From 52018acd62058d40bcec0b0d1f5f3ee32c856ad2 Mon Sep 17 00:00:00 2001 From: Roland Becker Date: Wed, 28 Aug 2019 11:39:42 +0200 Subject: [PATCH] Prevent arbitrary command execution of Mantis Administrators Fixes #26091 --- config_defaults_inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config_defaults_inc.php b/config_defaults_inc.php index 6dc188dd6..516cd520e 100644 --- a/config_defaults_inc.php +++ b/config_defaults_inc.php @@ -4361,7 +4361,7 @@ $g_global_settings = array( 'ldap_simulation_file_path', 'plugin_path', 'bottom_include_page', 'top_include_page', 'default_home_page', 'logout_redirect_page', 'manual_url', 'logo_url', 'wiki_engine_url', 'cdn_enabled', 'public_config_names', 'email_login_enabled', 'email_ensure_unique', - 'impersonate_user_threshold', 'email_retry_in_days' + 'impersonate_user_threshold', 'email_retry_in_days', 'neato_tool', 'dot_tool' ); /** -- 2.21.0.windows.1