 Relationships |
|
| Anonymous | Login | Signup for a new account | 2013.05.25 18:25 CEST |
| Main | My View | View Issues | Change Log | Roadmap | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0002844 | [Piwigo] security | minor | have not tried | 2013.02.12 10:59 | 2013.02.12 11:21 | ||
| Reporter | plg | View Status | public | ||||
| Assigned To | plg | ||||||
| Priority | normal | Resolution | fixed | Platform | |||
| Status | closed | OS | |||||
| Projection | none | OS Version | |||||
| ETA | none | Fixed in Version | 2.4.7 | Product Version | 2.4.6 | ||
| Target Version | 2.4.7 | Product Build | |||||
| Summary | 0002844: increase security on LocalFiles Editor | ||||||
| Description |
Such as pwg_token (avoid CSRF) as described by https://www.htbridge.com/advisory/HTB23144 [^] Filter on files to edit. |
||||||
| Steps To Reproduce | |||||||
| Additional Information | |||||||
| Tags | No tags attached. | ||||||
| browser | any | ||||||
| Database engine and version | |||||||
| PHP version | |||||||
| Web server | Apache 1.3.x | ||||||
| Attached Files | |||||||
|
|
|||||||
|
Relationships |
|
|
Notes |
|
|
(0006846) svn (reporter) 2013.02.12 11:01 |
[Subversion] r20712 by plg on branch 2.4 -----[Subversion commit log]---------------------------------------------------- bug 2844: increase security on LocalFiles Editor, filter on files to edit. |
|
(0006847) svn (reporter) 2013.02.12 11:11 |
[Subversion] r20713 by plg on branch 2.4 -----[Subversion commit log]---------------------------------------------------- bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF |
|
(0006848) svn (reporter) 2013.02.12 11:20 |
[Subversion] r20714 by plg on trunk -----[Subversion commit log]---------------------------------------------------- merge r20712 from branch 2.4 to trunk bug 2844: increase security on LocalFiles Editor, filter on files to edit. |
|
(0006849) svn (reporter) 2013.02.12 11:21 |
[Subversion] r20715 by plg on trunk -----[Subversion commit log]---------------------------------------------------- merge r20713 from branch 2.4 to trunk bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2013.02.12 10:59 | plg | New Issue | |
| 2013.02.12 10:59 | plg | Status | new => assigned |
| 2013.02.12 10:59 | plg | Assigned To | => plg |
| 2013.02.12 10:59 | plg | browser | => any |
| 2013.02.12 10:59 | plg | Web server | => Apache 1.3.x |
| 2013.02.12 11:01 | svn | Checkin | |
| 2013.02.12 11:01 | svn | Note Added: 0006846 | |
| 2013.02.12 11:11 | svn | Checkin | |
| 2013.02.12 11:11 | svn | Note Added: 0006847 | |
| 2013.02.12 11:20 | svn | Checkin | |
| 2013.02.12 11:20 | svn | Note Added: 0006848 | |
| 2013.02.12 11:21 | svn | Checkin | |
| 2013.02.12 11:21 | svn | Note Added: 0006849 | |
| 2013.02.12 11:21 | plg | Status | assigned => closed |
| 2013.02.12 11:21 | plg | Resolution | open => fixed |
| 2013.02.12 11:21 | plg | Fixed in Version | => 2.4.7 |
| Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group Contact |  |
