summarylogtreecommitdiffstats
path: root/CVE-2014-8986.patch
blob: cc820ae3fd2e3172401bcddd66d7f525111c4080 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
diff -rupN mantisbt-1.2.19.orig/adm_config_report.php mantisbt-1.2.19/adm_config_report.php
--- mantisbt-1.2.19.orig/adm_config_report.php	2015-02-17 11:36:02.025998608 +0100
+++ mantisbt-1.2.19/adm_config_report.php	2015-02-17 11:42:22.122773322 +0100
@@ -159,6 +159,16 @@
 		}
 	}
 
+	if( !is_blank( $t_filter_config_value ) && (int)$t_filter_config_value !== META_FILTER_NONE ) {
+		// check that config value exists
+		if( @config_get_global( $t_filter_config_value ) === null ) {
+			$t_cookie_path = config_get( 'cookie_path' );
+			gpc_clear_cookie( $t_cookie_name, $t_cookie_path );
+
+			trigger_error( ERROR_GENERIC, ERROR );
+		}
+	}
+
 	# Get config edit values
 	$t_edit_user_id         = gpc_get_int( 'user_id', $t_filter_user_value == META_FILTER_NONE ? ALL_USERS : $t_filter_user_value );
 	$t_edit_project_id      = gpc_get_int( 'project_id', $t_filter_project_value == META_FILTER_NONE ? ALL_PROJECTS : $t_filter_project_value );