Source Control Integration

Author	Committer	Branch	Timestamp	Parent
atrol	dregad	master	2015-12-23 09:32	master 1dbaeaf3
Affected Issues	0020277: CVE-2014-9759: SOAP API can be used to disclose confidential settings
Changeset	Implement a white list of options accessible via SOAP API This is a safer approach than the previous blacklist method, which could potentially allow confidential information disclosure if a config were added or renamed without a matching change in config_is_private() function. Fixes 0020277 Original commit modified: comments and commit message wording. Signed-off-by: Damien Regad dregad@mantisbt.org
	mod - config_defaults_inc.php			Diff File
	mod - core/config_api.php			Diff File
	mod - docbook/Admin_Guide/en-US/config/settings.xml			Diff File