Changesets: MantisBT
|
master-1.2.x 53428442 2009-12-03 08:57 Details Diff |
Fix 0011253: Projection column not shown correctly |
Affected Issues 0011253 |
|
| mod - core/columns_api.php | Diff File | ||
|
master 09b1691c 2009-12-03 08:57 Details Diff |
Fix 0011253: Projection column not shown correctly |
Affected Issues 0011253 |
|
| mod - core/columns_api.php | Diff File | ||
|
master-1.2.x 5c05c074 2009-12-01 22:13 Details Diff |
Fixes 0011099: Signup email notifications are not encoded correctly. |
Affected Issues 0011099 |
|
| mod - core/email_api.php | Diff File | ||
|
master 0dc5580d 2009-12-01 22:13 Details Diff |
Fixes 0011099: Signup email notifications are not encoded correctly. |
Affected Issues 0011099 |
|
| mod - core/email_api.php | Diff File | ||
|
master-1.2.x 2515b365 2009-12-01 06:44 Details Diff |
Fix 0011223: RSS image has execute permission bits set /images/rss.png has the execute permission bits set incorrectly. Thanks to cor3huis for reporting this bug. |
Affected Issues 0011223 |
|
|
master e95b87a3 2009-12-01 06:44 Details Diff |
Fix 0011223: RSS image has execute permission bits set /images/rss.png has the execute permission bits set incorrectly. Thanks to cor3huis for reporting this bug. |
Affected Issues 0011223 |
|
|
master-1.2.x d55a7f24 2009-12-01 04:49 Details Diff |
Fix 0011247: XSS in various management pages (project names) A project name containing "<script>alert(42);</script>" would result in XSS vulnerabilities in adm_config_report.php and manage_custom_field_edit_page.php due to unsanitised project names being printed directly to HTML output. |
Affected Issues 0011247 |
|
| mod - core/print_api.php | Diff File | ||
| mod - adm_config_report.php | Diff File | ||
|
master 403cd6c1 2009-12-01 04:49 Details Diff |
Fix 0011247: XSS in various management pages (project names) A project name containing "<script>alert(42);</script>" would result in XSS vulnerabilities in adm_config_report.php and manage_custom_field_edit_page.php due to unsanitised project names being printed directly to HTML output. |
Affected Issues 0011247 |
|
| mod - adm_config_report.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
|
master-1.2.x ccae795a 2009-12-01 04:32 Details Diff |
Fix 0011246: XSS bug in category dropdown selector If a category name contains "<script>alert(42);</script>" then it would result in a XSS vulnerability whenever a category dropdown list was printed. This applies to pages such as bug reporting, updating a bug, etc. |
Affected Issues 0011246 |
|
| mod - core/print_api.php | Diff File | ||
|
master 98f63cf5 2009-12-01 04:32 Details Diff |
Fix 0011246: XSS bug in category dropdown selector If a category name contains "<script>alert(42);</script>" then it would result in a XSS vulnerability whenever a category dropdown list was printed. This applies to pages such as bug reporting, updating a bug, etc. |
Affected Issues 0011246 |
|
| mod - core/print_api.php | Diff File | ||
|
master-1.2.x b4b275a5 2009-12-01 03:24 Details Diff |
Fix 0011245: Sanitise project name in print_column_category_id() If a project name contains "<script>alert(42);</script>" then due to lack of sanitisation, a XSS vulnerability existed whenever the category column was printed with the bad project name included. |
Affected Issues 0011245 |
|
| mod - core/columns_api.php | Diff File | ||
|
master 141cbe6e 2009-12-01 03:24 Details Diff |
Fix 0011245: Sanitise project name in print_column_category_id() If a project name contains "<script>alert(42);</script>" then due to lack of sanitisation, a XSS vulnerability existed whenever the category column was printed with the bad project name included. |
Affected Issues 0011245 |
|
| mod - core/columns_api.php | Diff File | ||
|
master-1.2.x df0a5af4 2009-12-01 02:45 Details Diff |
Fix 0011244: XSS on change log and roadmap pages (project names) If a project name is changed to contain "<script>alert(42);</script>" then viewing the road map or change log pages will result in a Javascript alert message appearing. This shows that an XSS flaw exists due to a lack of sanitisation of the project name. |
Affected Issues 0011244 |
|
| mod - changelog_page.php | Diff File | ||
| mod - roadmap_page.php | Diff File | ||
| mod - core/custom_function_api.php | Diff File | ||
|
master 96ab63b6 2009-12-01 02:45 Details Diff |
Fix 0011244: XSS on change log and roadmap pages (project names) If a project name is changed to contain "<script>alert(42);</script>" then viewing the road map or change log pages will result in a Javascript alert message appearing. This shows that an XSS flaw exists due to a lack of sanitisation of the project name. |
Affected Issues 0011244 |
|
| mod - changelog_page.php | Diff File | ||
| mod - roadmap_page.php | Diff File | ||
| mod - core/custom_function_api.php | Diff File | ||
|
master-1.2.x b66d1b04 2009-12-01 02:28 Details Diff |
Fix 0011243: XSS on view_all_bug_page.php due to bad sanitising defaults Columns on view_all_bug_page.php are not sanitised by default when there is no special function defined for formatting and printing the column value. This leads to a problem where a column such as 'version' can introduce an XSS flaw when a malicious user has the ability to create their own versions containing Javascript. For columns with existing printing/formatting functions, these have been improved with the use of string sanitisation where applicable. |
Affected Issues 0011243 |
|
| mod - core/custom_function_api.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
|
master be4dbbf8 2009-12-01 02:28 Details Diff |
Fix 0011243: XSS on view_all_bug_page.php due to bad sanitising defaults Columns on view_all_bug_page.php are not sanitised by default when there is no special function defined for formatting and printing the column value. This leads to a problem where a column such as 'version' can introduce an XSS flaw when a malicious user has the ability to create their own versions containing Javascript. For columns with existing printing/formatting functions, these have been improved with the use of string sanitisation where applicable. |
Affected Issues 0011243 |
|
| mod - core/custom_function_api.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
|
master-1.2.x 9c0f46d6 2009-12-01 01:39 Details Diff |
Fix 0011234: Validate user name and email on account_page.php manage_user_edit_page.php correctly validates the real name and email address of user accounts that are updated by managers/admins. However, the user account update page (account_page.php) doesn't perform these validation checks, allowing users to set their real name and email address to invalid and potentially unsafe strings. |
Affected Issues 0011234 |
|
| mod - account_update.php | Diff File | ||
|
master 0789144e 2009-12-01 01:39 Details Diff |
Fix 0011234: Validate user name and email on account_page.php manage_user_edit_page.php correctly validates the real name and email address of user accounts that are updated by managers/admins. However, the user account update page (account_page.php) doesn't perform these validation checks, allowing users to set their real name and email address to invalid and potentially unsafe strings. |
Affected Issues 0011234 |
|
| mod - account_update.php | Diff File | ||
|
master-1.2.x 868c1d6c 2009-12-01 01:34 Details Diff |
Fix 0011242: XSS on manage_proj_edit_page.php with user Real Name field Categories that are assigned to users whose names contain "<script>alert(42);</script>" will cause a XSS bug on manage_proj_edit_page.php. The user real name needs to be sanitised before being printed. |
Affected Issues 0011242 |
|
| mod - manage_proj_edit_page.php | Diff File | ||
|
master a77662d5 2009-12-01 01:34 Details Diff |
Fix 0011242: XSS on manage_proj_edit_page.php with user Real Name field Categories that are assigned to users whose names contain "<script>alert(42);</script>" will cause a XSS bug on manage_proj_edit_page.php. The user real name needs to be sanitised before being printed. |
Affected Issues 0011242 |
|
| mod - manage_proj_edit_page.php | Diff File | ||
|
master-1.2.x ee7ee6d4 2009-12-01 01:27 Details Diff |
Fix 0011241: XSS on manage_proj_page.php with user Real Name field Categories that are assigned to users whose names contain "<script>alert(42);</script>" will cause a XSS bug on manage_proj_page.php. The user real name needs to be sanitised before being printed. |
Affected Issues 0011241 |
|
| mod - manage_proj_page.php | Diff File | ||
|
master 0aeb2ea2 2009-12-01 01:27 Details Diff |
Fix 0011241: XSS on manage_proj_page.php with user Real Name field Categories that are assigned to users whose names contain "<script>alert(42);</script>" will cause a XSS bug on manage_proj_page.php. The user real name needs to be sanitised before being printed. |
Affected Issues 0011241 |
|
| mod - manage_proj_page.php | Diff File | ||
|
master-1.2.x 19409969 2009-12-01 01:16 Details Diff |
Fix 0011240: XSS on bug_revision_view_page.php with user Real Name field User real names aren't sanitised before display on bug_revision_view_page.php thus this leads to an XSS vulnerability. |
Affected Issues 0011240 |
|
| mod - bug_revision_view_page.php | Diff File | ||
|
master 71ade607 2009-12-01 01:16 Details Diff |
Fix 0011240: XSS on bug_revision_view_page.php with user Real Name field User real names aren't sanitised before display on bug_revision_view_page.php thus this leads to an XSS vulnerability. |
Affected Issues 0011240 |
|
| mod - bug_revision_view_page.php | Diff File | ||
|
master-1.2.x 67ed4313 2009-12-01 01:08 Details Diff |
Fix 0011239: XSS on view_user_page.php with user Real Name field User real names aren't sanitised before display on view_user_page.php thus this leads to an XSS vulnerability. |
Affected Issues 0011239 |
|
| mod - view_user_page.php | Diff File | ||
