MantisBT: master-2.28 75b10b39

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.28 2026-04-11 18:49 master-2.28 fa2c797d
Affected Issues  0037011: CVE-2026-40596: XSS leading to account takeover via updating a user's font family preference
 0037130: login_password_page.php: CSRF validation fails when called via auth_reauthenticate() (since 2.28.2)
Changeset

Add CSRF protection to login process

Improves security, reducing risk of a vulnerability escalating its
impact.

As recommended by @siunam in Issue 0037011.
mod - login.php Diff File
mod - login_page.php Diff File
mod - login_password_page.php Diff File