MantisBT: master 57f57409

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master 2013-03-08 11:01 master 0c81929d
Affected Issues  0007586: generic configuration editor cannot 'EDIT' an option
 0015416: CVE-2013-1934: XSS issue in adm_config_report.php when displaying complex value
Changeset

Make it possible to edit config options in adm_config_report.php

Use CONFIG_TYPE_xxx constants instead of magic strings to define the
type of config value to process.

Added code for FLOAT type which was previously handled through COMPLEX.

Improve handling of INT (and FLOAT) by calling constant_replace(),
allowing user to specify a defined constant instead of a numeric value.

The 'Username', 'Project Name' and 'Configuration Option' fields in the
'Set Configuration Option' form are preset to the corresponding value
from the filter or defaulting to ALL_USERS, ALL_PROJECTS and blank
respectively if the filter is not defined or set to '[any]'. This allows
easier definition of related config, e.g. for a given project or user.

Port of 1.2.x commits

  • 8890b218892d56947e6ffe300d0186b1450d0481
  • 8b426cfc6c6ea7149beeafb352fa390dbf8c4624
  • 5858a659efe12743b4360da11e9320c7f6ac6e82

Fixes 0007586, 0015416
mod - adm_config_report.php Diff File
mod - adm_config_set.php Diff File
mod - core/constant_inc.php Diff File
mod - core/print_api.php Diff File