View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017993 | mantisbt | authentication | public | 2015-01-03 14:41 | 2015-01-25 18:17 |
Reporter | chief1983 | Assigned To | dregad | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | Multiple | OS | Linux | OS Version | Multiple |
Product Version | 1.2.18 | ||||
Target Version | 1.2.19 | Fixed in Version | 1.2.19 | ||
Summary | 0017993: User creation with captcha broken by fix for issue 0017811 | ||||
Description | APPLICATION ERROR 2701 Session variable "captcha_key" not found. | ||||
Steps To Reproduce |
| ||||
Additional Information | As stated in the description, it seems related to the change in 0017811. CentOS also seems to have run across this issue (https://bugs.centos.org/view.php?id=7980), however I am confirming that this also happens on http://scp.indiegames.us/mantis. Rather than go with CentOS' option and just disable captcha usage, it would be nice to see a fix for this in the next 1.2.x maintenance release. I don't plan on adopting 1.3.x immediately after release and would rather not downgrade back to 1.2.17 and place more security holes on the system instead of less, such as CVE-2014-9117, or eliminating captcha altogether. | ||||
Tags | No tags attached. | ||||
Attached Files | fix-17993-with-session-reopen.patch (1,893 bytes)
commit 5b880f31f19d7eb8378a5c089f40758f66c8b12f Author: Damien Regad <dregad@mantisbt.org> Date: 2015-01-02 01:32:41 +0100 Fix captcha validation Following 7bb78e4581ff1092c811ea96582fe602624cdcdd, it was no longer possible to validate the captcha, because the PHP session is destroyed as part of the logout performed in signup.php. We now retrieve the captcha key from the session before logging out, and recreate the session variable after that. Fixes #17993 diff --git a/core/session_api.php b/core/session_api.php index ff1230a..9f2ab4d 100644 --- a/core/session_api.php +++ b/core/session_api.php @@ -171,6 +171,7 @@ class MantisPHPSession extends MantisSession { } unset( $_SESSION[ $this->key ] ); + session_write_close(); } } diff --git a/signup.php b/signup.php index 37f3f27..b63e772 100644 --- a/signup.php +++ b/signup.php @@ -37,9 +37,16 @@ $f_email = email_append_domain( trim( $f_email ) ); $f_captcha = utf8_strtolower( trim( $f_captcha ) ); + # Retrieve captcha key now, as session might get cleared by logout + $t_form_key = session_get_int( CAPTCHA_KEY, null ); + # force logout on the current user if already authenticated if( auth_is_user_authenticated() ) { auth_logout(); + # Restart session and save captcha key again to ensure consistent + # behavior when the page is reloaded + session_init(); + session_set( CAPTCHA_KEY, $t_form_key ); } # Check to see if signup is allowed @@ -50,8 +57,6 @@ if( ON == config_get( 'signup_use_captcha' ) && get_gd_version() > 0 && helper_call_custom_function( 'auth_can_change_password', array() ) ) { - $t_form_key = session_get( CAPTCHA_KEY ); - # captcha image requires GD library and related option to ON $t_key = utf8_strtolower( utf8_substr( md5( config_get( 'password_confirm_hash_magic_string' ) . $t_form_key ), 1, 5) ); | ||||
I noticed this behavior as well, and confirm the regression was introduced by 0017811 (commit 7bb78e45) |
|
Pull request for review https://github.com/mantisbt/mantisbt/pull/566 |
|
Attaching the original patch with session close & reopen to keep a record of it, following discussion in PR 566 not to do it. |
|
If you have upgraded to 1.2.18 and are affected by this issue, you probably don't want to wait for 1.2.19 and most likely don't want to downgrade back to 1.2.17 or whatever version you originally came from either. Feel free to apply the patch in commit 1eab7aca (see below): |
|
MantisBT: master-1.2.x 7bb78e45 2014-11-24 18:28 Committer: dregad Details Diff |
Use session rather than form key for captcha Fixes 0017811 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017811, 0017993 |
|
mod - core/constant_inc.php | Diff File | ||
mod - make_captcha_img.php | Diff File | ||
mod - signup.php | Diff File | ||
mod - signup_page.php | Diff File | ||
MantisBT: master-1.2.x 1eab7aca 2015-01-01 14:32 Details Diff |
Fix captcha validation Following 7bb78e4581ff1092c811ea96582fe602624cdcdd, it was no longer possible to validate the captcha, because the PHP session is destroyed as part of the logout performed in signup.php. We now retrieve the captcha key from the session before logging out. Fixes 0017993 |
Affected Issues 0017993 |
|
mod - core/session_api.php | Diff File | ||
mod - signup.php | Diff File |