MantisBT: master-2.27 0033f11c

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.27 2025-10-19 10:01 master-2.27 bb8dd10b
Affected Issues  0036005: CVE-2025-55155: Lack of verification when changing a user's email address
Changeset

Use 'realname' instead of 'real_name' for internal

  • real_name is used for end-user facing APIs (typically in REST and
    SOAP payloads or returned data).
  • realname is used internally in MantisBT core, because this is the
    actual column name in the user table.

When updating a user, the Command is talking to the core api, so the
data structure should use the internal name.

Issue 0036005
mod - core/commands/UserUpdateCommand.php Diff File
mod - core/email_api.php Diff File