MantisBT: master a908cc61
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
Paul Richards | Paul Richards | master | 2011-08-29 05:43 | master 224b0f8b |
Affected Issues | 0013281: MantisBT Security Vulnerabilities Notification | |||
Changeset | Rework the bug action group api such that we can easily convert this to an object in the future, and to validate calls to require once. This leads to a security issue identified by IBM's Appscan program, whereby calls to require_once are not validated. There will be a follow up commit to config api - probably:
At the moment, the action group API calls config_get with a project parameter to use. This is ignored, due to project_override being set - so we either need to: |
|||
mod - bug_actiongroup_add_note_inc.php | Diff File | |||
mod - bug_actiongroup_attach_tags_inc.php | Diff File | |||
mod - bug_actiongroup_ext.php | Diff File | |||
mod - bug_actiongroup_ext_page.php | Diff File | |||
mod - bug_actiongroup_page.php | Diff File | |||
mod - bug_actiongroup_update_product_build_inc.php | Diff File | |||
mod - bug_actiongroup_update_severity_inc.php | Diff File | |||
mod - core/bug_group_action_api.php | Diff File |