View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008975 | mantisbt | security | public | 2008-03-14 20:20 | 2008-06-17 02:48 |
| Reporter | thraxisp | Assigned To | jreese | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.1.1 | ||||
| Target Version | 1.1.2 | Fixed in Version | 1.1.2 | ||
| Summary | 0008975: CSRF Vulnerabilities in user_create | ||||
| Description | Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities Name Multiple Vulnerabilities in Mantis There is a Cross Site Requst Forgery vulnerability in the software. If a logged in user with administrator privileges clicks on the following url: a new user 'foo' with administrator privileges is created. The password of the new user is sent to foo@attacker.com. | ||||
| Tags | patch | ||||
| Attached Files | post.patch (61,214 bytes)
Index: print_all_bug_options_update.php
===================================================================
--- print_all_bug_options_update.php (revision 5116)
+++ print_all_bug_options_update.php (working copy)
@@ -20,15 +20,16 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Updates printing prefs then redirect to print_all_bug_page_page.php
-?>
-<?php require_once( 'core.php' ) ?>
-<?php require( 'print_all_bug_options_inc.php' ) ?>
-<?php auth_ensure_user_authenticated() ?>
-<?php
+ require_once( 'core.php' );
+ require( 'print_all_bug_options_inc.php' );
+
+ helper_ensure_post();
+
+ auth_ensure_user_authenticated();
+
$f_user_id = gpc_get_int( 'user_id' );
$f_redirect_url = gpc_get_string( 'redirect_url' );
Index: news_delete.php
===================================================================
--- news_delete.php (revision 5116)
+++ news_delete.php (working copy)
@@ -20,15 +20,15 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'news_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_news_id = gpc_get_int( 'news_id' );
$row = news_get_row( $f_news_id );
Index: print_all_bug_options_reset.php
===================================================================
--- print_all_bug_options_reset.php (revision 5116)
+++ print_all_bug_options_reset.php (working copy)
@@ -30,6 +30,8 @@
require_once( $t_core_path.'current_user_api.php' );
require( 'print_all_bug_options_inc.php' );
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
# protected account check
Index: bug_reminder.php
===================================================================
--- bug_reminder.php (revision 5116)
+++ bug_reminder.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,11 +20,9 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# This page allows an authorized user to send a reminder by email to another user
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
@@ -32,8 +30,9 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'email_api.php' );
require_once( $t_core_path.'bugnote_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
$f_to = gpc_get_int_array( 'to' );
$f_body = gpc_get_string( 'body' );
Index: manage_proj_cat_copy.php
===================================================================
--- manage_proj_cat_copy.php (revision 5116)
+++ manage_proj_cat_copy.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'category_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: bug_relationship_add.php
===================================================================
--- bug_relationship_add.php (revision 5116)
+++ bug_relationship_add.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -29,6 +29,8 @@
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path . 'relationship_api.php' );
+ helper_ensure_post();
+
$f_rel_type = gpc_get_int( 'rel_type' );
$f_src_bug_id = gpc_get_int( 'src_bug_id' );
$f_dest_bug_id_string = gpc_get_string( 'dest_bug_id' );
Index: manage_plugin_update.php
===================================================================
--- manage_plugin_update.php (revision 5116)
+++ manage_plugin_update.php (working copy)
@@ -24,6 +24,8 @@
define( 'PLUGINS_DISABLED', true );
require_once( 'core.php' );
+helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
Index: manage_custom_field_create.php
===================================================================
--- manage_custom_field_create.php (revision 5116)
+++ manage_custom_field_create.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'custom_field_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_custom_fields_threshold' ) );
Index: manage_proj_custom_field_copy.php
===================================================================
--- manage_proj_custom_field_copy.php (revision 5116)
+++ manage_proj_custom_field_copy.php (working copy)
@@ -23,6 +23,8 @@
require_once('core.php');
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: manage_proj_user_copy.php
===================================================================
--- manage_proj_user_copy.php (revision 5116)
+++ manage_proj_user_copy.php (working copy)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: manage_plugin_upgrade.php
===================================================================
--- manage_plugin_upgrade.php (revision 5116)
+++ manage_plugin_upgrade.php (working copy)
@@ -24,6 +24,8 @@
define( 'PLUGINS_DISABLED', true );
require_once( 'core.php' );
+helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
Index: tag_update.php
===================================================================
--- tag_update.php (revision 5116)
+++ tag_update.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path . 'tag_api.php' );
+ helper_ensure_post();
+
compress_enable();
$f_tag_id = gpc_get_int( 'tag_id' );
Index: bug_relationship_delete.php
===================================================================
--- bug_relationship_delete.php (revision 5116)
+++ bug_relationship_delete.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -36,6 +36,8 @@
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path . 'relationship_api.php' );
+ helper_ensure_post();
+
$f_rel_id = gpc_get_int( 'rel_id' );
$f_bug_id = gpc_get_int( 'bug_id' );
Index: manage_proj_custom_field_update.php
===================================================================
--- manage_proj_custom_field_update.php (revision 5116)
+++ manage_proj_custom_field_update.php (working copy)
@@ -20,15 +20,15 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'custom_field_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_field_id = gpc_get_int( 'field_id' );
$f_project_id = gpc_get_int( 'project_id' );
$f_sequence = gpc_get_int( 'sequence' );
Index: account_sponsor_update.php
===================================================================
--- account_sponsor_update.php (revision 5116)
+++ account_sponsor_update.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,23 +20,21 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
- # This page updates a user's information
+
+ # This page updates a user's sponsorships
# If an account is protected then changes are forbidden
# The page gets redirected back to account_page.php
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'email_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
-?>
-<?php
+
$f_bug_list = gpc_get_string( 'buglist', '' );
$t_bug_list = explode( ',', $f_bug_list );
Index: account_prof_update.php
===================================================================
--- account_prof_update.php (revision 5116)
+++ account_prof_update.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -30,6 +30,8 @@
require_once( $t_core_path.'profile_api.php' );
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
Index: bugnote_delete.php
===================================================================
--- bugnote_delete.php (revision 5116)
+++ bugnote_delete.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,12 +20,10 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Remove the bugnote and bugnote text and redirect back to
# the viewing page
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
@@ -33,8 +31,9 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'bugnote_api.php' );
require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bugnote_id = gpc_get_int( 'bugnote_id' );
$t_bug_id = bugnote_get_field( $f_bugnote_id, 'bug_id' );
Index: lang/strings_english.txt
===================================================================
--- lang/strings_english.txt (revision 5116)
+++ lang/strings_english.txt (working copy)
@@ -313,6 +313,7 @@
$MANTIS_ERROR[ERROR_PLUGIN_PAGE_NOT_FOUND] = 'Plugin page not found.';
$MANTIS_ERROR[ERROR_COLUMNS_DUPLICATE] = 'Field \'%s\' contains duplcate column \'%s\'.';
$MANTIS_ERROR[ERROR_COLUMNS_INVALID] = 'Field \'%s\' contains invalid field \'%s\'';
+$MANTIS_ERROR[ERROR_INVALID_REQUEST_METHOD] = 'This page cannot be accessed using this method.';
$s_login_error = 'Your account may be disabled or blocked or the username/password you entered is incorrect.';
$s_login_cookies_disabled = 'Your browser either doesn\'t know how to handle cookies, or refuses to handle them.';
Index: manage_plugin_install.php
===================================================================
--- manage_plugin_install.php (revision 5116)
+++ manage_plugin_install.php (working copy)
@@ -24,6 +24,8 @@
define( 'PLUGINS_DISABLED', true );
require_once( 'core.php' );
+helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
Index: manage_proj_delete.php
===================================================================
--- manage_proj_delete.php (revision 5116)
+++ manage_proj_delete.php (working copy)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: bugnote_add.php
===================================================================
--- bugnote_add.php (revision 5116)
+++ bugnote_add.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,8 +20,7 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Insert the bugnote into the database then redirect to the bug page
require_once( 'core.php' );
@@ -31,6 +30,8 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'bugnote_api.php' );
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
$f_private = gpc_get_bool( 'private' );
$f_time_tracking = gpc_get_string( 'time_tracking', '0:00' );
Index: news_update.php
===================================================================
--- news_update.php (revision 5116)
+++ news_update.php (working copy)
@@ -20,8 +20,7 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
@@ -29,8 +28,9 @@
require_once( $t_core_path.'news_api.php' );
require_once( $t_core_path.'string_api.php' );
require_once( $t_core_path.'print_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_news_id = gpc_get_int( 'news_id' );
$f_project_id = gpc_get_int( 'project_id' );
$f_view_state = gpc_get_int( 'view_state' );
Index: query_store.php
===================================================================
--- query_store.php (revision 5116)
+++ query_store.php (working copy)
@@ -28,6 +28,8 @@
require_once( $t_core_path.'string_api.php' );
require_once( $t_core_path.'date_api.php' );
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
compress_enable();
Index: manage_proj_cat_add.php
===================================================================
--- manage_proj_cat_add.php (revision 5116)
+++ manage_proj_cat_add.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'category_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: bug_file_add.php
===================================================================
--- bug_file_add.php (revision 5116)
+++ bug_file_add.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,18 +20,17 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Add file to a bug and then view the bug
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'file_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id', -1 );
$f_file = gpc_get_file( 'file', -1 );
Index: lost_pwd.php
===================================================================
--- lost_pwd.php (revision 5116)
+++ lost_pwd.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -27,6 +27,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
# lost password feature disabled or reset password via email disabled -> stop here!
if( OFF == config_get( 'lost_password_feature' ) ||
OFF == config_get( 'send_reset_password' ) ||
Index: manage_plugin_uninstall.php
===================================================================
--- manage_plugin_uninstall.php (revision 5116)
+++ manage_plugin_uninstall.php (working copy)
@@ -24,6 +24,8 @@
define( 'PLUGINS_DISABLED', true );
require_once( 'core.php' );
+helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
Index: manage_proj_custom_field_add_existing.php
===================================================================
--- manage_proj_custom_field_add_existing.php (revision 5116)
+++ manage_proj_custom_field_add_existing.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'custom_field_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_field_id = gpc_get_int( 'field_id' );
Index: bug_assign_reporter.php
===================================================================
--- bug_assign_reporter.php (revision 5116)
+++ bug_assign_reporter.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,18 +20,17 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Assign bug to user then redirect to viewing page
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'bug_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_bug_id );
Index: bugnote_update.php
===================================================================
--- bugnote_update.php (revision 5116)
+++ bugnote_update.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,11 +20,9 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Update bugnote data then redirect to the appropriate viewing page
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
@@ -32,8 +30,9 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'bugnote_api.php' );
require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bugnote_id = gpc_get_int( 'bugnote_id' );
$f_bugnote_text = gpc_get_string( 'bugnote_text', '' );
$f_time_tracking = gpc_get_string( 'time_tracking', '0:00' );
Index: proj_doc_add.php
===================================================================
--- proj_doc_add.php (revision 5116)
+++ proj_doc_add.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'file_api.php' );
+ helper_ensure_post();
+
# Check if project documentation feature is enabled.
if ( OFF == config_get( 'enable_project_documentation' ) ) {
access_denied();
Index: manage_custom_field_delete.php
===================================================================
--- manage_custom_field_delete.php (revision 5116)
+++ manage_custom_field_delete.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'custom_field_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_custom_fields_threshold' ) );
Index: manage_user_create.php
===================================================================
--- manage_user_create.php (revision 5116)
+++ manage_user_create.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'email_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: manage_config_workflow_set.php
===================================================================
--- manage_config_workflow_set.php (revision 5116)
+++ manage_config_workflow_set.php (working copy)
@@ -26,6 +26,8 @@
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'email_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$t_can_change_level = min( config_get_access( 'notify_flags' ), config_get_access( 'default_notify_flags' ) );
Index: manage_proj_update.php
===================================================================
--- manage_proj_update.php (revision 5116)
+++ manage_proj_update.php (working copy)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: query_delete.php
===================================================================
--- query_delete.php (revision 5116)
+++ query_delete.php (working copy)
@@ -28,6 +28,8 @@
require_once( $t_core_path.'string_api.php' );
require_once( $t_core_path.'date_api.php' );
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
compress_enable();
Index: manage_proj_user_add.php
===================================================================
--- manage_proj_user_add.php (revision 5116)
+++ manage_proj_user_add.php (working copy)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: account_prof_add.php
===================================================================
--- account_prof_add.php (revision 5116)
+++ account_prof_add.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,23 +20,21 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# This file adds a new profile and redirects to account_proj_menu_page.php
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'profile_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
-?>
-<?php
+
$f_platform = gpc_get_string( 'platform' );
$f_os = gpc_get_string( 'os' );
$f_os_build = gpc_get_string( 'os_build' );
Index: manage_proj_cat_delete.php
===================================================================
--- manage_proj_cat_delete.php (revision 5116)
+++ manage_proj_cat_delete.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'category_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_category_id = gpc_get_string( 'id' );
Index: manage_proj_custom_field_remove.php
===================================================================
--- manage_proj_custom_field_remove.php (revision 5116)
+++ manage_proj_custom_field_remove.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'custom_field_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_field_id = gpc_get_int( 'field_id' );
Index: tag_attach.php
===================================================================
--- tag_attach.php (revision 5116)
+++ tag_attach.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path . 'tag_api.php' );
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
$f_tag_select = gpc_get_int( 'tag_select' );
$f_tag_string = gpc_get_string( 'tag_string' );
Index: admin/install_helper_functions.php
===================================================================
--- admin/install_helper_functions.php (revision 5116)
+++ admin/install_helper_functions.php (working copy)
@@ -17,6 +17,12 @@
# You should have received a copy of the GNU General Public License
# along with Mantis. If not, see <http://www.gnu.org/licenses/>.
+/**
+* check if database support exists
+*
+* @param string database type
+* @return bool
+*/
function check_database_support($p_db_type) {
$t_support = false;
switch ($p_db_type) {
@@ -44,6 +50,12 @@
return $t_support;
}
+ /**
+ * check if php meets minimum version
+ *
+ * @param string version information
+ * @return bool
+ */
function check_php_version( $p_version ) {
if ($p_version == PHP_MIN_VERSION) {
return true;
@@ -58,4 +70,58 @@
return false;
}
}
- }
\ No newline at end of file
+ }
+
+ /**
+ * print result in the proper colour
+ *
+ * @param bool pass/fail input
+ * @param bool true if failure is fatal
+ * @param string text message added to failures
+ * @return bool
+ */
+ function print_test_result( $p_result, $p_hard_fail=true, $p_message='' ) {
+ global $g_failed;
+ echo '<td ';
+ if ( BAD == $p_result ) {
+ if ( $p_hard_fail ) {
+ $g_failed = true;
+ echo 'bgcolor="red">BAD';
+ } else {
+ echo 'bgcolor="pink">POSSIBLE PROBLEM';
+ }
+ if ( '' != $p_message ) {
+ echo '<br />' . $p_message;
+ }
+ }
+
+ if ( GOOD == $p_result ) {
+ echo 'bgcolor="green">GOOD';
+ }
+ echo '</td>';
+ }
+
+ /**
+ * print test row
+ *
+ * @param string test title text
+ * @param bool pass/fail input
+ * @param bool true if failure is fatal
+ * @param string text message added to failures
+ * @return bool
+ */
+ function print_test( $p_test_description, $p_result, $p_hard_fail=true, $p_message='' ) {
+
+ echo "\n<tr><td bgcolor=\"#ffffff\">$p_test_description</td>";
+ print_test_result( $p_result, $p_hard_fail, $p_message );
+ echo "</tr>\n";
+ }
+
+ # --------
+ # create an SQLArray to insert data
+ function InsertData( $p_table, $p_data ) {
+ $query = "INSERT INTO " . $p_table . $p_data;
+ return Array( $query );
+ }
+
+
Index: admin/install.php
===================================================================
--- admin/install.php (revision 5116)
+++ admin/install.php (working copy)
@@ -37,45 +37,6 @@
$g_failed = false;
$g_database_upgrade = false;
- # -------
- # print test result
- function print_test_result( $p_result, $p_hard_fail=true, $p_message='' ) {
- global $g_failed;
- echo '<td ';
- if ( BAD == $p_result ) {
- if ( $p_hard_fail ) {
- $g_failed = true;
- echo 'bgcolor="red">BAD';
- } else {
- echo 'bgcolor="pink">POSSIBLE PROBLEM';
- }
- if ( '' != $p_message ) {
- echo '<br />' . $p_message;
- }
- }
-
- if ( GOOD == $p_result ) {
- echo 'bgcolor="green">GOOD';
- }
- echo '</td>';
- }
-
- # -------
- # print test header and result
- function print_test( $p_test_description, $p_result, $p_hard_fail=true, $p_message='' ) {
-
- echo "\n<tr><td bgcolor=\"#ffffff\">$p_test_description</td>";
- print_test_result( $p_result, $p_hard_fail, $p_message );
- echo "</tr>\n";
- }
-
- # --------
- # create an SQLArray to insert data
- function InsertData( $p_table, $p_data ) {
- $query = "INSERT INTO " . $p_table . $p_data;
- return Array( $query );
- }
-
# install_state
# 0 = no checks done
# 1 = server ok, get database information
Index: signup.php
===================================================================
--- signup.php (revision 5116)
+++ signup.php (working copy)
@@ -28,6 +28,8 @@
require_once( $t_core_path.'email_api.php' );
require_once( $t_core_path . 'disposable' . DIRECTORY_SEPARATOR . 'disposable.php' );
+ helper_ensure_post();
+
$f_username = strip_tags( gpc_get_string( 'username' ) );
$f_email = strip_tags( gpc_get_string( 'email' ) );
$f_captcha = gpc_get_string( 'captcha', '' );
Index: bug_actiongroup_ext.php
===================================================================
--- bug_actiongroup_ext.php (revision 5116)
+++ bug_actiongroup_ext.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -28,6 +28,8 @@
require_once( $t_core_path . 'bug_api.php' );
require_once( $t_core_path . 'bug_group_action_api.php' );
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
helper_begin_long_process();
Index: bug_monitor.php
===================================================================
--- bug_monitor.php (revision 5116)
+++ bug_monitor.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,18 +20,17 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# This file turns monitoring on or off for a bug for the current user
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'bug_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
$t_bug = bug_get( $f_bug_id, true );
Index: manage_custom_field_update.php
===================================================================
--- manage_custom_field_update.php (revision 5116)
+++ manage_custom_field_update.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'custom_field_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_custom_fields_threshold' ) );
Index: manage_config_columns_set.php
===================================================================
--- manage_config_columns_set.php (revision 5116)
+++ manage_config_columns_set.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -27,7 +27,9 @@
require_once( $t_core_path . 'columns_api.php' );
require_once( $t_core_path . 'gpc_api.php' );
-
+
+ helper_ensure_post();
+
# @@@ access_ensure_project_level( config_get( 'manage_project_threshold' ) );
$f_project_id = gpc_get_int( 'project_id' );
Index: manage_user_reset.php
===================================================================
--- manage_user_reset.php (revision 5116)
+++ manage_user_reset.php (working copy)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: manage_proj_update_children.php
===================================================================
--- manage_proj_update_children.php (revision 5116)
+++ manage_proj_update_children.php (working copy)
@@ -23,6 +23,8 @@
require_once( $t_core_path.'project_hierarchy_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: bug_file_delete.php
===================================================================
--- bug_file_delete.php (revision 5116)
+++ bug_file_delete.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -29,6 +29,8 @@
require_once( $t_core_path.'file_api.php' );
+ helper_ensure_post();
+
$f_file_id = gpc_get_int( 'file_id' );
$t_bug_id = file_get_field( $f_file_id, 'bug_id' );
Index: manage_config_email_set.php
===================================================================
--- manage_config_email_set.php (revision 5116)
+++ manage_config_email_set.php (working copy)
@@ -26,6 +26,8 @@
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'email_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$t_can_change_level = min( config_get_access( 'notify_flags' ), config_get_access( 'default_notify_flags' ) );
Index: manage_user_prune.php
===================================================================
--- manage_user_prune.php (revision 5116)
+++ manage_user_prune.php (working copy)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: manage_proj_ver_add.php
===================================================================
--- manage_proj_ver_add.php (revision 5116)
+++ manage_proj_ver_add.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'version_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: manage_user_delete.php
===================================================================
--- manage_user_delete.php (revision 5116)
+++ manage_user_delete.php (working copy)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: manage_proj_cat_update.php
===================================================================
--- manage_proj_cat_update.php (revision 5116)
+++ manage_proj_cat_update.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'category_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_category_id = gpc_get_int( 'category_id' );
Index: account_delete.php
===================================================================
--- account_delete.php (revision 5116)
+++ account_delete.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -43,6 +43,8 @@
# (none)
#============ Permissions ============
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
Index: manage_proj_ver_delete.php
===================================================================
--- manage_proj_ver_delete.php (revision 5116)
+++ manage_proj_ver_delete.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'version_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_version_id = gpc_get_int( 'version_id' );
Index: manage_proj_user_remove.php
===================================================================
--- manage_proj_user_remove.php (revision 5116)
+++ manage_proj_user_remove.php (working copy)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: bug_delete.php
===================================================================
--- bug_delete.php (revision 5116)
+++ bug_delete.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -29,6 +29,8 @@
$f_bug_id = gpc_get_int( 'bug_id' );
+ helper_ensure_post();
+
access_ensure_bug_level( config_get( 'delete_bug_threshold' ), $f_bug_id );
$t_bug = bug_get( $f_bug_id, true );
Index: manage_user_proj_delete.php
===================================================================
--- manage_user_proj_delete.php (revision 5116)
+++ manage_user_proj_delete.php (working copy)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: wiki.php
===================================================================
--- wiki.php (revision 5116)
+++ wiki.php (working copy)
@@ -28,6 +28,8 @@
require_once( $t_core_path . 'wiki_api.php' );
+ helper_ensure_post();
+
$f_id = gpc_get_int( 'id' );
$f_type = gpc_get_string( 'type', 'issue' );
Index: proj_doc_delete.php
===================================================================
--- proj_doc_delete.php (revision 5116)
+++ proj_doc_delete.php (working copy)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
# Check if project documentation feature is enabled.
if ( OFF == config_get( 'enable_project_documentation' ) ) {
access_denied();
Index: tag_detach.php
===================================================================
--- tag_detach.php (revision 5116)
+++ tag_detach.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path . 'tag_api.php' );
+ helper_ensure_post();
+
$f_tag_id = gpc_get_int( 'tag_id' );
$f_bug_id = gpc_get_int( 'bug_id' );
Index: news_add.php
===================================================================
--- news_add.php (revision 5116)
+++ news_add.php (working copy)
@@ -20,16 +20,16 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'news_api.php' );
require_once( $t_core_path.'print_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
access_ensure_project_level( config_get( 'manage_news_threshold' ) );
$f_view_state = gpc_get_int( 'view_state' );
Index: manage_user_update.php
===================================================================
--- manage_user_update.php (revision 5116)
+++ manage_user_update.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'email_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: account_prefs_update.php
===================================================================
--- account_prefs_update.php (revision 5116)
+++ account_prefs_update.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,21 +20,19 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Updates prefs then redirect to account_prefs_page.php3
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'user_pref_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
-?>
-<?php
+
$f_user_id = gpc_get_int( 'user_id' );
$f_redirect_url = gpc_get_string( 'redirect_url' );
Index: account_update.php
===================================================================
--- account_update.php (revision 5116)
+++ account_update.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,25 +20,23 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# This page updates a user's information
# If an account is protected then changes are forbidden
# The page gets redirected back to account_page.php
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'email_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
-?>
-<?php
+
$f_email = gpc_get_string( 'email', '' );
$f_realname = gpc_get_string( 'realname', '' );
$f_password = gpc_get_string( 'password', '' );
Index: manage_proj_ver_update.php
===================================================================
--- manage_proj_ver_update.php (revision 5116)
+++ manage_proj_ver_update.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'version_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_version_id = gpc_get_int( 'version_id' );
Index: core/database_api.php
===================================================================
--- core/database_api.php (revision 5116)
+++ core/database_api.php (working copy)
@@ -64,6 +64,7 @@
$g_db = ADONewConnection( $p_dsn );
$t_result = $g_db->IsConnected();
}
+ $g_db->LogSQL();
if ( $t_result ) {
# For MySQL, the charset for the connection needs to be specified.
Index: core/helper_api.php
===================================================================
--- core/helper_api.php (revision 5116)
+++ core/helper_api.php (working copy)
@@ -502,4 +502,16 @@
return (int)$t_min;
}
+
+ #
+ #-------------------------------------------------
+ # check access method is POST, return if true, else call error handler
+ function helper_ensure_post()
+ {
+ if ( isset( $_SERVER['REQUEST_METHOD'] ) && ( $_SERVER['REQUEST_METHOD'] != 'POST' ) ) {
+ trigger_error( ERROR_INVALID_REQUEST_METHOD, ERROR );
+ }
+
+ }
+
?>
Index: core/relationship_graph_api.php
===================================================================
--- core/relationship_graph_api.php (revision 5116)
+++ core/relationship_graph_api.php (working copy)
@@ -250,7 +250,8 @@
} else {
$t_graph_orientation = 'vertical';
}
-
+ $t_graph_attributes['fontpath'] = $t_graph_fontpath;
+
$t_graph = new Digraph( $t_id_string, $t_graph_attributes, $t_dot_tool );
$t_graph->set_default_node_attr( array (
Index: core/constant_inc.php
===================================================================
--- core/constant_inc.php (revision 5116)
+++ core/constant_inc.php (working copy)
@@ -194,6 +194,7 @@
define( 'ERROR_FTP_CONNECT_ERROR', 16 );
define( 'ERROR_HANDLER_ACCESS_TOO_LOW', 17 );
define( 'ERROR_PAGE_REDIRECTION', 18 );
+ define( 'ERROR_INVALID_REQUEST_METHOD', 19 );
# ERROR_CONFIG_*
define( 'ERROR_CONFIG_OPT_NOT_FOUND', 100 );
Index: manage_config_revert.php
===================================================================
--- manage_config_revert.php (revision 5116)
+++ manage_config_revert.php (working copy)
@@ -25,6 +25,8 @@
$t_core_path = config_get( 'core_path' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project', 0 );
Index: bug_report.php
===================================================================
--- bug_report.php (revision 5116)
+++ bug_report.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -32,6 +32,8 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'custom_field_api.php' );
+ helper_ensure_post();
+
access_ensure_project_level( config_get('report_bug_threshold' ) );
$t_bug_data = new BugData;
Index: bug_update.php
===================================================================
--- bug_update.php (revision 5116)
+++ bug_update.php (working copy)
@@ -20,11 +20,9 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Update bug data then redirect to the appropriate viewing page
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
@@ -32,8 +30,9 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'bugnote_api.php' );
require_once( $t_core_path.'custom_field_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
$f_update_mode = gpc_get_bool( 'update_mode', FALSE ); # set if called from generic update page
$f_new_status = gpc_get_int( 'status', bug_get_field( $f_bug_id, 'status' ) );
Index: bug_assign.php
===================================================================
--- bug_assign.php (revision 5116)
+++ bug_assign.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,18 +20,16 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Assign bug to user then redirect to viewing page
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'bug_api.php' );
-?>
-<?php
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
$t_bug = bug_get( $f_bug_id );
Index: bug_actiongroup.php
===================================================================
--- bug_actiongroup.php (revision 5116)
+++ bug_actiongroup.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,19 +20,18 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# This page allows actions to be performed an an array of bugs
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'bug_api.php' );
-?>
-<?php auth_ensure_user_authenticated() ?>
-<?php
+
+ helper_ensure_post();
+
+ auth_ensure_user_authenticated();
helper_begin_long_process();
$f_action = gpc_get_string( 'action' );
Index: manage_user_proj_add.php
===================================================================
--- manage_user_proj_add.php (revision 5116)
+++ manage_user_proj_add.php (working copy)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_user_id = gpc_get_int( 'user_id' );
Index: account_prefs_reset.php
===================================================================
--- account_prefs_reset.php (revision 5116)
+++ account_prefs_reset.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -47,6 +47,8 @@
$f_redirect_url = gpc_get_string( 'redirect_url', 'account_prefs_page.php' );
#============ Permissions ============
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
user_ensure_unprotected( $f_user_id );
Index: tag_delete.php
===================================================================
--- tag_delete.php (revision 5116)
+++ tag_delete.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path . 'tag_api.php' );
+ helper_ensure_post();
+
access_ensure_global_level( config_get( 'tag_edit_threshold' ) );
$f_tag_id = gpc_get_int( 'tag_id' );
Index: manage_proj_subproj_add.php
===================================================================
--- manage_proj_subproj_add.php (revision 5116)
+++ manage_proj_subproj_add.php (working copy)
@@ -25,6 +25,8 @@
$t_core_path = config_get( 'core_path' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: bug_set_sponsorship.php
===================================================================
--- bug_set_sponsorship.php (revision 5116)
+++ bug_set_sponsorship.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,14 +20,15 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path . 'sponsorship_api.php' );
+ helper_ensure_post();
+
if ( config_get( 'enable_sponsorship' ) == OFF ) {
trigger_error( ERROR_SPONSORSHIP_NOT_ENABLED, ERROR );
}
Index: adm_config_set.php
===================================================================
--- adm_config_set.php (revision 5116)
+++ adm_config_set.php (working copy)
@@ -26,7 +26,8 @@
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
-
+ helper_ensure_post();
+
$f_user_id = gpc_get_int( 'user_id' );
$f_project_id = gpc_get_int( 'project_id' );
$f_config_option = gpc_get_string( 'config_option' );
Index: proj_doc_update.php
===================================================================
--- proj_doc_update.php (revision 5116)
+++ proj_doc_update.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'file_api.php' );
+ helper_ensure_post();
+
# Check if project documentation feature is enabled.
if ( OFF == config_get( 'enable_project_documentation' ) ||
!file_is_uploading_enabled() ||
Index: account_prof_delete.php
===================================================================
--- account_prof_delete.php (revision 5116)
+++ account_prof_delete.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,24 +20,22 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# The specified profile is deleted and the user is redirected to
# account_prof_menu_page.php3
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'profile_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
-?>
-<?php
+
$f_profile_id = gpc_get_int( 'profile_id' );
if ( profile_is_global( $f_profile_id ) ) {
Index: manage_proj_create.php
===================================================================
--- manage_proj_create.php (revision 5116)
+++ manage_proj_create.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'project_hierarchy_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'create_project_threshold' ) );
Index: manage_config_work_threshold_set.php
===================================================================
--- manage_config_work_threshold_set.php (revision 5116)
+++ manage_config_work_threshold_set.php (working copy)
@@ -26,6 +26,8 @@
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'email_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$t_redirect_url = 'manage_config_work_threshold_page.php';
Index: bugnote_set_view_state.php
===================================================================
--- bugnote_set_view_state.php (revision 5116)
+++ bugnote_set_view_state.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,19 +20,18 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Set an existing bugnote private or public.
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'bugnote_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bugnote_id = gpc_get_int( 'bugnote_id' );
$f_private = gpc_get_bool( 'private' );
Index: manage_config_columns_reset.php
===================================================================
--- manage_config_columns_reset.php (revision 5116)
+++ manage_config_columns_reset.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -27,6 +27,8 @@
require_once( $t_core_path . 'config_api.php' );
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
auth_reauthenticate();
Index: set_project.php
===================================================================
--- set_project.php (revision 5116)
+++ set_project.php (working copy)
@@ -20,15 +20,15 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_project_id = gpc_get_string( 'project_id' );
$f_make_default = gpc_get_bool ( 'make_default' );
$f_ref = gpc_get_string( 'ref', '' );
Index: account_prof_make_default.php
===================================================================
--- account_prof_make_default.php (revision 5116)
+++ account_prof_make_default.php (working copy)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev@lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,24 +20,22 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Make the specified profile the default
# Redirect to account_prof_menu_page.php
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
-?>
-<?php
+
$f_profile_id = gpc_get_int( 'profile_id' );
current_user_set_pref( 'default_profile', $f_profile_id );
Index: manage_proj_ver_copy.php
===================================================================
--- manage_proj_ver_copy.php (revision 5116)
+++ manage_proj_ver_copy.php (working copy)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'version_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
| ||||
 |
A patch to verify that action pages are accessed using POST is attached. |
 |
The patch looks good. Here are some minor comments:
|
|
|
A patch to verify that action pages are accessed using POST is attached. |
|
|
fixed in SVN r5134 |
|
|
fixed in SVN r5134 |
|
|
changed to add token based verification in svn revision 5250 |
|
|
fix reverted in SVN |
 |
New fix commited to 1.1.2 in SVN r5290, and trunk 1.2.x in SVN r5292. |
 |
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2276 to this. |
|
|
making it public. This is CVE-2008-2276 |
|
MantisBT: master-1.1.x 4b9b2fff 2008-05-22 10:34 Details Diff |
Implemented form security validation API. Affects bug 0008975. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@5287 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
Affected Issues 0008975 |
|
| add - core/form_api.php | Diff File | ||
| mod - core/session_api.php | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
|
MantisBT: master 77d93349 2008-05-22 10:48 Details Diff |
Implemented form security validation API. Affects bug 0008975. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5288 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
Affected Issues 0008975 |
|
| mod - core/session_api.php | Diff File | ||
| add - core/form_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
|
MantisBT: master-1.1.x 70076d63 2008-05-22 13:44 Details Diff |
Fix 0008975: CSRF Vulnerabilities in user_create This process will be rolled out in pieces to the rest of Mantis (and the 1.2.x trunk) as chances permit. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@5290 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
Affected Issues 0008975 |
|
| mod - manage_user_create_page.php | Diff File | ||
| mod - manage_user_create.php | Diff File | ||
|
MantisBT: master d0994d58 2008-05-22 13:44 Details Diff |
Fix 0008975: CSRF Vulnerabilities in user_create This process will be rolled out in pieces to the rest of Mantis (and the 1.2.x trunk) as chances permit. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5292 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
Affected Issues 0008975 |
|
| mod - manage_user_create_page.php | Diff File | ||
| mod - manage_user_create.php | Diff File | ||
