View Issue Details

IDProjectCategoryView StatusLast Update
0030922mantisbtbugtrackerpublic2023-02-22 19:21
ReporterChrisG Assigned Tocommunity  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Target Version2.25.6Fixed in Version2.25.6 
Summary0030922: Browser extensions may trigger automatic bug monitoring

Browsers/extensions may pre-load any GET URL, including from forms. GET is specified as read-only.
However, the monitoring form submits via GET. If you don't fill in a username, it monitors under the current logged in user - i.e. it needs no input.
Some users may therefore automatically monitor any bug they view.

Additional Information

Pull request is here

TagsNo tags attached.


There are no notes attached to this issue.

Related Changesets

MantisBT: master-2.25 94520849

2022-08-11 14:50


Committer: dregad

Details Diff
Form should be a POST not a GET

Using GET in Bug Monitor Add form on view.php, may cause bugs viewed by
user to be auto-monitored because browsers/extensions may pre-load any
GET URL, including from forms; GET is specified as read-only.

Fixes 0030922, PR

Signed-off-by: Damien Regad <>

Changes to original submission: improved commit message
Affected Issues
mod - bug_view_inc.php Diff File