View Issue Details

IDProjectCategoryView StatusLast Update
0021610mantisbtbugtrackerpublic2016-08-28 01:12
ReportercproensaAssigned Tocproensa 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.3.0 
Target Version1.3.1Fixed in Version1.3.1 
Summary0021610: Revert to multiple form security tokens per page
Description

Revert the logic introduced by fix for Issue 0020142, in which one single
form security token is used for all action links.
The side effect is that only one of those actions can be performed from
the specific originating page.
This is especially a drawback when the actions are links that can be open
in new browsers tabs.

Reverting to separate tokens allows to perform all the actions without
having to reload the originating page.

Note, the original performance issue was solved at the session layer
with 8092c3d.

TagsNo tags attached.

Activities

cproensa

cproensa

2016-08-14 18:38

developer   ~0053799

Last edited: 2016-08-14 18:39

View 2 revisions

At first i'd go for actions that are presented as links (instead of buttons)
Eg: attachment delete links: 0020142

But probably, actions presented as buttons (eg: bugnote delete) shuold also be reverted to previous capabilities.

cproensa

cproensa

2016-08-14 19:02

developer   ~0053800

PR: https://github.com/mantisbt/mantisbt/pull/848

Related Changesets

MantisBT: master-1.3.x f160663f

2016-08-14 18:25:05

cproensa


Committer: vboctor Details Diff
Revert multiple tokens for attachement delete links

Revert the logic introduced by fix for Issue 0020142, in which one single
form security token is used for all action links.
The side effect is that only one of those actions can be performed from
the specific originating page.
This is especially a drawback when the actions are links that can be open
in new browsers tabs.

Reverting to separate tokens allows to perform all the actions without
having to reload the originating page.

Note, the original performance issue was solved at the session layer
with 8092c3d.

Fixes: 0021610
mod - core/print_api.php Diff File

MantisBT: master-1.3.x 77db0389

2016-08-14 18:54:36

cproensa


Committer: vboctor Details Diff
Use multiple tokens for bug revision page

As discussed in 0021610, actions presented as links should generate
separate form security tokens.
This commit fixes the drop revision links for bug_revision_view_page

Fixes: 0021610
mod - bug_revision_view_page.php Diff File

Issue History

Date Modified Username Field Change
2016-08-14 18:37 cproensa New Issue
2016-08-14 18:38 cproensa Note Added: 0053799
2016-08-14 18:39 cproensa Note Edited: 0053799 View Revisions
2016-08-14 19:02 cproensa Note Added: 0053800
2016-08-18 12:02 cproensa Assigned To => cproensa
2016-08-18 12:02 cproensa Status new => assigned
2016-08-26 01:04 vboctor Changeset attached => MantisBT master-1.3.x f160663f
2016-08-26 01:04 vboctor Changeset attached => MantisBT master-1.3.x 77db0389
2016-08-26 01:04 vboctor Assigned To cproensa => vboctor
2016-08-26 01:04 vboctor Status assigned => resolved
2016-08-26 01:04 vboctor Resolution open => fixed
2016-08-26 01:04 vboctor Fixed in Version => 1.3.1
2016-08-26 02:40 atrol Assigned To vboctor => cproensa
2016-08-26 02:40 atrol Target Version => 1.3.1
2016-08-28 01:12 vboctor Status resolved => closed