View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0014538 | mantisbt | security | public | 2012-07-31 17:09 | 2014-12-08 00:34 |
Reporter | Y.P.Y | Assigned To | grangeway | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.11 | ||||
Target Version | 1.3.0-beta.1 | Fixed in Version | 1.3.0-beta.1 | ||
Summary | 0014538: plugins directory must be secured/fixed. | ||||
Description | http://127.0.0.1/plugins/MantisCoreFormatting/pages/config.php Fatal error: Call to undefined function auth_reauthenticate() in C:\WWW\index\mantisbt-1.2.11\plugins\MantisCoreFormatting\pages\config.php on line 17 http://127.0.0.1/plugins/MantisCoreFormatting/pages/config_edit.php Also directory listing are allowed. | ||||
Tags | No tags attached. | ||||
Ability to perform Directory listing is a setting of your web server, outside of MantisBT's control. With regards to the errors you report, I am not able to reproduce the problem you report (although I'm on Linux, and no access to Windows platform) |
|
Has nothing to Directory listing. |
|
I am able to reproduce the issue. I didn't have a deeper look how this can be fixed. |
|
You all are able to reproduce the issues! |
|
Well, we've added a web.config + .htaccess on the plugins directory, now, which should cover this. However, as others have said, whether web server acknowledges the existence of either of these files, and whether the plugins are authored correctly, is also down to the end user / plugin authors. |
|
MantisBT: master 78cee358 2014-05-29 05:59 Paul Richards Details Diff |
Fix 0017380: IIS: add web.config to deny access to config/ |
Affected Issues 0014538, 0017380 |
|
add - config/Web.config | Diff File | ||
add - core/Web.config | Diff File | ||
add - doc/Web.config | Diff File | ||
add - lang/Web.config | Diff File | ||
add - library/Web.config | Diff File | ||
add - packages/Web.config | Diff File | ||
add - plugins/.htaccess | Diff File | ||
add - plugins/Web.config | Diff File | ||
add - scripts/.htaccess | Diff File | ||
add - scripts/Web.config | Diff File |