View Issue Details

IDProjectCategoryView StatusLast Update
0028533mantisbtbugtrackerpublic2021-06-05 10:37
Reporterdregad Assigned Todregad  
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Target Version2.26.0Fixed in Version2.26.0 
Summary0028533: print_form_button() generates bad security token name for plugin action page
Description

When print_form_button() is called with a plugin page (as generated by plugin_page() API) as action, the generated form security field is not valid.

For example:

print_form_button( plugin_page( 'detach' ), plugin_lang_get( 'detach' ) );

The security field looks like this:

<input type="hidden" name="/mantis/plugin_token" value="xxxx">

It should be

<input type="hidden" name="plugin_Source_detach_token" value="xxxx">
TagsNo tags attached.

Activities

Related Changesets

MantisBT: master a98bd520

2021-05-12 13:20:40

dregad

Details Diff
Fix security token field name for plugin pages

When print_form_button() was called with a plugin page (as generated by
the plugin_page() API function) as p_action_page parameter, the form
security field's name is not valid.

We now detect whether $p_action_page is a plugin page (i.e. script name
is 'plugin.php') and if so generate a valid security token name from the
'page' parameter.

Fixes 0028533
Affected Issues
0028533
mod - core/print_api.php Diff File