2 2014-11-01 12:10 Paul Richards Committer: dregad Details Diff |
Do not pass raw user data to unserialize Filters were moved to TOKEN api, so the code in current_user_api to handle ?filter= on URL query strings is a left over from this move and is no longer necessary. This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. Fixes 0017875 [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017875 |
|
| mod - core/current_user_api.php | Diff File | ||
|
master-1.2.x bed19db9 2014-11-01 10:45 Details Diff |
XML Import: Fix php code injection vulnerability Egidio Romano discovered a vulnerability in the XML import plugin. User input passed through the "description" field (and the "issuelink" attribute) of the uploaded XML file isn't properly sanitized before being used in a call to the preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary PHP code when the Import/Export plugin is installed. This fix is a partial backport from a master branch commit which has been confirmed as addressing the issue (84017535f8718685d755d58af7a39d80f52ffca8) excluding changes not relevant to fixing the security issue, including subsequent fixes (aea1a348043979e75a6cc021e4a0a7f8d3bb7211, 4350b4d4f0ee4fba423edcae1cd2117dc1e2d63b). Fixes 0017725 (CVE-2014-7146) |
Affected Issues 0017725 |
|
| mod - plugins/XmlImportExport/ImportXml.php | Diff File | ||
|
mantishub-1.3.x-20150418_1638 5824329b 2014-10-31 22:02 Victor Boctor Details Diff |
Fixes 0017826: Support disabling per project upload path | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/file_api.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Configuration.xml | Diff File | ||
| mod - manage_proj_create_page.php | Diff File | ||
| mod - manage_proj_edit_page.php | Diff File | ||
|
mantishub-1.3.x-20150418_1638 248a2c37 2014-10-31 21:55 Victor Boctor Details Diff |
Fix php error related to intercom integration | ||
| mod - core/mantishub_api.php | Diff File | ||
|
master 3214fb59 2014-10-31 21:54 Committer: vboctor Details Diff |
Float the details view action buttons toward the left Fixes 0017819 Signed-off-by: Victor Boctor <victor@mantishub.net> |
Affected Issues 0017819 |
|
| mod - bug_view_inc.php | Diff File | ||
| mod - core/html_api.php | Diff File | ||
| mod - css/default.css | Diff File | ||
|
master d7937574 2014-10-31 20:59 Committer: vboctor Details Diff |
Align issue titles and remove title hyperlink Fixes 0017824 Signed-off-by: Victor Boctor <victor@mantishub.net> |
Affected Issues 0017824 |
|
| mod - css/default.css | Diff File | ||
| mod - my_view_inc.php | Diff File | ||
|
master a9f5b923 2014-10-31 18:40 Details Diff |
Changing columns for single projects - Simply manage columns access checks/form paramters - Set user id to NO USER when in Manage - Manage Columns and Logged in User when in My Account - Manage Columns. - Allow user to set columns for all / current project based on active project. Fixes 0013699 |
Affected Issues 0013699 |
|
| mod - manage_columns_inc.php | Diff File | ||
| mod - manage_config_columns_set.php | Diff File | ||
|
master 0d04111d 2014-10-30 20:46 Details Diff |
Increase size of custom field possible valus field | ||
| mod - manage_custom_field_edit_page.php | Diff File | ||
|
master 692d4915 2014-10-30 20:42 Details Diff |
Display custom fields possible values separator It is currently hard for users to guess the separator to use for the custom fields possible values. Add a localized string to display next to the field on the form Fixes 0017825 |
Affected Issues 0017825 |
|
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_custom_field_edit_page.php | Diff File | ||
|
master b420f322 2014-10-30 20:03 Details Diff |
Go to install after login if db upgrade required If admin checks are enabled and database upgrade is required then redirect to install page instead of the return or default pages. This will help direct the user towards upgrading rather than visiting normal pages and getting php errors. Fixes 0017806 |
Affected Issues 0017806 |
|
| mod - login.php | Diff File | ||
| mod - login_page.php | Diff File | ||
|
master d774b890 2014-10-30 19:58 Details Diff |
Fix token upgrade error If a user is already logged in and visits a page, then it may create a token using the json encoding. Then user goes to upgrade the php unserialize() fails. Now we check in case of php unserialize() failure that the token isn't a valid json token before erroring out. Fixes 0017806 |
Affected Issues 0017806 |
|
| mod - core/install_helper_functions_api.php | Diff File | ||
|
master-1.2.x e5fc835a 2014-10-30 15:29 Paul Richards Committer: dregad Details Diff |
Fix 0017876: XSS in copy_field.php This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017876 |
|
| mod - admin/copy_field.php | Diff File | ||
|
master 50237338 2014-10-30 15:00 Paul Richards Committer: dregad Details Diff |
Incorrect access check on attachment downloads Even if config variables $g_download_attachments_threshold and $g_view_attachments_threshold are set to 55 (developer), users with lower privileges can download attachments. Fixes 0017742 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017742 |
|
| mod - core/file_api.php | Diff File | ||
|
master-1.2.x 5f0b150b 2014-10-30 15:00 Paul Richards Committer: dregad Details Diff |
Incorrect access check on attachment downloads Even if config variables $g_download_attachments_threshold and $g_view_attachments_threshold are set to 55 (developer), users with lower privileges can download attachments. Fixes 0017742 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017742 |
|
| mod - core/file_api.php | Diff File | ||
|
master 7c7c2ac7 2014-10-30 14:53 Paul Richards Committer: dregad Details Diff |
DB Credentials leak in upgrade_unattended.php Retrieve credentials from Mantis system configuration instead of accepting them from POST parameters. This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. Fixes 0017877 [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017877 |
|
| mod - admin/upgrade_unattended.php | Diff File | ||
|
master 3bb2bee6 2014-10-30 14:43 Paul Richards Committer: dregad Details Diff |
Ensure username is valid in login_page.php This is a fix to improve the behaviour of login_page against possible XSS exploits to ensure that a username is valid before displaying it back to the user when entered. Fixes 0017338 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017338 |
|
| mod - login_page.php | Diff File | ||
|
master-1.2.x d6e16b6f 2014-10-30 14:43 Paul Richards Committer: dregad Details Diff |
Ensure username is valid in login_page.php This is a fix to improve the behaviour of login_page against possible XSS exploits to ensure that a username is valid before displaying it back to the user when entered. Fixes 0017338 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017338 |
|
| mod - login_page.php | Diff File | ||
|
master 6efa02f6 2014-10-30 14:40 Paul Richards Committer: dregad Details Diff |
Prevent unauthorized users setting handler when reporting issue Adding a security check to block the update when access level is insufficient. Fixes 0017878 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017878 |
|
| mod - bug_report.php | Diff File | ||
|
master-1.2.x b2f91c02 2014-10-30 14:40 Paul Richards Committer: dregad Details Diff |
Prevent unauthorized users setting handler when reporting issue Adding a security check to block the update when access level is insufficient. Fixes 0017878 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017878 |
|
| mod - bug_report.php | Diff File | ||
|
master-1.2.x 0bff06ec 2014-10-30 14:04 Paul Richards Committer: dregad Details Diff |
Fix 0017583: XSS in projax_api.php Offensive Security reported this issue via their bug bounty program [1]. The Projax library does not properly escape html strings. An attacker could take advantage of this to perform an XSS attack using the profile/Platform field. [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017583 |
|
| mod - core/projax_api.php | Diff File | ||
|
master ee419986 2014-10-30 08:01 Details Diff |
Added badge for Travis build health to readme file | ||
| mod - readme.md | Diff File | ||
|
master 5faf97ab 2014-10-30 06:31 Details Diff |
SQL injection in mc_project_get_attachments() This is a follow-up on CVE-2014-1609 / issue 0016880. Edwin Gozeling and Wim Visser from ITsec Security Services BV (http://www.itsec.nl) discovered that the fix in 0016880 did not fully address the problem. Their research demonstrate that using a specially crafted project id parameter, an attacker could still perform an SQL injection. The same issue was also reported by Paul Richards in issue 0017823. This patch fixes the problem by typecasting the Project ID parameter to Integer. Fixes 0017812, CVE-2014-8554 |
Affected Issues 0016880, 0017812, 0017823 |
|
| mod - api/soap/mc_project_api.php | Diff File | ||
|
master-1.2.x 99ffb0af 2014-10-30 06:31 Details Diff |
SQL injection in mc_project_get_attachments() This is a follow-up on CVE-2014-1609 / issue 0016880. Edwin Gozeling and Wim Visser from ITsec Security Services BV (http://www.itsec.nl) discovered that the fix in 0016880 did not fully address the problem. Their research demonstrate that using a specially crafted project id parameter, an attacker could still perform an SQL injection. The same issue was also reported by Paul Richards in issue 0017823. This patch fixes the problem by typecasting the Project ID parameter to Integer. Fixes 0017812, CVE-2014-8554 |
Affected Issues 0016880, 0017812, 0017823 |
|
| mod - api/soap/mc_project_api.php | Diff File | ||
|
master 747249b8 2014-10-29 19:27 Details Diff |
Merge pull request 0000515 from vboctor/Issue17658 Fix "Workflow Transitions" override marking |
||
| mod - manage_config_work_threshold_page.php | Diff File | ||
| mod - manage_config_workflow_page.php | Diff File | ||
| mod - manage_config_workflow_set.php | Diff File | ||
|
master 423a7752 2014-10-28 07:04 Details Diff |
Merge branch 'Issue16993_SoapHandlerCheck' | ||
| mod - api/soap/mc_issue_api.php | Diff File | ||
