View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0030922 | mantisbt | bugtracker | public | 2022-08-24 17:20 | 2023-02-22 19:21 |
Reporter | ChrisG | Assigned To | community | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Target Version | 2.25.6 | Fixed in Version | 2.25.6 | ||
Summary | 0030922: Browser extensions may trigger automatic bug monitoring | ||||
Description | Browsers/extensions may pre-load any GET URL, including from forms. GET is specified as read-only. | ||||
Additional Information | Pull request is here https://github.com/mantisbt/mantisbt/pull/1842 | ||||
Tags | No tags attached. | ||||
MantisBT: master-2.25 94520849 2022-08-11 14:50 Committer: dregad Details Diff |
Form should be a POST not a GET Using GET in Bug Monitor Add form on view.php, may cause bugs viewed by user to be auto-monitored because browsers/extensions may pre-load any GET URL, including from forms; GET is specified as read-only. Fixes 0030922, PR https://github.com/mantisbt/mantisbt/pull/1842 Signed-off-by: Damien Regad <dregad@mantisbt.org> Changes to original submission: improved commit message |
Affected Issues 0030922 |
|
mod - bug_view_inc.php | Diff File |