Changesets: MantisBT
master-1.2.x 3a7f454b 2009-07-06 11:14 Details Diff |
Add CSRF protection for bug_relationship_delete | ||
mod - bug_relationship_delete.php | Diff File | ||
mod - core/relationship_api.php | Diff File | ||
master-1.2.x f9912ae0 2009-07-06 11:02 Details Diff |
Add CSRF protection for manage_user_prune | ||
mod - manage_user_prune.php | Diff File | ||
master-1.2.x ca79ad27 2009-07-06 11:00 Details Diff |
Add CSRF protection for manage_user_proj_delete | ||
mod - manage_user_proj_delete.php | Diff File | ||
master-1.2.x 4c60b432 2009-07-06 10:57 Details Diff |
Add CSRF protection for manage_plugin_upgrade | ||
mod - manage_plugin_upgrade.php | Diff File | ||
mod - manage_plugin_page.php | Diff File | ||
master-1.2.x e336d859 2009-07-06 10:53 Details Diff |
Add CSRF protection for manage_plugin_uninstall | ||
mod - manage_plugin_uninstall.php | Diff File | ||
mod - manage_plugin_page.php | Diff File | ||
master-1.2.x bc5d9263 2009-07-06 10:51 Details Diff |
Add CSRF protection for manage_plugin_install | ||
mod - manage_plugin_install.php | Diff File | ||
mod - manage_plugin_page.php | Diff File | ||
master-1.2.x a25ad89a 2009-07-06 10:49 Details Diff |
Add CSRF protection for bugnote_set_view_state | ||
mod - bugnote_set_view_state.php | Diff File | ||
master-1.2.x 49867281 2009-07-06 10:43 Details Diff |
Add CSRF protection for bugnote_delete | ||
mod - bugnote_delete.php | Diff File | ||
master-1.2.x 59498710 2009-07-06 10:38 Details Diff |
Add CSRF protection for bug_file_delete | ||
mod - bug_file_delete.php | Diff File | ||
mod - core/print_api.php | Diff File | ||
master-1.2.x 88b4537d 2009-07-06 10:19 Details Diff |
Add CSRF protection for bug_assign_reporter | ||
mod - bug_assign_reporter.php | Diff File | ||
master-1.2.x 2e3c614a 2009-07-06 10:16 Details Diff |
Add CSRF protection for adm_config_delete | ||
mod - adm_config_delete.php | Diff File | ||
master-1.2.x a45d0ef5 2009-07-06 10:12 Details Diff |
Add CSRF protection to print_button function As an additional note for this patch, we should ideally be sending parameters to this function via $p_args_to_post where those parameters are being used to change the state of Mantis. At the moment a form security token is created for every call of print_button whereas we really only need to do it when !empty($p_args_to_post). This requires a bit of extra work outside the scope of this patch, and almost all uses of print_button are to modify Mantis in some way, hence this partial fix. |
||
mod - manage_proj_edit_page.php | Diff File | ||
mod - manage_proj_page.php | Diff File | ||
mod - core/print_api.php | Diff File | ||
master-1.2.x 948f0b89 2009-07-06 09:12 Details Diff |
CSRF protection not needed in filter_api | ||
mod - core/filter_api.php | Diff File | ||
master-1.2.x 151ff562 2009-07-06 09:09 Details Diff |
CSRF protection not needed for action confirmation step | ||
mod - core/helper_api.php | Diff File | ||
master-1.2.x 2e5da604 2009-07-06 09:04 Details Diff |
CSRF protection not needed for bug_change_status_page | ||
mod - core/html_api.php | Diff File | ||
master-1.2.x 23c2f765 2009-07-06 09:03 Details Diff |
CSRF protection not needed for set_project | ||
mod - core/html_api.php | Diff File | ||
master-1.2.x bc480a19 2009-07-06 09:01 Details Diff |
CSRF protection not needed for login/reauthentication | ||
mod - core/authentication_api.php | Diff File | ||
mod - login_page.php | Diff File | ||
master-1.2.x 20d9284c 2009-07-06 08:03 Details Diff |
CSRF protection not needed for set_project | ||
mod - login_select_proj_page.php | Diff File | ||
master-1.2.x 875e2320 2009-07-06 07:58 Details Diff |
Cleanup form token usage on manage_proj_edit_page | ||
mod - manage_proj_edit_page.php | Diff File | ||
master-1.2.x 9cd32f8c 2009-07-06 07:55 Details Diff |
Add CSRF protection for plugin_xml_import_action | ||
mod - plugins/XmlImportExport/pages/import.php | Diff File | ||
mod - plugins/XmlImportExport/pages/import_action.php | Diff File | ||
master-1.2.x f1b399d4 2009-07-06 07:47 Details Diff |
Add CSRF protection for print_all_bug_options_reset | ||
mod - print_all_bug_options_reset.php | Diff File | ||
mod - print_all_bug_options_inc.php | Diff File | ||
master-1.2.x b4706981 2009-07-06 07:46 Details Diff |
Add CSRF protection for print_all_bug_options_update | ||
mod - print_all_bug_options_inc.php | Diff File | ||
mod - print_all_bug_options_update.php | Diff File | ||
master-1.2.x 2fe3ee52 2009-07-06 07:43 Details Diff |
CSRF protection not needed for print_all_bug_page | ||
mod - print_all_bug_page.php | Diff File | ||
master-1.2.x f6654b05 2009-07-06 07:42 Details Diff |
CSRF protection not needed for view_all_set | ||
mod - print_all_bug_page.php | Diff File | ||
master-1.2.x 9590cfc8 2009-07-06 07:37 Details Diff |
CSRF protection not needed for view_all_set | ||
mod - view_filters_page.php | Diff File |