summarylogtreecommitdiffstats
path: root/CVE-2014-8986.patch
diff options
context:
space:
mode:
Diffstat (limited to 'CVE-2014-8986.patch')
-rw-r--r--CVE-2014-8986.patch20
1 files changed, 20 insertions, 0 deletions
diff --git a/CVE-2014-8986.patch b/CVE-2014-8986.patch
new file mode 100644
index 00000000000..cc820ae3fd2
--- /dev/null
+++ b/CVE-2014-8986.patch
@@ -0,0 +1,20 @@
+diff -rupN mantisbt-1.2.19.orig/adm_config_report.php mantisbt-1.2.19/adm_config_report.php
+--- mantisbt-1.2.19.orig/adm_config_report.php 2015-02-17 11:36:02.025998608 +0100
++++ mantisbt-1.2.19/adm_config_report.php 2015-02-17 11:42:22.122773322 +0100
+@@ -159,6 +159,16 @@
+ }
+ }
+
++ if( !is_blank( $t_filter_config_value ) && (int)$t_filter_config_value !== META_FILTER_NONE ) {
++ // check that config value exists
++ if( @config_get_global( $t_filter_config_value ) === null ) {
++ $t_cookie_path = config_get( 'cookie_path' );
++ gpc_clear_cookie( $t_cookie_name, $t_cookie_path );
++
++ trigger_error( ERROR_GENERIC, ERROR );
++ }
++ }
++
+ # Get config edit values
+ $t_edit_user_id = gpc_get_int( 'user_id', $t_filter_user_value == META_FILTER_NONE ? ALL_USERS : $t_filter_user_value );
+ $t_edit_project_id = gpc_get_int( 'project_id', $t_filter_project_value == META_FILTER_NONE ? ALL_PROJECTS : $t_filter_project_value );