MantisBT - Piwigo
View Issue Details
0002844Piwigosecuritypublic2013.02.12 10:592013.02.12 11:21
plg 
plg 
normalminorhave not tried
closedfixed 
2.4.6 
2.4.72.4.7 
any
Apache 1.3.x
0002844: increase security on LocalFiles Editor
Such as pwg_token (avoid CSRF) as described by https://www.htbridge.com/advisory/HTB23144 [^]

Filter on files to edit.
No tags attached.
Issue History
2013.02.12 10:59plgNew Issue
2013.02.12 10:59plgStatusnew => assigned
2013.02.12 10:59plgAssigned To => plg
2013.02.12 10:59plgbrowser => any
2013.02.12 10:59plgWeb server => Apache 1.3.x
2013.02.12 11:01svnCheckin
2013.02.12 11:01svnNote Added: 0006846
2013.02.12 11:11svnCheckin
2013.02.12 11:11svnNote Added: 0006847
2013.02.12 11:20svnCheckin
2013.02.12 11:20svnNote Added: 0006848
2013.02.12 11:21svnCheckin
2013.02.12 11:21svnNote Added: 0006849
2013.02.12 11:21plgStatusassigned => closed
2013.02.12 11:21plgResolutionopen => fixed
2013.02.12 11:21plgFixed in Version => 2.4.7

Notes
(0006846)
svn   
2013.02.12 11:01   
[Subversion] r20712 by plg on branch 2.4

-----[Subversion commit log]----------------------------------------------------
bug 2844: increase security on LocalFiles Editor, filter on files to edit.
(0006847)
svn   
2013.02.12 11:11   
[Subversion] r20713 by plg on branch 2.4

-----[Subversion commit log]----------------------------------------------------
bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF
(0006848)
svn   
2013.02.12 11:20   
[Subversion] r20714 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r20712 from branch 2.4 to trunk

bug 2844: increase security on LocalFiles Editor, filter on files to edit.

(0006849)
svn   
2013.02.12 11:21   
[Subversion] r20715 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r20713 from branch 2.4 to trunk

bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF