View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0016410 | mantisbt | administration | public | 2013-09-26 03:36 | 2014-12-08 02:07 |
Reporter | dregad | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.3.0dev | ||||
Target Version | 1.3.0-beta.1 | ||||
Summary | 0016410: "Delete project settings" buttons on manage config pages do not redirect properly | ||||
Description | When clicking the "Delete project settings" to reset workflow/permissions on manage_config_email_page.php, manage_config_work_threshold_page.php and manage_config_workflow_page.php, Mantis redirects to the user's default home page instead of returning to the correct manage page as expected. | ||||
Tags | No tags attached. | ||||
MantisBT: master 38b02126 2011-01-19 19:01 Details Diff |
kill form_action_self(). It seems we can avoid setting an explicit action on forms posting to same page. This system has the additional benefit of not breaking setups with a front controller script hadling page requests. |
Affected Issues 0016410 |
|
mod - core/helper_api.php | Diff File | ||
mod - core/authentication_api.php | Diff File | ||
mod - manage_config_email_page.php | Diff File | ||
mod - bugnote_stats_inc.php | Diff File | ||
mod - billing_inc.php | Diff File | ||
mod - core/form_api.php | Diff File | ||
mod - manage_config_work_threshold_page.php | Diff File | ||
mod - manage_config_workflow_page.php | Diff File | ||
MantisBT: master 8d7b8400 2013-09-25 23:45 Details Diff |
Reintroduce form_action_self() api This is a partial revert of 38b0212651d368b85858a3820ddbc0150ae32a42. There are some cases, specifically in the manage_config_* pages, where form_action_self() is not used directly as a form's action, but passed to another script to be used for redirections. Using '' instead of $_SERVER['PHP_SELF'] in this context results in incorrect redirection (i.e. Mantis will redirect to the user's default page). Fixes 0016410 |
Affected Issues 0016410 |
|
mod - core/form_api.php | Diff File | ||
mod - manage_config_email_page.php | Diff File | ||
mod - manage_config_work_threshold_page.php | Diff File | ||
mod - manage_config_workflow_page.php | Diff File | ||
MantisBT: master 033a5045 2013-09-25 23:57 Details Diff |
Prevent XSS issues relating to PHP_SELF Selectively porting the security fixes for issue 0013191 from dhx's original commit e679a1c02978ba1b811959dedc358598fc595458, following the reintroduction of the form_action_self() function in master branch to fix issue 0016410. |
Affected Issues 0013191, 0016410 |
|
mod - core/form_api.php | Diff File | ||
mod - manage_config_email_page.php | Diff File | ||
mod - manage_config_work_threshold_page.php | Diff File | ||
mod - manage_config_workflow_page.php | Diff File |