View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017889 | mantisbt | security | public | 2014-11-15 09:27 | 2015-02-13 16:46 |
Reporter | dregad | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.13 | ||||
Target Version | 1.2.18 | Fixed in Version | 1.2.18 | ||
Summary | 0017889: CVE-2014-8986: adm_config_report.php filtering does not check config option is valid | ||||
Description | This is created to document a change that was implemented via pull requests
| ||||
Tags | No tags attached. | ||||
MantisBT: master cabacdc2 2014-05-31 14:59 Paul Richards Details Diff |
Fix: adm_config_report.php filtering does not check config option is valid I've left this throwing ERROR_GENERIC as the only time this should be able to be hit is if we have invalid input to start with. |
Affected Issues 0017889 |
|
mod - adm_config_report.php | Diff File | ||
MantisBT: master 3d0625d8 2014-08-08 14:48 Details Diff |
adm_config_report: improve invalid config handling When receiving an invalid config_id, the page will default the select to [any] (META_FILTER_NONE) instead of adding the invalid config to the list. Improvement over cabacdc291c251bfde0dc2a2c945c02cef41bf40, we don't really need to trigger an error here, it's more user-friendly to fall back to a sensible default, similar to what we do when given an invalid project. |
Affected Issues 0017889 |
|
mod - adm_config_report.php | Diff File | ||
MantisBT: master-1.2.x e326b73a 2014-11-15 04:29 Details Diff |
adm_config_report: invalid config handling When receiving an invalid config_id, the page will default the select to [any] (META_FILTER_NONE) instead of adding the invalid config to the list. This is a backport of cabacdc291c251bfde0dc2a2c945c02cef41bf40 and 3d0625d84d5d08a998673713df1711e1d46b0b86 from master. Fixes 0017889 |
Affected Issues 0017889 |
|
mod - adm_config_report.php | Diff File |