View Issue Details

IDProjectCategoryView StatusLast Update
0027299mantisbtcode cleanuppublic2020-09-25 14:53
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Target Version2.24.3Fixed in Version2.24.3 
Summary0027299: Remove code duplication in File API
Description

file_can_view_bug_attachments() and file_can_download_bug_attachments() have nearly identical code, the only difference being the names of the configs.

A new function should be added to avoid code duplication.

TagsNo tags attached.

Relationships

related to 0027039 closeddregad CVE-2020-25781: Access to private bug note attachments 

Activities

dregad

dregad

2020-09-19 10:27

developer   ~0064453

Last edited: 2020-09-19 10:27

View 2 revisions

Targeting 2.24.3 as this is a prerequisite to fix 0027039.

Related Changesets

MantisBT: master-2.24 90b83956

2020-09-12 16:04:18

dregad

Details Diff
New file_can_view_or_download() function

file_can_view_bug_attachments() and file_can_download_bug_attachments()
have nearly identical code, the only difference being the names of the
configs.

Adding a new internal File API function to avoid code duplication.

Fixes 0027299
Affected Issues
0027299
mod - core/file_api.php Diff File

Issue History

Date Modified Username Field Change
2020-09-19 10:26 dregad New Issue
2020-09-19 10:26 dregad Status new => assigned
2020-09-19 10:26 dregad Assigned To => dregad
2020-09-19 10:27 dregad Note Added: 0064453
2020-09-19 10:27 dregad Note Edited: 0064453 View Revisions
2020-09-19 10:27 dregad Relationship added related to 0027039
2020-09-25 13:27 dregad Changeset attached => MantisBT master-2.24 90b83956
2020-09-25 13:27 dregad Status assigned => resolved
2020-09-25 13:27 dregad Resolution open => fixed
2020-09-25 13:27 dregad Fixed in Version => 2.24.3
2020-09-25 14:53 dregad Status resolved => closed