[Secure-testing-team] Bug#481504: CVE-2008-2276: Cross-site request forgery (CSRF) vulnerability
Steffen Joeris
steffen.joeris at skolelinux.de
Fri May 16 14:41:55 UTC 2008
Package: mantis
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE(0) id has been issued against mantis.
CVE-2008-2276:
Cross-site request forgery (CSRF) vulnerability in Mantis 1.1.1 allows
remote attackers to create new administrative users via user_create.
Please mention the CVE id in your changelog, if you happen to fix it
via an upload.
I attached the upstream commit for this issue. Please have a look, I
will also try and take a deep look tomorrow.
Cheers
Steffen
(0): http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2276
-------------- next part --------------
Index: mantisbt/news_delete.php
===================================================================
--- mantisbt/news_delete.php (revision 5131)
+++ mantisbt/news_delete.php (revision 5132)
@@ -20,15 +20,15 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'news_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_news_id = gpc_get_int( 'news_id' );
$row = news_get_row( $f_news_id );
Index: mantisbt/print_all_bug_options_reset.php
===================================================================
--- mantisbt/print_all_bug_options_reset.php (revision 5131)
+++ mantisbt/print_all_bug_options_reset.php (revision 5132)
@@ -30,6 +30,8 @@
require_once( $t_core_path.'current_user_api.php' );
require( 'print_all_bug_options_inc.php' );
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
# protected account check
Index: mantisbt/print_all_bug_options_update.php
===================================================================
--- mantisbt/print_all_bug_options_update.php (revision 5131)
+++ mantisbt/print_all_bug_options_update.php (revision 5132)
@@ -20,15 +20,16 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Updates printing prefs then redirect to print_all_bug_page_page.php
-?>
-<?php require_once( 'core.php' ) ?>
-<?php require( 'print_all_bug_options_inc.php' ) ?>
-<?php auth_ensure_user_authenticated() ?>
-<?php
+ require_once( 'core.php' );
+ require( 'print_all_bug_options_inc.php' );
+
+ helper_ensure_post();
+
+ auth_ensure_user_authenticated();
+
$f_user_id = gpc_get_int( 'user_id' );
$f_redirect_url = gpc_get_string( 'redirect_url' );
Index: mantisbt/bug_reminder.php
===================================================================
--- mantisbt/bug_reminder.php (revision 5131)
+++ mantisbt/bug_reminder.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,11 +20,9 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# This page allows an authorized user to send a reminder by email to another user
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
@@ -32,8 +30,9 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'email_api.php' );
require_once( $t_core_path.'bugnote_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
$f_to = gpc_get_int_array( 'to' );
$f_body = gpc_get_string( 'body' );
Index: mantisbt/manage_proj_cat_copy.php
===================================================================
--- mantisbt/manage_proj_cat_copy.php (revision 5131)
+++ mantisbt/manage_proj_cat_copy.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'category_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/bug_relationship_add.php
===================================================================
--- mantisbt/bug_relationship_add.php (revision 5131)
+++ mantisbt/bug_relationship_add.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -29,6 +29,8 @@
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path . 'relationship_api.php' );
+ helper_ensure_post();
+
$f_rel_type = gpc_get_int( 'rel_type' );
$f_src_bug_id = gpc_get_int( 'src_bug_id' );
$f_dest_bug_id_string = gpc_get_string( 'dest_bug_id' );
Index: mantisbt/manage_plugin_update.php
===================================================================
--- mantisbt/manage_plugin_update.php (revision 5131)
+++ mantisbt/manage_plugin_update.php (revision 5132)
@@ -24,6 +24,8 @@
define( 'PLUGINS_DISABLED', true );
require_once( 'core.php' );
+helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
Index: mantisbt/manage_custom_field_create.php
===================================================================
--- mantisbt/manage_custom_field_create.php (revision 5131)
+++ mantisbt/manage_custom_field_create.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'custom_field_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_custom_fields_threshold' ) );
Index: mantisbt/manage_proj_custom_field_copy.php
===================================================================
--- mantisbt/manage_proj_custom_field_copy.php (revision 5131)
+++ mantisbt/manage_proj_custom_field_copy.php (revision 5132)
@@ -23,6 +23,8 @@
require_once('core.php');
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/manage_proj_user_copy.php
===================================================================
--- mantisbt/manage_proj_user_copy.php (revision 5131)
+++ mantisbt/manage_proj_user_copy.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/manage_plugin_upgrade.php
===================================================================
--- mantisbt/manage_plugin_upgrade.php (revision 5131)
+++ mantisbt/manage_plugin_upgrade.php (revision 5132)
@@ -24,6 +24,8 @@
define( 'PLUGINS_DISABLED', true );
require_once( 'core.php' );
+helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
Index: mantisbt/tag_update.php
===================================================================
--- mantisbt/tag_update.php (revision 5131)
+++ mantisbt/tag_update.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path . 'tag_api.php' );
+ helper_ensure_post();
+
compress_enable();
$f_tag_id = gpc_get_int( 'tag_id' );
Index: mantisbt/bug_relationship_delete.php
===================================================================
--- mantisbt/bug_relationship_delete.php (revision 5131)
+++ mantisbt/bug_relationship_delete.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -36,6 +36,8 @@
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path . 'relationship_api.php' );
+ helper_ensure_post();
+
$f_rel_id = gpc_get_int( 'rel_id' );
$f_bug_id = gpc_get_int( 'bug_id' );
Index: mantisbt/account_sponsor_update.php
===================================================================
--- mantisbt/account_sponsor_update.php (revision 5131)
+++ mantisbt/account_sponsor_update.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,23 +20,21 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
- # This page updates a user's information
+
+ # This page updates a user's sponsorships
# If an account is protected then changes are forbidden
# The page gets redirected back to account_page.php
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'email_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
-?>
-<?php
+
$f_bug_list = gpc_get_string( 'buglist', '' );
$t_bug_list = explode( ',', $f_bug_list );
Index: mantisbt/manage_proj_custom_field_update.php
===================================================================
--- mantisbt/manage_proj_custom_field_update.php (revision 5131)
+++ mantisbt/manage_proj_custom_field_update.php (revision 5132)
@@ -20,15 +20,15 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'custom_field_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_field_id = gpc_get_int( 'field_id' );
$f_project_id = gpc_get_int( 'project_id' );
$f_sequence = gpc_get_int( 'sequence' );
Index: mantisbt/account_prof_update.php
===================================================================
--- mantisbt/account_prof_update.php (revision 5131)
+++ mantisbt/account_prof_update.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -30,6 +30,8 @@
require_once( $t_core_path.'profile_api.php' );
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
Index: mantisbt/bugnote_delete.php
===================================================================
--- mantisbt/bugnote_delete.php (revision 5131)
+++ mantisbt/bugnote_delete.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,12 +20,10 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Remove the bugnote and bugnote text and redirect back to
# the viewing page
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
@@ -33,10 +31,11 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'bugnote_api.php' );
require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bugnote_id = gpc_get_int( 'bugnote_id' );
-
+
$t_bug_id = bugnote_get_field( $f_bugnote_id, 'bug_id' );
$t_bug = bug_get( $t_bug_id, true );
Index: mantisbt/lang/strings_english.txt
===================================================================
--- mantisbt/lang/strings_english.txt (revision 5131)
+++ mantisbt/lang/strings_english.txt (revision 5132)
@@ -313,6 +313,7 @@
$MANTIS_ERROR[ERROR_PLUGIN_PAGE_NOT_FOUND] = 'Plugin page not found.';
$MANTIS_ERROR[ERROR_COLUMNS_DUPLICATE] = 'Field \'%s\' contains duplcate column \'%s\'.';
$MANTIS_ERROR[ERROR_COLUMNS_INVALID] = 'Field \'%s\' contains invalid field \'%s\'';
+$MANTIS_ERROR[ERROR_INVALID_REQUEST_METHOD] = 'This page cannot be accessed using this method.';
$s_login_error = 'Your account may be disabled or blocked or the username/password you entered is incorrect.';
$s_login_cookies_disabled = 'Your browser either doesn\'t know how to handle cookies, or refuses to handle them.';
Index: mantisbt/manage_plugin_install.php
===================================================================
--- mantisbt/manage_plugin_install.php (revision 5131)
+++ mantisbt/manage_plugin_install.php (revision 5132)
@@ -24,6 +24,8 @@
define( 'PLUGINS_DISABLED', true );
require_once( 'core.php' );
+helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
Index: mantisbt/manage_proj_delete.php
===================================================================
--- mantisbt/manage_proj_delete.php (revision 5131)
+++ mantisbt/manage_proj_delete.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/bugnote_add.php
===================================================================
--- mantisbt/bugnote_add.php (revision 5131)
+++ mantisbt/bugnote_add.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,8 +20,7 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Insert the bugnote into the database then redirect to the bug page
require_once( 'core.php' );
@@ -31,6 +30,8 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'bugnote_api.php' );
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
$f_private = gpc_get_bool( 'private' );
$f_time_tracking = gpc_get_string( 'time_tracking', '0:00' );
Index: mantisbt/news_update.php
===================================================================
--- mantisbt/news_update.php (revision 5131)
+++ mantisbt/news_update.php (revision 5132)
@@ -20,8 +20,7 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
@@ -29,8 +28,9 @@
require_once( $t_core_path.'news_api.php' );
require_once( $t_core_path.'string_api.php' );
require_once( $t_core_path.'print_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_news_id = gpc_get_int( 'news_id' );
$f_project_id = gpc_get_int( 'project_id' );
$f_view_state = gpc_get_int( 'view_state' );
Index: mantisbt/manage_proj_cat_add.php
===================================================================
--- mantisbt/manage_proj_cat_add.php (revision 5131)
+++ mantisbt/manage_proj_cat_add.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'category_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/query_store.php
===================================================================
--- mantisbt/query_store.php (revision 5131)
+++ mantisbt/query_store.php (revision 5132)
@@ -28,6 +28,8 @@
require_once( $t_core_path.'string_api.php' );
require_once( $t_core_path.'date_api.php' );
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
compress_enable();
Index: mantisbt/bug_file_add.php
===================================================================
--- mantisbt/bug_file_add.php (revision 5131)
+++ mantisbt/bug_file_add.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,18 +20,17 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Add file to a bug and then view the bug
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'file_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id', -1 );
$f_file = gpc_get_file( 'file', -1 );
Index: mantisbt/lost_pwd.php
===================================================================
--- mantisbt/lost_pwd.php (revision 5131)
+++ mantisbt/lost_pwd.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -27,6 +27,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
# lost password feature disabled or reset password via email disabled -> stop here!
if( OFF == config_get( 'lost_password_feature' ) ||
OFF == config_get( 'send_reset_password' ) ||
Index: mantisbt/manage_plugin_uninstall.php
===================================================================
--- mantisbt/manage_plugin_uninstall.php (revision 5131)
+++ mantisbt/manage_plugin_uninstall.php (revision 5132)
@@ -24,6 +24,8 @@
define( 'PLUGINS_DISABLED', true );
require_once( 'core.php' );
+helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
Index: mantisbt/manage_proj_custom_field_add_existing.php
===================================================================
--- mantisbt/manage_proj_custom_field_add_existing.php (revision 5131)
+++ mantisbt/manage_proj_custom_field_add_existing.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'custom_field_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_field_id = gpc_get_int( 'field_id' );
Index: mantisbt/bug_assign_reporter.php
===================================================================
--- mantisbt/bug_assign_reporter.php (revision 5131)
+++ mantisbt/bug_assign_reporter.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,18 +20,17 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Assign bug to user then redirect to viewing page
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'bug_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_bug_id );
Index: mantisbt/bugnote_update.php
===================================================================
--- mantisbt/bugnote_update.php (revision 5131)
+++ mantisbt/bugnote_update.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,11 +20,9 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Update bugnote data then redirect to the appropriate viewing page
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
@@ -32,8 +30,9 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'bugnote_api.php' );
require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bugnote_id = gpc_get_int( 'bugnote_id' );
$f_bugnote_text = gpc_get_string( 'bugnote_text', '' );
$f_time_tracking = gpc_get_string( 'time_tracking', '0:00' );
Index: mantisbt/manage_custom_field_delete.php
===================================================================
--- mantisbt/manage_custom_field_delete.php (revision 5131)
+++ mantisbt/manage_custom_field_delete.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'custom_field_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_custom_fields_threshold' ) );
Index: mantisbt/proj_doc_add.php
===================================================================
--- mantisbt/proj_doc_add.php (revision 5131)
+++ mantisbt/proj_doc_add.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'file_api.php' );
+ helper_ensure_post();
+
# Check if project documentation feature is enabled.
if ( OFF == config_get( 'enable_project_documentation' ) ) {
access_denied();
Index: mantisbt/manage_user_create.php
===================================================================
--- mantisbt/manage_user_create.php (revision 5131)
+++ mantisbt/manage_user_create.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'email_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: mantisbt/manage_config_workflow_set.php
===================================================================
--- mantisbt/manage_config_workflow_set.php (revision 5131)
+++ mantisbt/manage_config_workflow_set.php (revision 5132)
@@ -26,6 +26,8 @@
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'email_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$t_can_change_level = min( config_get_access( 'notify_flags' ), config_get_access( 'default_notify_flags' ) );
Index: mantisbt/manage_proj_update.php
===================================================================
--- mantisbt/manage_proj_update.php (revision 5131)
+++ mantisbt/manage_proj_update.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/manage_custom_field_proj_add.php
===================================================================
--- mantisbt/manage_custom_field_proj_add.php (revision 5131)
+++ mantisbt/manage_custom_field_proj_add.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_field_id = gpc_get_int( 'field_id' );
Index: mantisbt/query_delete.php
===================================================================
--- mantisbt/query_delete.php (revision 5131)
+++ mantisbt/query_delete.php (revision 5132)
@@ -28,6 +28,8 @@
require_once( $t_core_path.'string_api.php' );
require_once( $t_core_path.'date_api.php' );
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
compress_enable();
Index: mantisbt/manage_proj_user_add.php
===================================================================
--- mantisbt/manage_proj_user_add.php (revision 5131)
+++ mantisbt/manage_proj_user_add.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/account_prof_add.php
===================================================================
--- mantisbt/account_prof_add.php (revision 5131)
+++ mantisbt/account_prof_add.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,23 +20,21 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# This file adds a new profile and redirects to account_proj_menu_page.php
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'profile_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
-?>
-<?php
+
$f_platform = gpc_get_string( 'platform' );
$f_os = gpc_get_string( 'os' );
$f_os_build = gpc_get_string( 'os_build' );
Index: mantisbt/manage_proj_cat_delete.php
===================================================================
--- mantisbt/manage_proj_cat_delete.php (revision 5131)
+++ mantisbt/manage_proj_cat_delete.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'category_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_category_id = gpc_get_string( 'id' );
Index: mantisbt/manage_proj_custom_field_remove.php
===================================================================
--- mantisbt/manage_proj_custom_field_remove.php (revision 5131)
+++ mantisbt/manage_proj_custom_field_remove.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'custom_field_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_field_id = gpc_get_int( 'field_id' );
Index: mantisbt/tag_attach.php
===================================================================
--- mantisbt/tag_attach.php (revision 5131)
+++ mantisbt/tag_attach.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path . 'tag_api.php' );
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
$f_tag_select = gpc_get_int( 'tag_select' );
$f_tag_string = gpc_get_string( 'tag_string' );
Index: mantisbt/signup.php
===================================================================
--- mantisbt/signup.php (revision 5131)
+++ mantisbt/signup.php (revision 5132)
@@ -28,6 +28,8 @@
require_once( $t_core_path.'email_api.php' );
require_once( $t_core_path . 'disposable' . DIRECTORY_SEPARATOR . 'disposable.php' );
+ helper_ensure_post();
+
$f_username = strip_tags( gpc_get_string( 'username' ) );
$f_email = strip_tags( gpc_get_string( 'email' ) );
$f_captcha = gpc_get_string( 'captcha', '' );
Index: mantisbt/bug_actiongroup_ext.php
===================================================================
--- mantisbt/bug_actiongroup_ext.php (revision 5131)
+++ mantisbt/bug_actiongroup_ext.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -28,19 +28,21 @@
require_once( $t_core_path . 'bug_api.php' );
require_once( $t_core_path . 'bug_group_action_api.php' );
- auth_ensure_user_authenticated();
+ helper_ensure_post();
+ auth_ensure_user_authenticated();
+
helper_begin_long_process();
- $f_action = gpc_get_string( 'action' );
+ $f_action = gpc_get_string( 'action' );
$f_bug_arr = gpc_get_int_array( 'bug_arr', array() );
- $t_action_include_file = 'bug_actiongroup_' . $f_action . '_inc.php';
+ $t_action_include_file = 'bug_actiongroup_' . $f_action . '_inc.php';
- require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . $t_action_include_file );
-
- # group bugs by project
- $t_projects_bugs = array();
+ require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . $t_action_include_file );
+
+ # group bugs by project
+ $t_projects_bugs = array();
foreach( $f_bug_arr as $t_bug_id ) {
bug_ensure_exists( $t_bug_id );
$t_bug = bug_get( $t_bug_id, true );
Index: mantisbt/bug_monitor.php
===================================================================
--- mantisbt/bug_monitor.php (revision 5131)
+++ mantisbt/bug_monitor.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,18 +20,17 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# This file turns monitoring on or off for a bug for the current user
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'bug_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
$t_bug = bug_get( $f_bug_id, true );
Index: mantisbt/manage_custom_field_update.php
===================================================================
--- mantisbt/manage_custom_field_update.php (revision 5131)
+++ mantisbt/manage_custom_field_update.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'custom_field_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_custom_fields_threshold' ) );
Index: mantisbt/manage_config_columns_set.php
===================================================================
--- mantisbt/manage_config_columns_set.php (revision 5131)
+++ mantisbt/manage_config_columns_set.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -28,6 +28,8 @@
require_once( $t_core_path . 'columns_api.php' );
require_once( $t_core_path . 'gpc_api.php' );
+ helper_ensure_post();
+
# @@@ access_ensure_project_level( config_get( 'manage_project_threshold' ) );
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/manage_user_reset.php
===================================================================
--- mantisbt/manage_user_reset.php (revision 5131)
+++ mantisbt/manage_user_reset.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: mantisbt/manage_proj_update_children.php
===================================================================
--- mantisbt/manage_proj_update_children.php (revision 5131)
+++ mantisbt/manage_proj_update_children.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( $t_core_path.'project_hierarchy_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/bug_file_delete.php
===================================================================
--- mantisbt/bug_file_delete.php (revision 5131)
+++ mantisbt/bug_file_delete.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -29,6 +29,8 @@
require_once( $t_core_path.'file_api.php' );
+ helper_ensure_post();
+
$f_file_id = gpc_get_int( 'file_id' );
$t_bug_id = file_get_field( $f_file_id, 'bug_id' );
Index: mantisbt/manage_config_email_set.php
===================================================================
--- mantisbt/manage_config_email_set.php (revision 5131)
+++ mantisbt/manage_config_email_set.php (revision 5132)
@@ -26,6 +26,8 @@
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'email_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$t_can_change_level = min( config_get_access( 'notify_flags' ), config_get_access( 'default_notify_flags' ) );
Index: mantisbt/manage_user_prune.php
===================================================================
--- mantisbt/manage_user_prune.php (revision 5131)
+++ mantisbt/manage_user_prune.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: mantisbt/manage_proj_ver_add.php
===================================================================
--- mantisbt/manage_proj_ver_add.php (revision 5131)
+++ mantisbt/manage_proj_ver_add.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'version_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/manage_user_delete.php
===================================================================
--- mantisbt/manage_user_delete.php (revision 5131)
+++ mantisbt/manage_user_delete.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: mantisbt/manage_proj_cat_update.php
===================================================================
--- mantisbt/manage_proj_cat_update.php (revision 5131)
+++ mantisbt/manage_proj_cat_update.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'category_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_category_id = gpc_get_int( 'category_id' );
Index: mantisbt/account_delete.php
===================================================================
--- mantisbt/account_delete.php (revision 5131)
+++ mantisbt/account_delete.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -43,6 +43,8 @@
# (none)
#============ Permissions ============
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
Index: mantisbt/manage_proj_ver_delete.php
===================================================================
--- mantisbt/manage_proj_ver_delete.php (revision 5131)
+++ mantisbt/manage_proj_ver_delete.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'version_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_version_id = gpc_get_int( 'version_id' );
Index: mantisbt/manage_proj_user_remove.php
===================================================================
--- mantisbt/manage_proj_user_remove.php (revision 5131)
+++ mantisbt/manage_proj_user_remove.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/bug_delete.php
===================================================================
--- mantisbt/bug_delete.php (revision 5131)
+++ mantisbt/bug_delete.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -29,6 +29,8 @@
$f_bug_id = gpc_get_int( 'bug_id' );
+ helper_ensure_post();
+
access_ensure_bug_level( config_get( 'delete_bug_threshold' ), $f_bug_id );
$t_bug = bug_get( $f_bug_id, true );
Index: mantisbt/manage_user_proj_delete.php
===================================================================
--- mantisbt/manage_user_proj_delete.php (revision 5131)
+++ mantisbt/manage_user_proj_delete.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/adm_config_delete.php
===================================================================
--- mantisbt/adm_config_delete.php (revision 5131)
+++ mantisbt/adm_config_delete.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
$f_user_id = gpc_get_int( 'user_id' );
$f_project_id = gpc_get_int( 'project_id' );
$f_config_option = gpc_get_string( 'config_option' );
Index: mantisbt/proj_doc_delete.php
===================================================================
--- mantisbt/proj_doc_delete.php (revision 5131)
+++ mantisbt/proj_doc_delete.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
# Check if project documentation feature is enabled.
if ( OFF == config_get( 'enable_project_documentation' ) ) {
access_denied();
Index: mantisbt/tag_detach.php
===================================================================
--- mantisbt/tag_detach.php (revision 5131)
+++ mantisbt/tag_detach.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path . 'tag_api.php' );
+ helper_ensure_post();
+
$f_tag_id = gpc_get_int( 'tag_id' );
$f_bug_id = gpc_get_int( 'bug_id' );
Index: mantisbt/news_add.php
===================================================================
--- mantisbt/news_add.php (revision 5131)
+++ mantisbt/news_add.php (revision 5132)
@@ -20,16 +20,16 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'news_api.php' );
require_once( $t_core_path.'print_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
access_ensure_project_level( config_get( 'manage_news_threshold' ) );
$f_view_state = gpc_get_int( 'view_state' );
Index: mantisbt/manage_user_update.php
===================================================================
--- mantisbt/manage_user_update.php (revision 5131)
+++ mantisbt/manage_user_update.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'email_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: mantisbt/account_prefs_update.php
===================================================================
--- mantisbt/account_prefs_update.php (revision 5131)
+++ mantisbt/account_prefs_update.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,21 +20,19 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Updates prefs then redirect to account_prefs_page.php3
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'user_pref_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
-?>
-<?php
+
$f_user_id = gpc_get_int( 'user_id' );
$f_redirect_url = gpc_get_string( 'redirect_url' );
Index: mantisbt/account_update.php
===================================================================
--- mantisbt/account_update.php (revision 5131)
+++ mantisbt/account_update.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,25 +20,23 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# This page updates a user's information
# If an account is protected then changes are forbidden
# The page gets redirected back to account_page.php
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'email_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
-?>
-<?php
+
$f_email = gpc_get_string( 'email', '' );
$f_realname = gpc_get_string( 'realname', '' );
$f_password = gpc_get_string( 'password', '' );
Index: mantisbt/manage_proj_ver_update.php
===================================================================
--- mantisbt/manage_proj_ver_update.php (revision 5131)
+++ mantisbt/manage_proj_ver_update.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'version_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_version_id = gpc_get_int( 'version_id' );
Index: mantisbt/core/helper_api.php
===================================================================
--- mantisbt/core/helper_api.php (revision 5131)
+++ mantisbt/core/helper_api.php (revision 5132)
@@ -502,4 +502,16 @@
return (int)$t_min;
}
+
+ #
+ #-------------------------------------------------
+ # check access method is POST, return if true, else call error handler
+ function helper_ensure_post()
+ {
+ if ( isset( $_SERVER['REQUEST_METHOD'] ) && ( strtoupper( $_SERVER['REQUEST_METHOD'] ) != 'POST' ) ) {
+ trigger_error( ERROR_INVALID_REQUEST_METHOD, ERROR );
+ }
+
+ }
+
?>
Index: mantisbt/core/constant_inc.php
===================================================================
--- mantisbt/core/constant_inc.php (revision 5131)
+++ mantisbt/core/constant_inc.php (revision 5132)
@@ -194,6 +194,7 @@
define( 'ERROR_FTP_CONNECT_ERROR', 16 );
define( 'ERROR_HANDLER_ACCESS_TOO_LOW', 17 );
define( 'ERROR_PAGE_REDIRECTION', 18 );
+ define( 'ERROR_INVALID_REQUEST_METHOD', 19 );
# ERROR_CONFIG_*
define( 'ERROR_CONFIG_OPT_NOT_FOUND', 100 );
Index: mantisbt/manage_config_revert.php
===================================================================
--- mantisbt/manage_config_revert.php (revision 5131)
+++ mantisbt/manage_config_revert.php (revision 5132)
@@ -25,6 +25,8 @@
$t_core_path = config_get( 'core_path' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project', 0 );
Index: mantisbt/bug_report.php
===================================================================
--- mantisbt/bug_report.php (revision 5131)
+++ mantisbt/bug_report.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -32,6 +32,8 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'custom_field_api.php' );
+ helper_ensure_post();
+
access_ensure_project_level( config_get('report_bug_threshold' ) );
$t_bug_data = new BugData;
Index: mantisbt/bug_update.php
===================================================================
--- mantisbt/bug_update.php (revision 5131)
+++ mantisbt/bug_update.php (revision 5132)
@@ -20,11 +20,9 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Update bug data then redirect to the appropriate viewing page
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
@@ -32,8 +30,9 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'bugnote_api.php' );
require_once( $t_core_path.'custom_field_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
$f_update_mode = gpc_get_bool( 'update_mode', FALSE ); # set if called from generic update page
$f_new_status = gpc_get_int( 'status', bug_get_field( $f_bug_id, 'status' ) );
Index: mantisbt/bug_assign.php
===================================================================
--- mantisbt/bug_assign.php (revision 5131)
+++ mantisbt/bug_assign.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,18 +20,16 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Assign bug to user then redirect to viewing page
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'bug_api.php' );
-?>
-<?php
+ helper_ensure_post();
+
$f_bug_id = gpc_get_int( 'bug_id' );
$t_bug = bug_get( $f_bug_id );
Index: mantisbt/bug_actiongroup.php
===================================================================
--- mantisbt/bug_actiongroup.php (revision 5131)
+++ mantisbt/bug_actiongroup.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,19 +20,18 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# This page allows actions to be performed an an array of bugs
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'bug_api.php' );
-?>
-<?php auth_ensure_user_authenticated() ?>
-<?php
+
+ helper_ensure_post();
+
+ auth_ensure_user_authenticated();
helper_begin_long_process();
$f_action = gpc_get_string( 'action' );
Index: mantisbt/manage_user_proj_add.php
===================================================================
--- mantisbt/manage_user_proj_add.php (revision 5131)
+++ mantisbt/manage_user_proj_add.php (revision 5132)
@@ -23,6 +23,8 @@
require_once( 'core.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_user_id = gpc_get_int( 'user_id' );
Index: mantisbt/account_prefs_reset.php
===================================================================
--- mantisbt/account_prefs_reset.php (revision 5131)
+++ mantisbt/account_prefs_reset.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -47,6 +47,8 @@
$f_redirect_url = gpc_get_string( 'redirect_url', 'account_prefs_page.php' );
#============ Permissions ============
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
user_ensure_unprotected( $f_user_id );
Index: mantisbt/tag_delete.php
===================================================================
--- mantisbt/tag_delete.php (revision 5131)
+++ mantisbt/tag_delete.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path . 'tag_api.php' );
+ helper_ensure_post();
+
access_ensure_global_level( config_get( 'tag_edit_threshold' ) );
$f_tag_id = gpc_get_int( 'tag_id' );
Index: mantisbt/manage_proj_subproj_add.php
===================================================================
--- mantisbt/manage_proj_subproj_add.php (revision 5131)
+++ mantisbt/manage_proj_subproj_add.php (revision 5132)
@@ -25,6 +25,8 @@
$t_core_path = config_get( 'core_path' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/bug_set_sponsorship.php
===================================================================
--- mantisbt/bug_set_sponsorship.php (revision 5131)
+++ mantisbt/bug_set_sponsorship.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,14 +20,15 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path . 'sponsorship_api.php' );
+ helper_ensure_post();
+
if ( config_get( 'enable_sponsorship' ) == OFF ) {
trigger_error( ERROR_SPONSORSHIP_NOT_ENABLED, ERROR );
}
Index: mantisbt/adm_config_set.php
===================================================================
--- mantisbt/adm_config_set.php (revision 5131)
+++ mantisbt/adm_config_set.php (revision 5132)
@@ -26,6 +26,7 @@
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
+ helper_ensure_post();
$f_user_id = gpc_get_int( 'user_id' );
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/proj_doc_update.php
===================================================================
--- mantisbt/proj_doc_update.php (revision 5131)
+++ mantisbt/proj_doc_update.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'file_api.php' );
+ helper_ensure_post();
+
# Check if project documentation feature is enabled.
if ( OFF == config_get( 'enable_project_documentation' ) ||
!file_is_uploading_enabled() ||
Index: mantisbt/account_prof_delete.php
===================================================================
--- mantisbt/account_prof_delete.php (revision 5131)
+++ mantisbt/account_prof_delete.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,24 +20,22 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# The specified profile is deleted and the user is redirected to
# account_prof_menu_page.php3
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'profile_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
-?>
-<?php
+
$f_profile_id = gpc_get_int( 'profile_id' );
if ( profile_is_global( $f_profile_id ) ) {
Index: mantisbt/manage_proj_create.php
===================================================================
--- mantisbt/manage_proj_create.php (revision 5131)
+++ mantisbt/manage_proj_create.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'project_hierarchy_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'create_project_threshold' ) );
Index: mantisbt/manage_config_work_threshold_set.php
===================================================================
--- mantisbt/manage_config_work_threshold_set.php (revision 5131)
+++ mantisbt/manage_config_work_threshold_set.php (revision 5132)
@@ -26,6 +26,8 @@
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'email_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$t_redirect_url = 'manage_config_work_threshold_page.php';
Index: mantisbt/bugnote_set_view_state.php
===================================================================
--- mantisbt/bugnote_set_view_state.php (revision 5131)
+++ mantisbt/bugnote_set_view_state.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,19 +20,18 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Set an existing bugnote private or public.
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'bugnote_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_bugnote_id = gpc_get_int( 'bugnote_id' );
$f_private = gpc_get_bool( 'private' );
Index: mantisbt/manage_proj_subproj_delete.php
===================================================================
--- mantisbt/manage_proj_subproj_delete.php (revision 5131)
+++ mantisbt/manage_proj_subproj_delete.php (revision 5132)
@@ -25,6 +25,8 @@
$t_core_path = config_get( 'core_path' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
Index: mantisbt/manage_config_columns_reset.php
===================================================================
--- mantisbt/manage_config_columns_reset.php (revision 5131)
+++ mantisbt/manage_config_columns_reset.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -27,6 +27,8 @@
require_once( $t_core_path . 'config_api.php' );
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
auth_reauthenticate();
Index: mantisbt/set_project.php
===================================================================
--- mantisbt/set_project.php (revision 5131)
+++ mantisbt/set_project.php (revision 5132)
@@ -20,15 +20,15 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
$f_project_id = gpc_get_string( 'project_id' );
$f_make_default = gpc_get_bool ( 'make_default' );
$f_ref = gpc_get_string( 'ref', '' );
Index: mantisbt/account_prof_make_default.php
===================================================================
--- mantisbt/account_prof_make_default.php (revision 5131)
+++ mantisbt/account_prof_make_default.php (revision 5132)
@@ -2,7 +2,7 @@
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito at 300baud.org
-# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev at lists.sourceforge.net
+# Copyright (C) 2002 - 2008 Mantis Team - mantisbt-dev at lists.sourceforge.net
# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,24 +20,22 @@
# --------------------------------------------------------
# $Id$
# --------------------------------------------------------
-?>
-<?php
+
# Make the specified profile the default
# Redirect to account_prof_menu_page.php
-?>
-<?php
+
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+ helper_ensure_post();
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
-?>
-<?php
+
$f_profile_id = gpc_get_int( 'profile_id' );
current_user_set_pref( 'default_profile', $f_profile_id );
Index: mantisbt/manage_proj_ver_copy.php
===================================================================
--- mantisbt/manage_proj_ver_copy.php (revision 5131)
+++ mantisbt/manage_proj_ver_copy.php (revision 5132)
@@ -27,6 +27,8 @@
require_once( $t_core_path.'version_api.php' );
+ helper_ensure_post();
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
More information about the Secure-testing-team
mailing list