View Issue Details

IDProjectCategoryView StatusLast Update
0027383mantisbtadministrationpublic2020-10-09 04:02
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityN/A
Status assignedResolutionopen 
Target Version2.25.0 
Summary0027383: Move 'test_langs.php' script to admin checks
Description

Following discussion in 0027362, we can get rid of the script while keeping the functionality to help admins check for 3rd-party plugins language files by moving the logic into the Admin checks.

TagsNo tags attached.

Relationships

related to 0027362 resolveddregad Sourceforge [admin/test_langs.php] File missing from installation packages ( mantisbt-2.24.3.zip & mantisbt-2.24.3.tar.gz) 

Activities

dregad

dregad

2020-10-08 19:54

developer   ~0064536

Last edited: 2020-10-09 04:02

View 2 revisions

The script relies on eval() to check the language scripts' syntax.

I'm concerned with this, as this could lead to execution of potentially harmful code (scenario where admin installs a "trojan horse" 3rd-party plugin).
We need to find an alternative approach.

Issue History

Date Modified Username Field Change
2020-10-08 12:07 dregad New Issue
2020-10-08 12:07 dregad Status new => assigned
2020-10-08 12:07 dregad Assigned To => dregad
2020-10-08 12:07 dregad Issue generated from: 0027362
2020-10-08 12:07 dregad Relationship added related to 0027362
2020-10-08 19:54 dregad Note Added: 0064536
2020-10-09 04:02 dregad Note Edited: 0064536 View Revisions