View Issue Details

IDProjectCategoryView StatusLast Update
0011494mantisbtbugtrackerpublic2014-12-08 00:34
ReporterdhxAssigned Todhx 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.0 
Target Version1.3.0-beta.1Fixed in Version1.3.0-beta.1 
Summary0011494: Don't allow *_inc.php files to be called directly
Description

The _inc.php files in the MantisBT root path should not do anything if they're called directly by the user. There _inc.php files should only do something if they're called from another PHP script.

TagsNo tags attached.

Relationships

related to 0015721 closedgrangeway Functionality to consider porting to master-2.0.x 
has duplicate 0013899 closedgrangeway CVE-2011-3755: sensitive information via a direct request to a .php file 

Activities

grangeway

grangeway

2013-04-05 17:57

reporter   ~0036514

Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch

Related Changesets

MantisBT: master 008d02ab

2010-02-12 02:07:12

dhx

Details Diff
Fix 0011494: Don't allow *_inc.php files to be called directly

The *_inc.php files in the MantisBT root path should not do anything if
they're called directly by the user. There *_inc.php files should only
do something if they're called from another PHP script.
mod - bug_sponsorship_list_view_inc.php Diff File
mod - bug_actiongroup_update_severity_inc.php Diff File
mod - account_prof_edit_page.php Diff File
mod - bugnote_stats_inc.php Diff File
mod - bug_view_inc.php Diff File
mod - bug_update_advanced_page.php Diff File
mod - account_prefs_page.php Diff File
mod - bug_actiongroup_add_note_inc.php Diff File
mod - account_sponsor_update.php Diff File
mod - account_prof_menu_page.php Diff File
mod - bug_file_upload_inc.php Diff File
mod - bug_actiongroup_update_product_build_inc.php Diff File
mod - account_prefs_inc.php Diff File
mod - bug_reminder_page.php Diff File
mod - view.php Diff File
mod - bugnote_view_inc.php Diff File
mod - bug_monitor_list_view_inc.php Diff File
mod - bug_actiongroup_attach_tags_inc.php Diff File
mod - print_all_bug_options_update.php Diff File
mod - account_prof_update.php Diff File
mod - billing_inc.php Diff File
mod - bug_relationship_graph.php Diff File
mod - manage_user_edit_page.php Diff File
mod - excel_xml_export.php Diff File
mod - my_view_inc.php Diff File
mod - billing_page.php Diff File
mod - print_all_bug_options_reset.php Diff File
mod - view_all_inc.php Diff File
mod - my_view_page.php Diff File
mod - print_bugnote_inc.php Diff File
mod - print_all_bug_options_inc.php Diff File
mod - manage_columns_inc.php Diff File
mod - manage_config_columns_page.php Diff File
mod - print_bug_page.php Diff File
mod - view_all_bug_page.php Diff File
mod - print_all_bug_options_page.php Diff File
mod - bugnote_add_inc.php Diff File
mod - history_inc.php Diff File
mod - bug_change_status_page.php Diff File
mod - core/bug_group_action_api.php Diff File
mod - account_manage_columns_page.php Diff File
mod - account_sponsor_page.php Diff File

Issue History

Date Modified Username Field Change
2010-02-11 20:41 dhx New Issue
2010-02-11 20:41 dhx Status new => assigned
2010-02-11 20:41 dhx Assigned To => dhx
2010-02-11 21:11 dhx Target Version 1.2.2 => 1.3.0-beta.1
2010-02-11 21:12 dhx Status assigned => resolved
2010-02-11 21:12 dhx Fixed in Version => 1.3.0-beta.1
2010-02-11 21:12 dhx Resolution open => fixed
2010-02-11 21:20 dhx Changeset attached master 008d02ab =>
2010-04-23 23:23 dhx Status resolved => closed
2012-02-15 19:17 grangeway Relationship added has duplicate 0013899
2013-04-05 17:57 grangeway Status closed => acknowledged
2013-04-05 17:57 grangeway Note Added: 0036514
2013-04-05 18:04 grangeway Relationship added related to 0015721
2013-04-06 03:44 dregad Status acknowledged => resolved
2013-04-06 07:20 grangeway Status resolved => acknowledged
2013-04-06 09:26 dregad Tag Attached: 2.0.x check
2013-04-06 09:26 dregad Status acknowledged => resolved
2014-09-23 18:05 grangeway Tag Detached: 2.0.x check
2014-12-08 00:34 vboctor Status resolved => closed