Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002844Piwigosecuritypublic2013.02.12 10:592013.02.12 11:21
Reporterplg 
Assigned Toplg 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.4.6 
Target Version2.4.7Fixed in Version2.4.7 
Summary0002844: increase security on LocalFiles Editor
DescriptionSuch as pwg_token (avoid CSRF) as described by https://www.htbridge.com/advisory/HTB23144 [^]

Filter on files to edit.
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
(0006846)
svn (reporter)
2013.02.12 11:01

[Subversion] r20712 by plg on branch 2.4

-----[Subversion commit log]----------------------------------------------------
bug 2844: increase security on LocalFiles Editor, filter on files to edit.
(0006847)
svn (reporter)
2013.02.12 11:11

[Subversion] r20713 by plg on branch 2.4

-----[Subversion commit log]----------------------------------------------------
bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF
(0006848)
svn (reporter)
2013.02.12 11:20

[Subversion] r20714 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r20712 from branch 2.4 to trunk

bug 2844: increase security on LocalFiles Editor, filter on files to edit.

(0006849)
svn (reporter)
2013.02.12 11:21

[Subversion] r20715 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r20713 from branch 2.4 to trunk

bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF


- Issue History
Date Modified Username Field Change
2013.02.12 10:59 plg New Issue
2013.02.12 10:59 plg Status new => assigned
2013.02.12 10:59 plg Assigned To => plg
2013.02.12 10:59 plg browser => any
2013.02.12 10:59 plg Web server => Apache 1.3.x
2013.02.12 11:01 svn Checkin
2013.02.12 11:01 svn Note Added: 0006846
2013.02.12 11:11 svn Checkin
2013.02.12 11:11 svn Note Added: 0006847
2013.02.12 11:20 svn Checkin
2013.02.12 11:20 svn Note Added: 0006848
2013.02.12 11:21 svn Checkin
2013.02.12 11:21 svn Note Added: 0006849
2013.02.12 11:21 plg Status assigned => closed
2013.02.12 11:21 plg Resolution open => fixed
2013.02.12 11:21 plg Fixed in Version => 2.4.7


Copyright © 2000 - 2015 MantisBT Team
Contact
Powered by Mantis Bugtracker