Source Control Integration - MantisBT - Signup temporarily disabled due to spam

Author	Committer	Branch	Timestamp	Parent
dregad	dregad	master-1.2.x	2012-06-03 11:29	master-1.2.x 56542529
Affected Issues	0014340: CVE-2012-2691 Reporters can update notes of other users by using SOAP API
Changeset	mc_issue_note_update passing wrong param to access check function Commit edc8142bb8ac0ac0df1a3824d78c15f4015d959e introduced proper logic to avoid unauthorized update of bugnotes, but was passing incorrect parameters to access_has_bugnote_level() so unprivileged users could still update them. Fixes 0014340
Changeset	mod - api/soap/mc_issue_api.php			Diff File