0009554: Within a proxy enviroment users get the screens of other users - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0009554	mantisbt	security	public	2008-08-20 05:09	2009-06-26 12:02

Reporter	augur	Assigned To	jreese
Priority	normal	Severity	major	Reproducibility	sometimes
Status	closed	Resolution	duplicate
Platform	IIS 6.0 PHP 5	OS	Windows XP SP2	OS Version	1.1.1
Product Version	1.1.1

Summary	0009554: Within a proxy enviroment users get the screens of other users
Description	A customer of us uses a proxy and sometime the user get a screen (like the error reporting view) as another user. He could enter an error for a project he has not rights to do so (project ist private). This is strange...although when he gets the page, he should get an error from mantis, because of less access rights. But this is not catched by mantis.
Tags	No tags attached.

jreese 2008-08-20 10:27 reporter ~0019184	This should be fixed in 1.1.3 once it is released. In the meantime, you can try setting up your proxy to not cache any pages from Mantis, which should solve the problem in the meantime.

augur 2008-08-21 04:15 reporter ~0019190	This is sadly not easy possible for me, because it is a customer proxy. Could you tell me the important change, so I can add it to our 1.1.1 version of mantis by hand. Thanks a lot.

jreese 2008-08-21 07:14 reporter ~0019191	http://mantisbt.svn.sourceforge.net/viewvc/mantisbt?view=rev&revision=5457 http://mantisbt.svn.sourceforge.net/viewvc/mantisbt?view=rev&revision=5460

augur 2008-09-13 06:23 reporter ~0019395	Hi. Thanks a lot, I fix it and wait now for the official release. Could I close the issue somewhere???

jreese 2008-09-15 08:27 reporter ~0019398	Marking as a duplicate of 0009323.