MantisBT: master-1.2.x e074efde

Author Committer Branch Timestamp Parent
dregad dregad master-1.2.x 2013-09-14 00:38 master-1.2.x 68937db4
Affected Issues  0015258: CVE-2013-1811 Reporter can change issue status to 'new'
 0016376: Not able to change status without having update issue rights
Changeset

Use correct threshold for display of Change status list+button

Fix for issue 0015258 introduced a check for 'update_bug_threshold' to
prevent unauthorized users from changing issue status.

This was not the correct config setting to use, the right one is
'update_bug_status_threshold'.

Fixes 0016376

mod - core/html_api.php Diff File