Source Control Integration - MantisBT - Signup temporarily disabled due to spam

Author	Committer	Branch	Timestamp	Parent
dregad	dregad	master-1.3.x	2017-05-19 07:48	master-1.3.x b933abcb
Affected Issues	0022702: CVE-2017-7620: CSRF - Arbitrary Permalink Injection
Affected Issues	0022816: CVE-2017-7620: Open redirection vulnerability in /login_page.php
Changeset	Fix CSRF vulnerability in permalink_page.php John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org reported a CSRF vulnerability in permalink_page.php, allowing an attacker to inject arbitrary links (CVE-2017-7620). Backporting from master branch: Add form security token to prevent such injection (code changed from original commit) 0d11077d40c5dfdb76efdad9ba2b455af5be25a0 Encode '\' in string_sanitize_url() 7b23377c573817c5fe8b522e8c33de8b1caff179 Fixes 0022702, 0022816
	mod - core/filter_api.php			Diff File
	mod - core/string_api.php			Diff File
	mod - permalink_page.php			Diff File
	mod - tests/Mantis/StringTest.php			Diff File