View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0036885mantisbtotherpublic2026-02-15 00:072026-03-16 12:06
Reporterraspopov Assigned Tocommunity  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.28.0 
Target Version2.29.0Fixed in Version2.29.0 
Summary0036885: Unreliable implementation of HTTP redirects
Description

If an error occurs before calling print_header_redirect() and the inline error display is enabled, the rest of the code on the page below the call may still execute. This results in a corrupted page displaying an error message and the rest of the original page.

Personally, I haven't tested for vulnerabilities, but changing the order of execution is a typical pattern for exploiting vulnerabilities.

Steps To Reproduce

I discovered this problem while debugging changes to the generation of MantisBT page URLs and the corresponding redirects. The conditions are quite unique.

Additional Information

The function call locations appear to imply that control should never return from the function; when redirecting, there is no point in displaying the page content.

TagsNo tags attached.

Relationships

Relationship GraphDependency Graph
related to 0036810 closeddregad Accessing bug_report_page.php (and other pages) anonymously results in blank page 

Activities

raspopov

raspopov

2026-02-15 00:38

reporter   ~0070794

PR: https://github.com/mantisbt/mantisbt/pull/2186

Related Changesets

MantisBT: master fb201cfc

2026-03-07 13:18

raspopov

Committer: community


Details Diff		 Fix the print_header_redirect() function

The function now never returns control. The second parameter of the
function `bool $p_die` has been removed because it has lost its
practical meaning.

Fixes 0036885, PR https://github.com/mantisbt/mantisbt/pull/2186		 Affected Issues
0036885
mod - account_prefs_reset.php Diff File
mod - bug_report_page.php Diff File
mod - core/access_api.php Diff File
mod - core/authentication_api.php Diff File
mod - core/print_api.php Diff File
mod - login_cookie_test.php Diff File
mod - login_page.php Diff File
mod - login_password_page.php Diff File
mod - login_select_proj_page.php Diff File
mod - logout_page.php Diff File
mod - manage_user_delete.php Diff File
mod - set_project.php Diff File
mod - view_all_bug_page.php Diff File
mod - wiki.php Diff File