MantisBT: master-2.24 9de20c09
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master-2.24 | 2020-09-12 12:21 | master-2.24 5595c90f |
Affected Issues | 0027039: CVE-2020-25781: Access to private bug note attachments | |||
Changeset | Check ability to download attachments at bugnote level This prevents users authorized to download attachments but not to view Includes some minor code cleanup in file_get_visible_attachments():
Fixes 0027039 |
|||
mod - core/file_api.php | Diff File | |||
mod - file_download.php | Diff File |