0034854: Error when creating global profiles

ID	Project	Category	View Status	Date Submitted	Last Update
0034854	mantisbt	administration	public	2024-10-17 08:16	2025-03-01 18:40

Reporter	atrol	Assigned To	atrol
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	2.26.4
Target Version	2.27.1	Fixed in Version	2.27.1

Summary	0034854: Error when creating global profiles
Description	Get "Access Denied" when trying to create a new global profile. Regression intrododuced in 2.26.4 when fixing 0034640
Tags	No tags attached.

atrol 2024-10-17 08:21 developer ~0069359	PR https://github.com/mantisbt/mantisbt/pull/2040

atrol 2024-10-17 08:23 developer ~0069360	@dregad looks like this is fixed in 2.28.0 as a side effect of your refactoring.

dregad 2024-10-17 09:08 developer ~0069361	looks like this is fixed in 2.28.0 as a side effect of your refactoring. Yes it's quite possible. Do you want me to test and confirm ? I think it's better to apply the quick fix to 2.27.1 to fix the regression anyway, instead of backporting the refactor.

atrol 2024-10-18 16:38 developer ~0069365	Yes it's quite possible. Do you want me to test and confirm ? Not needed, I tested and found it's fixed. I think it's better to apply the quick fix to 2.27.1 to fix the regression anyway, instead of backporting the refactor. Agree, that's why I created the PR.

related to	0034640	closed	dregad	CVE-2024-45792: Insecure Direct Object References vulnerability with user profiles
related to	0034824	resolved	dregad	Multiple execution of the same query with Profile API functions

MantisBT: master-2.27 9d313412 2024-10-17 08:12 atrol Details Diff	Fix error when creating a global profile Fixes 0034854		Affected Issues 0034854
	mod - account_prof_update.php		Diff File