MantisBT: master-1.3.x 21a15b88

Author Committer Branch Timestamp Parent
dregad dregad master-1.3.x 2017-08-03 16:54:04 master-1.3.x 17f9b94f
Affected Issues  0023173: CVE-2017-12419: Arbitrary File Read inside install.php script
 0023179: Login page no longer warns about 'admin' directory being present
 0023186: Improve doc and notifications when admin dir is present (CVE-2017-12419)
Changeset

Restore "admin dir" warning on login page

Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin
checks on login page to remove the logic checking for pre 1.0 upgrade
steps.

However, it also (probably unintentionally) removed the check for admin
directory presence, so administrators are no longer reminded that they
should delete this directory, potentially leaving them exposed to
security breaches.

This commit restores the warning, and improves the error message.

Fixes 0023179
Stopgap measure for issue 0023173

Backported from master-2.5 branch d6d7dc2dc7473637c8ac17a78c0374f16981f409

mod - lang/strings_english.txt Diff File
mod - login_page.php Diff File