View Issue Details

IDProjectCategoryView StatusLast Update
0022064mantisbtjavascriptpublic2016-12-30 15:54
ReporterbadfilesAssigned Tocommunity 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.0.0 
Target Version2.0.0Fixed in Version2.0.0 
Summary0022064: datetime picker does not work if 'cdn_enabled' is ON
Description

core/http.php is missing script security header

also local files have an unneccessary execute attribute.

TagsNo tags attached.

Activities

dregad

dregad

2016-12-23 07:54

developer   ~0054822

I confirm the problem.

CSP does not include a script-src exception for cdnjs.cloudflare.com.

I did not notice it while testing, because the MantisGraph plugin adds an exception for it [1].

badfiles submitted a PR for this at https://github.com/mantisbt/mantisbt/pull/980

[1] https://github.com/mantisbt/mantisbt/blob/release-2.0.0-rc.2/plugins/MantisGraph/MantisGraph.php#L73

Related Changesets

MantisBT: master c1082530

2016-12-22 13:27:25

badfiles


Committer: dregad Details Diff
Fix datetimepicker's files handling

- add js hashes
- add missing security header
- drop execute permissions
- use specific version w/o cdn

Fixes 0022064

Signed-off-by: Damien Regad <dregad@mantisbt.org>
mod - core/constant_inc.php Diff File
mod - core/http_api.php Diff File
mod - core/layout_api.php Diff File

Issue History

Date Modified Username Field Change
2016-12-23 00:53 badfiles New Issue
2016-12-23 07:54 dregad Status new => confirmed
2016-12-23 07:54 dregad Note Added: 0054822
2016-12-24 04:59 dregad Changeset attached => MantisBT master c1082530
2016-12-24 04:59 dregad Assigned To => dregad
2016-12-24 04:59 dregad Status confirmed => resolved
2016-12-24 04:59 dregad Resolution open => fixed
2016-12-24 04:59 dregad Fixed in Version => 2.0.0
2016-12-24 05:36 dregad Product Version 2.0.0-rc.2 => 2.0.0
2016-12-24 05:36 dregad Target Version => 2.0.0
2016-12-24 05:37 dregad Assigned To dregad => community
2016-12-30 15:54 vboctor Status resolved => closed