Piwigo Bugtracker

Viewing Issue Advanced Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0002844 [Piwigo] security minor have not tried 2013.02.12 10:59 2013.02.12 11:21
Reporter plg View Status public  
Assigned To plg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 2.4.7 Product Version 2.4.6
  Target Version 2.4.7 Product Build
Summary 0002844: increase security on LocalFiles Editor
Description Such as pwg_token (avoid CSRF) as described by https://www.htbridge.com/advisory/HTB23144 [^]

Filter on files to edit.
Steps To Reproduce
Additional Information
Tags No tags attached.
browser any
Database engine and version
PHP version
Web server Apache 1.3.x
Attached Files

- Relationships

-  Notes
(0006846)
svn (reporter)
2013.02.12 11:01

[Subversion] r20712 by plg on branch 2.4

-----[Subversion commit log]----------------------------------------------------
bug 2844: increase security on LocalFiles Editor, filter on files to edit.
(0006847)
svn (reporter)
2013.02.12 11:11

[Subversion] r20713 by plg on branch 2.4

-----[Subversion commit log]----------------------------------------------------
bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF
(0006848)
svn (reporter)
2013.02.12 11:20

[Subversion] r20714 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r20712 from branch 2.4 to trunk

bug 2844: increase security on LocalFiles Editor, filter on files to edit.

(0006849)
svn (reporter)
2013.02.12 11:21

[Subversion] r20715 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r20713 from branch 2.4 to trunk

bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF


- Issue History
Date Modified Username Field Change
2013.02.12 10:59 plg New Issue
2013.02.12 10:59 plg Status new => assigned
2013.02.12 10:59 plg Assigned To => plg
2013.02.12 10:59 plg browser => any
2013.02.12 10:59 plg Web server => Apache 1.3.x
2013.02.12 11:01 svn Checkin
2013.02.12 11:01 svn Note Added: 0006846
2013.02.12 11:11 svn Checkin
2013.02.12 11:11 svn Note Added: 0006847
2013.02.12 11:20 svn Checkin
2013.02.12 11:20 svn Note Added: 0006848
2013.02.12 11:21 svn Checkin
2013.02.12 11:21 svn Note Added: 0006849
2013.02.12 11:21 plg Status assigned => closed
2013.02.12 11:21 plg Resolution open => fixed
2013.02.12 11:21 plg Fixed in Version => 2.4.7


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Contact
Powered by Mantis Bugtracker