General Category > Off Topic

Someone is bypassing permissions on the bug tracker!

(1/8) > >>

TechSY730:
Just as a warning in case you didn't notice, some dude named Buttons840 has been messing around with the supposedly disable priority field. (One example of an effected post is http://www.arcengames.com/mantisbt/view.php?id=824, though there are many others)

I've already created a new mantis issue about this type of attack itself (http://www.arcengames.com/mantisbt/view.php?id=7031)

zespri:
Everyone is at PAX anyway right now. Or has it finished?

eRe4s3r:
Is Mantis coded in PHP?

That answers your question right there.  :o

PHP is not a web development language! (In fact, PHP is terrible, do not ever use it)

x4000:
We keep mantis up to date with security patches. In this case I guess he set a field that was hidden, but which he had access to anyhow. Buttons840 is a good guy from my recollection, so I am not overly concerned on this specific case. It may simply be some sort of browser difference for all I know.

eRe4s3r:
But do you update PHP regularly as well? Well, at least expose_php = off is truly off ;p

Navigation

[0] Message Index

[#] Next page