MantisBT: master-2.5 d6d7dc2d

Author Committer Branch Timestamp Parent
dregad dregad master-2.5 2017-08-03 16:54:04 master-2.5 c73ae3d3
Affected Issues  0023173: CVE-2017-12419: Arbitrary File Read inside install.php script
 0023179: Login page no longer warns about 'admin' directory being present
 0023185: Improve doc and notifications when admin dir is present (CVE-2017-12419)
Changeset

Restore "admin dir" warning on login page

Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin
checks on login page to remove the logic checking for pre 1.0 upgrade
steps.

However, it also (probably unintentionally) removed the check for admin
directory presence, so administrators are no longer reminded that they
should delete this directory, potentially leaving them exposed to
security breaches.

This commit restores the warning, and improves the error message.

Fixes 0023179
Stopgap measure for issue 0023173

mod - lang/strings_english.txt Diff File
mod - login_page.php Diff File