View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0023179 | mantisbt | security | public | 2017-08-03 06:25 | 2017-09-03 18:41 |
Reporter | dregad | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.3.0-beta.1 | ||||
Target Version | 2.5.2 | Fixed in Version | 2.5.2 | ||
Summary | 0023179: Login page no longer warns about 'admin' directory being present | ||||
Description | Commit MantisBT master 9da643a6 modified the admin checks to remove the logic checking for pre 1.0 upgrade steps. However, it also (probably unintentionally) removed the check for admin directory presence, so administrators are no longer reminded that they should delete this directory, potentially leaving them exposed to security breaches. | ||||
Tags | No tags attached. | ||||
MantisBT: master-2.5 d6d7dc2d 2017-08-03 12:54 Details Diff |
Restore "admin dir" warning on login page Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin checks on login page to remove the logic checking for pre 1.0 upgrade steps. However, it also (probably unintentionally) removed the check for admin directory presence, so administrators are no longer reminded that they should delete this directory, potentially leaving them exposed to security breaches. This commit restores the warning, and improves the error message. Fixes 0023179 Stopgap measure for issue 0023173 |
Affected Issues 0023173, 0023179, 0023185 |
|
mod - lang/strings_english.txt | Diff File | ||
mod - login_page.php | Diff File | ||
MantisBT: master-1.3.x 21a15b88 2017-08-03 12:54 Details Diff |
Restore "admin dir" warning on login page Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin checks on login page to remove the logic checking for pre 1.0 upgrade steps. However, it also (probably unintentionally) removed the check for admin directory presence, so administrators are no longer reminded that they should delete this directory, potentially leaving them exposed to security breaches. This commit restores the warning, and improves the error message. Fixes 0023179 Stopgap measure for issue 0023173 Backported from master-2.5 branch d6d7dc2dc7473637c8ac17a78c0374f16981f409 |
Affected Issues 0023173, 0023179, 0023186 |
|
mod - lang/strings_english.txt | Diff File | ||
mod - login_page.php | Diff File |