View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011326 | mantisbt | attachments | public | 2010-01-05 03:21 | 2014-07-22 13:56 |
Reporter | dhx | Assigned To | dhx | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0rc2 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0011326: Invalid form security token error displayed instead of file upload size too large error | ||||
Description | When a user attempts to upload a file that is too large (via bug_file_add.php) the form POST values are not available to PHP. Therefore the forum token security check will always fail first, resulting in the wrong error message being shown to the user. Instead, the check for blank POST form values should be performed first and a "maximum file size exceeded" message shown to the user. If the file size looks OK (from this initial check) then we can proceed to check the form security token, knowing that any error message generated now will be relevant. | ||||
Tags | No tags attached. | ||||
MantisBT: master-1.2.x 67762d7e 2010-01-05 03:13 Details Diff |
Fix 0011326: Don't show form security token error for oversized uploads When a user attempts to upload a file that is too large (via bug_file_add.php) the form POST values are not available to PHP. Therefore the forum token security check will always fail first, resulting in the wrong error message being shown to the user. Instead, the check for blank POST form values should be performed first and a "maximum file size exceeded" message shown to the user. If the file size looks OK (from this initial check) then we can proceed to check the form security token, knowing that any error message generated now will be relevant. |
Affected Issues 0011326 |
|
mod - bug_file_add.php | Diff File | ||
MantisBT: master 45771c63 2010-01-05 03:13 Details Diff |
Fix 0011326: Don't show form security token error for oversized uploads When a user attempts to upload a file that is too large (via bug_file_add.php) the form POST values are not available to PHP. Therefore the forum token security check will always fail first, resulting in the wrong error message being shown to the user. Instead, the check for blank POST form values should be performed first and a "maximum file size exceeded" message shown to the user. If the file size looks OK (from this initial check) then we can proceed to check the form security token, knowing that any error message generated now will be relevant. |
Affected Issues 0011326 |
|
mod - bug_file_add.php | Diff File |