Changesets: MantisBT
|
master d774b890 2014-10-30 19:58 Details Diff |
Fix token upgrade error If a user is already logged in and visits a page, then it may create a token using the json encoding. Then user goes to upgrade the php unserialize() fails. Now we check in case of php unserialize() failure that the token isn't a valid json token before erroring out. Fixes 0017806 |
Affected Issues 0017806 |
|
| mod - core/install_helper_functions_api.php | Diff File | ||
|
master-1.2.x e5fc835a 2014-10-30 15:29 Paul Richards Committer: dregad Details Diff |
Fix 0017876: XSS in copy_field.php This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017876 |
|
| mod - admin/copy_field.php | Diff File | ||
|
master 50237338 2014-10-30 15:00 Paul Richards Committer: dregad Details Diff |
Incorrect access check on attachment downloads Even if config variables $g_download_attachments_threshold and $g_view_attachments_threshold are set to 55 (developer), users with lower privileges can download attachments. Fixes 0017742 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017742 |
|
| mod - core/file_api.php | Diff File | ||
|
master-1.2.x 5f0b150b 2014-10-30 15:00 Paul Richards Committer: dregad Details Diff |
Incorrect access check on attachment downloads Even if config variables $g_download_attachments_threshold and $g_view_attachments_threshold are set to 55 (developer), users with lower privileges can download attachments. Fixes 0017742 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017742 |
|
| mod - core/file_api.php | Diff File | ||
|
master 7c7c2ac7 2014-10-30 14:53 Paul Richards Committer: dregad Details Diff |
DB Credentials leak in upgrade_unattended.php Retrieve credentials from Mantis system configuration instead of accepting them from POST parameters. This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. Fixes 0017877 [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017877 |
|
| mod - admin/upgrade_unattended.php | Diff File | ||
|
master 3bb2bee6 2014-10-30 14:43 Paul Richards Committer: dregad Details Diff |
Ensure username is valid in login_page.php This is a fix to improve the behaviour of login_page against possible XSS exploits to ensure that a username is valid before displaying it back to the user when entered. Fixes 0017338 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017338 |
|
| mod - login_page.php | Diff File | ||
|
master-1.2.x d6e16b6f 2014-10-30 14:43 Paul Richards Committer: dregad Details Diff |
Ensure username is valid in login_page.php This is a fix to improve the behaviour of login_page against possible XSS exploits to ensure that a username is valid before displaying it back to the user when entered. Fixes 0017338 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017338 |
|
| mod - login_page.php | Diff File | ||
|
master 6efa02f6 2014-10-30 14:40 Paul Richards Committer: dregad Details Diff |
Prevent unauthorized users setting handler when reporting issue Adding a security check to block the update when access level is insufficient. Fixes 0017878 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017878 |
|
| mod - bug_report.php | Diff File | ||
|
master-1.2.x b2f91c02 2014-10-30 14:40 Paul Richards Committer: dregad Details Diff |
Prevent unauthorized users setting handler when reporting issue Adding a security check to block the update when access level is insufficient. Fixes 0017878 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017878 |
|
| mod - bug_report.php | Diff File | ||
|
master-1.2.x 0bff06ec 2014-10-30 14:04 Paul Richards Committer: dregad Details Diff |
Fix 0017583: XSS in projax_api.php Offensive Security reported this issue via their bug bounty program [1]. The Projax library does not properly escape html strings. An attacker could take advantage of this to perform an XSS attack using the profile/Platform field. [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017583 |
|
| mod - core/projax_api.php | Diff File | ||
|
master ee419986 2014-10-30 08:01 Details Diff |
Added badge for Travis build health to readme file | ||
| mod - readme.md | Diff File | ||
|
master 5faf97ab 2014-10-30 06:31 Details Diff |
SQL injection in mc_project_get_attachments() This is a follow-up on CVE-2014-1609 / issue 0016880. Edwin Gozeling and Wim Visser from ITsec Security Services BV (http://www.itsec.nl) discovered that the fix in 0016880 did not fully address the problem. Their research demonstrate that using a specially crafted project id parameter, an attacker could still perform an SQL injection. The same issue was also reported by Paul Richards in issue 0017823. This patch fixes the problem by typecasting the Project ID parameter to Integer. Fixes 0017812, CVE-2014-8554 |
Affected Issues 0016880, 0017812, 0017823 |
|
| mod - api/soap/mc_project_api.php | Diff File | ||
|
master-1.2.x 99ffb0af 2014-10-30 06:31 Details Diff |
SQL injection in mc_project_get_attachments() This is a follow-up on CVE-2014-1609 / issue 0016880. Edwin Gozeling and Wim Visser from ITsec Security Services BV (http://www.itsec.nl) discovered that the fix in 0016880 did not fully address the problem. Their research demonstrate that using a specially crafted project id parameter, an attacker could still perform an SQL injection. The same issue was also reported by Paul Richards in issue 0017823. This patch fixes the problem by typecasting the Project ID parameter to Integer. Fixes 0017812, CVE-2014-8554 |
Affected Issues 0016880, 0017812, 0017823 |
|
| mod - api/soap/mc_project_api.php | Diff File | ||
|
master 747249b8 2014-10-29 19:27 Details Diff |
Merge pull request 0000515 from vboctor/Issue17658 Fix "Workflow Transitions" override marking |
||
| mod - manage_config_work_threshold_page.php | Diff File | ||
| mod - manage_config_workflow_page.php | Diff File | ||
| mod - manage_config_workflow_set.php | Diff File | ||
|
master 423a7752 2014-10-28 07:04 Details Diff |
Merge branch 'Issue16993_SoapHandlerCheck' | ||
| mod - api/soap/mc_issue_api.php | Diff File | ||
|
master 82120dbc 2014-10-27 09:56 Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_breton.txt | Diff File | ||
| mod - lang/strings_czech.txt | Diff File | ||
| mod - lang/strings_japanese.txt | Diff File | ||
|
master e9863188 2014-10-27 08:12 Details Diff |
Don't update user last visited on auto-refresh This change uses a refresh=true GET parameters on pages that auto-refresh. This way actions like the following only trigger on real user activity: User last visited (native) Google Analytics (plugin). There could be other cases, but these cases demonstrate the need. Fixes 0017752 |
Affected Issues 0017752 |
|
| mod - core/html_api.php | Diff File | ||
| mod - my_view_page.php | Diff File | ||
| mod - view_all_bug_page.php | Diff File | ||
|
master f5bd6a59 2014-10-26 19:46 Rafik Robeal Details Diff |
Fix layout in summary page when there is no submenu | ||
| mod - account_page.php | Diff File | ||
| mod - account_prof_menu_page.php | Diff File | ||
| mod - core/html_api.php | Diff File | ||
| mod - manage_config_workflow_page.php | Diff File | ||
| mod - summary_page.php | Diff File | ||
|
master 26cd8c7c 2014-10-26 00:24 Details Diff |
Fix basic auth for soap This is a modified version of the suggestion by neowizdom on the bug. Fixes 0017455 |
Affected Issues 0017455 |
|
| mod - core/authentication_api.php | Diff File | ||
|
master 481ba094 2014-10-25 23:31 Details Diff |
Show time tracking on print issue page This change includes the following fixes: - Use bugnote API in print issue page. - Add time tracking information in print issue page. - Use bold for both reminders and time tracking, rather than one bold and one italics. - Remove fixup of bugnote type to TIME_TRACKING in API rather than in calling code. Fixes 0017410 |
Affected Issues 0017410 |
|
| mod - bugnote_view_inc.php | Diff File | ||
| mod - core/bugnote_api.php | Diff File | ||
| mod - print_bugnote_inc.php | Diff File | ||
|
master 1c1c29eb 2014-10-25 21:58 Details Diff |
Hide news permissions when disabled The news related permissions should be hidden when the feature is disabled. |
||
| mod - adm_permissions_report.php | Diff File | ||
|
master 9eb242a7 2014-10-25 21:16 Details Diff |
Fix showing of workflow transitions The workflow transition were not being shown due to accessing the wrong variables when rendering the page. Fixes 0017658 |
Affected Issues 0017658 |
|
| mod - manage_config_workflow_page.php | Diff File | ||
|
master 3b6cc00c 2014-10-25 21:14 Details Diff |
Fix php error for undefined t_workflow variable | ||
| mod - manage_config_workflow_set.php | Diff File | ||
|
master 903aab1a 2014-10-25 19:13 Rafik Robeal Details Diff |
Show 'Upgrade your instance' tab in admin index page when applicable. | ||
| mod - core/html_api.php | Diff File | ||
|
master fd0c1188 2014-10-25 18:39 Rafik Robeal Details Diff |
Add config defaults missed from latest merge | ||
| mod - config_defaults_inc.php | Diff File | ||
