MantisBT: master-1.3.x 10211c90

Author Committer Branch Timestamp Parent
dregad dregad master-1.3.x 2017-08-04 17:45:55 master-1.3.x 600d0e0b
Affected Issues  0023173: CVE-2017-12419: Arbitrary File Read inside install.php script
 0023186: Improve doc and notifications when admin dir is present (CVE-2017-12419)

Improve admin information about CVE-2017-12419

  • Add admin check for mysqli.allow_local_infile
  • Add reminder to remove admin dir at end of Admin checks
  • Improve post-install tasks section of Admin Guide: add explicit
    warning about potential consequences of not deleting the admin
    directory, more descriptive wording.

Stopgap measures for issue 0023173

Backported from master-2.5 branch 3a7c6f75bf3c4bc0856ebffe388df9e46ac10e5d


mod - admin/check/check_database_inc.php Diff File
mod - admin/check/index.php Diff File
mod - docbook/Admin_Guide/en-US/Installation.xml Diff File