Piwigo Bugtracker

Piwigo bug tracker has moved to Github

This bugtracker is kept to provide history on old issues.


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003055Piwigosecuritypublic2014.03.17 23:152014.03.18 23:20
Reporterplg 
Assigned Toplg 
PrioritynormalSeveritymajorReproducibilityN/A
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.6.0 
Target Version2.6.2Fixed in Version2.6.2 
Summary0003055: CSRF, increase security on 2.6 new API methods
Description* pwg.groups.addUser
* pwg.groups.deleteUser
* pwg.groups.setInfo
* pwg.users.add
* pwg.users.setInfo
* pwg.permissions.add
* pwg.permissions.remove

Add pwg_token
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
(0007370)
svn (reporter)
2014.03.17 23:16

[Subversion] r27810 by plg on branch 2.6

-----[Subversion commit log]----------------------------------------------------
bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)
(0007371)
svn (reporter)
2014.03.17 23:20

[Subversion] r27811 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r27810 from branch 2.6 to trunk

bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)


- Issue History
Date Modified Username Field Change
2014.03.17 23:15 plg New Issue
2014.03.17 23:15 plg Status new => assigned
2014.03.17 23:15 plg Assigned To => plg
2014.03.17 23:15 plg browser => any
2014.03.17 23:15 plg Web server => Apache 1.3.x
2014.03.17 23:16 svn Checkin
2014.03.17 23:16 svn Note Added: 0007370
2014.03.17 23:20 svn Checkin
2014.03.17 23:20 svn Note Added: 0007371
2014.03.18 23:20 plg Status assigned => closed
2014.03.18 23:20 plg Resolution open => fixed
2014.03.18 23:20 plg Fixed in Version => 2.6.2


Copyright © 2000 - 2016 MantisBT Team
Contact
Powered by Mantis Bugtracker