| Anonymous | Login | Signup for a new account | 2010-02-09 06:49 EST |  |
| Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories |
| View Issue Details [ Jump to Notes ] [ Wiki ] [ Related Changesets ] | [ Issue History ] [ Print ] | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |
| 0009713 | mantisbt | authentication | public | 2008-10-20 04:17 | 2010-01-12 10:32 | |
| Reporter | schoenfeld | |||||
| Assigned To | jreese | |||||
| Priority | high | Severity | crash | Reproducibility | always | |
| Status | closed | Resolution | fixed | |||
| Platform | OS | OS Version | ||||
| Product Version | 1.1.4 | |||||
| Target Version | Fixed in Version | 1.1.5 | ||||
| Summary | 0009713: Users are unable to confirm registration | |||||
| Description | If I add a new user, for example "blubb", and after that open the confirmation URL in my browser (after logging out from my previous mantis session) and I then try to set a password I get a message: Invalid form security token. Did you submit the form twice by accident? and are therefore unable to change the password. This effectively renders user registration unusable and is therefore a high severity. | |||||
| Tags | No tags attached. | |||||
| Attached Files | ||||||
|
 Users sponsoring this issue |
|
| Sponsors List |
Total Sponsorship = US$ 20 2008-11-05 08:09: tmatijas (US$ 20) |
|
 Users sponsoring this issue (Total Sponsorship = US$ 20) |
|
Relationships |
|||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
|
Relationships |
|
Notes |
|
 (0019594)polzin (reporter) 2008-10-20 06:42 |
The same problem here! It can also be reproduced by "reset password". Additionally, if mantis is currently in a session when opening the password-reset/account-registration link, the following warings are displayed: "SYSTEM WARNING: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session SYSTEM WARNING: Cannot modify header information - headers already sent by (output started at [xxx]/core/error_api.php:166) " |
 (0019598)jreese (administrator) 2008-10-20 10:20 |
Sorry, I missed porting the 1.2.x fixes back to 1.1.x. This is fixed now in SVN 1.1.x r5700 and r5701. |
|
(0019600) polzin (reporter) 2008-10-20 11:05 |
Can you say, when 1.1.5 will be distributed? I would like to avoid the effort of backporting r5701. |
|
(0019601) jreese (administrator) 2008-10-20 11:17 |
Also needed: for SVN 1.1.x, r5702; for SVN trunk, r5703. |
 (0019608)seiji (reporter) 2008-10-20 18:25 |
If someone gets session id "XXX" and go to http://www.mantisbt.org/bugs/view?id=9713& [^]session_id=XXX, then is session hijacked? |
|
(0019610) jreese (administrator) 2008-10-20 19:08 |
Yes, although in current form, session hijacking was always possible through use of forged cookies, but there are currently no security risks for this, as no authentication information or state is yet stored in the session. However, I already have started work on another patch that will prevent against hijacking by tracking last IP address. For now though, hijacked sessions pose no security risks, simply because they are only used for storing CSRF tokens, in which case a hijacked session is of no benefit to an attacker. |
|
(0019612) seiji (reporter) 2008-10-20 23:53 |
Certainly, session hijack is no benefit. By the way, verify.php 46L, session_regenerate_id() -> session_regenerate_id(); I think following notice will occuer in L47. "Notice: A session had already been started - ignoring session_start() in XXX" because session had not been destoryed when the user had not authenticated. |
 (0019783)tmatijas (reporter) 2008-11-05 08:21 |
OK - Nothing I did in these notes worked. I am using windows vista test machine and running iis7 sp1 and apache 2.5x.. mysql 5.x.. Version 1.1.1 user registartion and password through email hash link works fine. Version 1.1.4 will not work. I tried debuging and replacing files from 1.1.1 to 1.1.4 but the developers changed a few things namely sessions.php. However, I signed up for this user account specially to let you all know I found a work around that will at least help those that cannot find a solution. Put a meta refresh (and javascript forward script) in the verify file and point it to account_page.php... For some reason the hash needs to reload for updates to take place and avoid Application error #2800. Here is the code I use: 1. IN THE BEGINNING OF FILE JUST BEFORE "<?PHP", ADD THE FOLLOWING: <META HTTP-EQUIV="REFRESH" CONTENT = "0; URL=account_page.php"> <SCRIPT LANGUAGE="JavaScript"> function redirect() { window.location = "account_page.php" } setTimeout("redirect();", 1) </SCRIPT> Note: Meta content num values are seconds. i.e. 0 = 0 seconds, 1 = 1 second so on.. Note2: Javascript num values are miliseconds. i.e. 100 = 1 second, 200 = 2 seconds and so on. Ok, I also added this code with echo response toward end of script. Better safe than sorry. 2. AT THE END OF THE FILE AND JUST BEFORE THE CLOSE PHP "?>", ADD THE FOLLOWING: echo ' <META HTTP-EQUIV="REFRESH" CONTENT = "1; URL=account_page.php"> '; echo ' <SCRIPT LANGUAGE="JavaScript"> '; echo ' function redirect() '; echo ' { '; echo ' window.location = "account_page.php" '; echo ' } '; echo ' setTimeout("redirect();", 100) '; echo ' </SCRIPT> '; Hope this helps. P.S. Developers, these are marked as resolved yet the problem still exists. Please reopen this ticket. |
|
(0019785) polzin (reporter) 2008-11-05 09:00 |
I patched mantis to disable the "Did you submit the form twice by accident?" error-message. The session handling seems so buggy to me, that I think it was not a good decision to ship a release of mantis with it. :-( |
|
(0019802) jreese (administrator) 2008-11-07 10:46 |
@tmatijas: this issue is already fixed in the development tree. There is no need to re-open this. We will try to get 1.1.5 released as soon as we can make sure that it does not have other bugs in it. |
 (0019865)plegall (reporter) 2008-11-13 05:05 |
Same problem. Here is what I've done to fix the problem: [code]$ svn diff -r5692:5723 https://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0/mantisbt [^] > /tmp/5692to5723.diff $ svn diff -r5729:HEAD https://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0/mantisbt [^] > /tmp/5729toHEAD.diff $ cd /path/to/my/mantis1.1.4 $ patch -p0 < /tmp/5692to5723.diff $ patch -p0 < /tmp/5729toHEAD.diff[/code] I wanted to avoid revisions between 5724 and 5728 because they were only about localizations (I use only the english strings) and were bringing many changes (useless to fix this bug). Such commands are not easy to apply, so I hope Mantis team will soon provide 1.1.5 |
 (0019917)lolka_bolka (reporter) 2008-11-17 11:43 |
jreese: great to know, it will be fixed in a future version, just there is only a latest stable version at the download page, so no information for a simple user how to fix it. it took me a half an hour to search this information in a forum. maybe you should write this at the download page: 1) download svn 2) $ svn diff -r5692:5723 https://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0/mantisbt [^] [^] > /tmp/5692to5723.diff $ svn diff -r5729:HEAD https://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0/mantisbt [^] [^] > /tmp/5729toHEAD.diff $ cd /path/to/my/mantis1.1.4 $ patch -p0 < /tmp/5692to5723.diff $ patch -p0 < /tmp/5729toHEAD.diff |
|
Notes |
| Related Changesets |
|||
|
MantisBT: master 49cc4590 Timestamp: 2008-10-21 15:31:17 Author: jreese [ Details ] [ Diff ] |
Added code to help prevent session hijacking. Affects issue 0009713. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5707 [^] /?p=mantisbt.git;a=object;h=f5dc347c-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - lang/strings_english.txt | [ Diff ] [ File ] | ||
| mod - core/session_api.php | [ Diff ] [ File ] | ||
| mod - core/constant_inc.php | [ Diff ] [ File ] | ||
|
MantisBT: master-1.1.x eb71dca0 Timestamp: 2008-10-21 15:30:30 Author: jreese [ Details ] [ Diff ] |
Added code to help prevent session hijacking. Affects issue 0009713. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@5706 [^] /?p=mantisbt.git;a=object;h=f5dc347c-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - lang/strings_english.txt | [ Diff ] [ File ] | ||
| mod - core/session_api.php | [ Diff ] [ File ] | ||
| mod - core/constant_inc.php | [ Diff ] [ File ] | ||
|
MantisBT: master be08bb89 Timestamp: 2008-10-20 15:16:28 Author: jreese [ Details ] [ Diff ] |
Really fix 0009713: Allow session ID to be passed via form and forced at next page load. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5703 [^] /?p=mantisbt.git;a=object;h=f5dc347c-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - account_page.php | [ Diff ] [ File ] | ||
| mod - core/session_api.php | [ Diff ] [ File ] | ||
| mod - verify.php | [ Diff ] [ File ] | ||
|
MantisBT: master-1.1.x 85bb6130 Timestamp: 2008-10-20 15:15:04 Author: jreese [ Details ] [ Diff ] |
Really fix 0009713: Allow session ID to be passed via form and forced at next page load. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@5702 [^] /?p=mantisbt.git;a=object;h=f5dc347c-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - core/session_api.php | [ Diff ] [ File ] | ||
| mod - account_page.php | [ Diff ] [ File ] | ||
| mod - verify.php | [ Diff ] [ File ] | ||
| Related Changesets |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-10-20 04:17 | schoenfeld | New Issue | |
| 2008-10-20 04:17 | schoenfeld | version | => 1.1.4 |
| 2008-10-20 06:42 | polzin | Note Added: 0019594 | |
| 2008-10-20 06:43 | polzin | Issue Monitored: polzin | |
| 2008-10-20 07:11 | atrol | Issue Monitored: atrol | |
| 2008-10-20 10:20 | jreese | Note Added: 0019598 | |
| 2008-10-20 10:20 | jreese | Status | new => resolved |
| 2008-10-20 10:20 | jreese | Fixed in Version | => 1.1.5 |
| 2008-10-20 10:20 | jreese | Resolution | open => fixed |
| 2008-10-20 10:20 | jreese | Assigned To | => jreese |
| 2008-10-20 11:05 | polzin | Note Added: 0019600 | |
| 2008-10-20 11:17 | jreese | Note Added: 0019601 | |
| 2008-10-20 11:24 | jreese | Relationship added | related to 0009692 |
| 2008-10-20 13:16 | jreese | Relationship added | has duplicate 0009718 |
| 2008-10-20 16:45 | Changeset attached | master ddbb3444 => | |
| 2008-10-20 18:25 | seiji | Note Added: 0019608 | |
| 2008-10-20 19:08 | jreese | Note Added: 0019610 | |
| 2008-10-20 20:19 | Changeset attached | master-1.1.x cc937cbc => | |
| 2008-10-20 23:53 | seiji | Note Added: 0019612 | |
| 2008-10-21 06:49 | seiji | Issue Monitored: seiji | |
| 2008-10-21 10:07 | jreese | Relationship added | has duplicate 0009722 |
| 2008-10-21 11:32 | Changeset attached | master 10dcd89a => | |
| 2008-10-21 11:33 | Changeset attached | master-1.1.x 9557b95b => | |
| 2008-10-28 15:28 | Changeset attached | master-1.1.x 5e76fe62 => | |
| 2008-10-28 15:29 | Changeset attached | master-1.1.x 2782a2ea => | |
| 2008-10-30 10:55 | jreese | Relationship added | has duplicate 0009764 |
| 2008-11-05 08:09 | tmatijas | Issue Monitored: tmatijas | |
| 2008-11-05 08:09 | tmatijas | Sponsorship Added | tmatijas: US$ 20 |
| 2008-11-05 08:09 | tmatijas | Sponsorship Total | 0 => 20 |
| 2008-11-05 08:21 | tmatijas | Note Added: 0019783 | |
| 2008-11-05 09:00 | polzin | Note Added: 0019785 | |
| 2008-11-07 10:46 | jreese | Note Added: 0019802 | |
| 2008-11-10 11:43 | jreese | Relationship added | has duplicate 0009797 |
| 2008-11-11 08:32 | jreese | Changeset attached | master 49cc4590 => |
| 2008-11-11 08:32 | jreese | Changeset attached | master be08bb89 => |
| 2008-11-11 08:45 | jreese | Changeset attached | master 49cc4590 => |
| 2008-11-11 08:45 | jreese | Changeset attached | master be08bb89 => |
| 2008-11-11 09:03 | jreese | Changeset attached | master-1.1.x eb71dca0 => |
| 2008-11-11 09:03 | jreese | Changeset attached | master-1.1.x 85bb6130 => |
| 2008-11-13 05:05 | plegall | Note Added: 0019865 | |
| 2008-11-14 04:47 | AshOfPhoenix | Issue Monitored: AshOfPhoenix | |
| 2008-11-17 11:33 | jreese | Relationship added | has duplicate 0009822 |
| 2008-11-17 11:43 | lolka_bolka | Note Added: 0019917 | |
| 2008-11-21 16:08 | jreese | Status | resolved => closed |
| 2010-01-12 10:32 | monecke | Issue Monitored: monecke | |
|
Issue History |
| MantisBT 1.2.0rc2 git live[^]
Copyright © 2000 - 2010 MantisBT Group
Time: 0.2640 seconds. memory usage: 1,968 KB |
 |